17 August 2020

Using Works Email for Personal Business May Get you Fired! Don’t become a cautionary tale…

A Case Study

You’re busy in work and you need to drop someone a line about a non-work matter.

It’s fine to do that from your work email account, right?

Wrong… In fact, you could find that it’s a very career-limiting thing to do!

Take the case we undertook recently of Mrs Householder, who was organising building works at her home with Mr Builder, her contractor, and Mr Architect.

She worked in a large bank and sent them several emails from her work email account.

As the project progressed, suggestions by the architect caused the costs of the project to increase as the work expanded.

Mr Builder sent Mrs Householder the bill, but she emailed him that she wasn’t going to pay the extra amount because he had sent her an estimate at the start of the project which was £10,000 less.

Mr Builder tried to reason with her, but she was adamant. She was NOT going to pay it.

We were asked by Mr Builder if we could help.

Mr Builder said he would be significantly out of pocket if Mrs Householder didn’t pay in full.

When we looked at the paperwork we realised all the emails had come from Mrs Householder’s work email address.

What did we do?

We lodged a Subject Access Request with the large bank to see what data it held on Mr Builder.

The General Data Protection Regulation (GDPR) gives people the right to ask what information any business or organisation holds on them, how it was gathered and for what purpose, under what legal basis it is held, when it will be destroyed, and whether it has been shared with anyone. This applies to large and small businesses and organisations.

Here’s the interesting part in this story… that includes all emails within the organisation, including Mrs Householder's.

What did the bank do?

The bank received this SAR and passed it to their data controller to gather the information together and reply.

So, Mrs Householder’s employers discovered that she had been conducting her personal business from her work email account.

Her employers also realised that decision was going to cost them in terms of staff hours to investigate the request.

Awkward.

Yet, this wasn’t the worst part of the situation for Mrs Householder.

You would expect the investigation to find the emails Mr Builder had been sent by her.

Mr Builder’s name was also found in emails between her and Mr Architect.

These emails discussed tactics Mrs Householder could use to avoid paying Mr Builder for his work.

Not only did her employers see these emails, and take a dim view of them, the bank realised that under GDPR it had to release those emails to Mr Builder.

Suddenly, Mrs Householder no longer had access to her work email account.

She no longer works at the bank.

What’s the outcome?

Now, Mr Builder has an excellent case against Mrs Householder, should the matter go to court if she doesn’t pay. He also has the evidence to refer Mr Architect to the Architects Registration Board, the governing body for the profession.

All from one simple request for data.

Here’s the biggest irony: If Mrs Householder had used her own personal email account, Mr Builder would have no right to ask for any data or emails. GDPR only covers businesses and organisations, rather than individuals.

Let that be a cautionary tale!

Of course Mr Builder isn't actually a builder and the company wasn't a bank. Mr Architect wasn't an architect either... We have changed the circumstances to save any embarassment.

Do you need expert legal advice on data protection legislation? Please call us on 029 2000 2339 or email contact@iolis-legal.com.

Does your UK business need a mediator or support with data protection and GDPR? Tell us how we can help you.

Call us to start the conversation on 029 2000 2339 or email contact@iolis-legal.com

Contact us
25 September 2020
Five Reasons you should not use WhatsApp in your business
As a business, it is very convenient to use WhatsApp to communicate with your staff and to allow staff teams to communicate with each other. But could this easy and flexible communication tool land you in hot water? In short, the answer is yes, let’s look at some of the…
Read More
31 August 2020
What are the 5 things every employment solicitor needs to know about SARs?
Many employment law cases now begin with a Subject Access Request (SAR). The reason is that it’s a useful way for an employee or former employee to gain information for their case. Dealing with SARs is a specialised field of law for one excellent reason: it’s extremely…
Read More
24 August 2020
How can junior sports teams stay on the right side of the data protection rules?
Helping children follow their passion for sport can be wonderful. Sports teams have a duty of care to their young players or athletes, though, and a legal duty to deal with their data in the correct manner. Here’s our data protection guide for junior sports teams… What…
Read More
17 August 2020
Using Works Email for Personal Business May Get you Fired! Don’t become a cautionary tale…
A Case Study You’re busy in work and you need to drop someone a line about a non-work matter. It’s fine to do that from your work email account, right? Wrong… In fact, you could find that it’s a very career-limiting thing to do! Take the case we undertook recently of Mrs…
Read More
3 August 2020
How should your organisation handle a leak to the media?
Finding out that the media has confidential information about your organisation from a leak can feel devastating. The fall-out can include significant reputational damage and serious legal problems, as one professional sport governing body has recently discovered.…
Read More
20 July 2020
Mediation could be a quicker, less costly solution than an employment tribunal.
As the UK opens up again after the COVID-19 lockdown, many public services will face dealing with substantial backlogs. For the already under pressure employment tribunal system, it’s yet another major problem. The system has been under significant strain since…
Read More
© 2020 IOLIS Ltd. Reg. in England & Wales Num.11968202 For reg. address see contact details | Website designed, hosted, and maintained by Jötnar Systems