The boundaries between work and personal life have become increasingly blurred.
So it's unsurprising that employees often use work email addresses to send personal emails. On the one hand, employees may have a reasonable expectation of privacy in private emails sent from their work email address even where a business bans using a work email address for private purposes. However, how does this expectation fit in with the rights of an employer?
This point was most recently explored in the case of Brake & Anor v Guy & Ors [2022] EWCA Civ 235.
FACTUAL BACKGROUND
As part of an ongoing claim relating to the ownership of a farm which was acquired by the Respondents after the Claimants became bankrupt, one of the Respondents disclosed to their lawyer (to be used in related proceedings against one of the Claimants as evidence to show that the Claimant had hidden some assets) emails which the Claimant had sent via a general enquiries work email account. This work email address had been used despite the Claimant already having a separate personal email address which could have been used as an alternative.
The Claimant’s claim was for a final injunction and damages for misuse of private information and breach of confidence. This claim was denied with it being argued that there was a public interest in accessing, retaining and sharing the emails because of the serious nature of the allegations of misconduct.
The Claimant failed to prove either claim, both at first instance and on appeal (more recently to the Court of Appeal), but this case did flag some key points which will be helpful for employers to note.
(1) MISUSE OF PRIVATE INFORMATION
- Everyone has the right to respect for their private and family life, home and correspondence (Article 8, Human Rights Act 1998). Where there is a breach of this right, a person can bring a claim for misuse of private information.
- The burden of proof is on the employee to prove that there was a reasonable expectation of privacy in the correspondence. If this is proven, then the court will consider whether interference with the right is justified.
- The test for whether there is a reasonable expectation of privacy is what a reasonable person of ordinary sensibilities would feel if they were placed in the same position as the Claimant and faced with the same publicity.
(2) BREACH OF CONFIDENCE
- A breach of confidence claim covers information that is sensitive or secret, but not necessarily of a personal nature.
- The information must have been imparted in circumstances importing an obligation of confidence and there must have been an unauthorised use of that information to the detriment of the party communicating it.
In this case, the Judge was not satisfied that the legal tests had been met.
KEY TAKE AWAY POINTS…
- Whether or not the employee has a reasonable expectation of privacy when sending personal emails from a work account (even when there is a company-wide ban on this) will depend upon the facts. In this case, (a) the Claimant had used a generic email address to which two other people had access, (b) the Claimant's personal emails were not marked as being private, (c) the extent to which the email account was password protected, the Claimant held the password as an employee of the business, (d) the Claimant was alleging that over 3,000 emails were private but only produced two of these as evidence to demonstrate the point – an argument which the Judge was not prepared accept.
- As a general starting point information relating to a person's health, finances and personal correspondence will give rise to a reasonable expectation of privacy (although there is no legal presumption to this effect); but things like involvement in criminal activity will not.
- The burden of proof is on the Claimant to demonstrate that they had a reasonable expectation of privacy. The failure to do so in this case was fatal as the Claimant had failed to discharge the burden.
- It is also of interest that the Court of Appeal commented that misconduct is relevant to the question of whether the Claimant has a reasonable expectation to privacy.
Practically, we recommend that employers have in place appropriate IT and/or IT usage policies. These should expressly state that employees are not to use their work email address or work equipment for personal matters, and that all emails sent from an employee's work email address are the property of the employer. Employers should also ensure that there is sufficient training in place so that employees know of the policies and terms applicable to them.
Addleshaw Goddard is recognised as the market-leading Business Protection Practice. Our team’s work focuses on advising organisations on team moves and helping employers to manage the risks stemming from employees, directors, shareholders and third parties who pose a threat to their legitimate interests, by taking action to enforce the employer’s rights and protect confidential information ranging from securing undertakings or obtaining injunctive relief, to pursuing claims for damages/loss of profits.
For further information about our Business Protection Practice please contact our team: