IOLIS Legal Services

17 August 2020

Using Works Email for Personal Business May Get you Fired! Don’t become a cautionary tale…

A Case Study

You’re busy in work and you need to drop someone a line about a non-work matter.

It’s fine to do that from your work email account, right?

Wrong… In fact, you could find that it’s a very career-limiting thing to do!

Take the case we undertook recently of Mrs Householder, who was organising building works at her home with Mr Builder, her contractor, and Mr Architect.

She worked in a large bank and sent them several emails from her work email account.

As the project progressed, suggestions by the architect caused the costs of the project to increase as the work expanded.

Mr Builder sent Mrs Householder the bill, but she emailed him that she wasn’t going to pay the extra amount because he had sent her an estimate at the start of the project which was £10,000 less.

Mr Builder tried to reason with her, but she was adamant. She was NOT going to pay it.

We were asked by Mr Builder if we could help.

Mr Builder said he would be significantly out of pocket if Mrs Householder didn’t pay in full.

When we looked at the paperwork we realised all the emails had come from Mrs Householder’s work email address.

What did we do?

We lodged a Subject Access Request with the large bank to see what data it held on Mr Builder.

The General Data Protection Regulation (GDPR) gives people the right to ask what information any business or organisation holds on them, how it was gathered and for what purpose, under what legal basis it is held, when it will be destroyed, and whether it has been shared with anyone. This applies to large and small businesses and organisations.

Here’s the interesting part in this story… that includes all emails within the organisation, including Mrs Householder's.

What did the bank do?

The bank received this SAR and passed it to their data controller to gather the information together and reply.

So, Mrs Householder’s employers discovered that she had been conducting her personal business from her work email account.

Her employers also realised that decision was going to cost them in terms of staff hours to investigate the request.

Awkward.

Yet, this wasn’t the worst part of the situation for Mrs Householder.

You would expect the investigation to find the emails Mr Builder had been sent by her.

Mr Builder’s name was also found in emails between her and Mr Architect.

These emails discussed tactics Mrs Householder could use to avoid paying Mr Builder for his work.

Not only did her employers see these emails, and take a dim view of them, the bank realised that under GDPR it had to release those emails to Mr Builder.

Suddenly, Mrs Householder no longer had access to her work email account.

She no longer works at the bank.

What’s the outcome?

Now, Mr Builder has an excellent case against Mrs Householder, should the matter go to court if she doesn’t pay. He also has the evidence to refer Mr Architect to the Architects Registration Board, the governing body for the profession.

All from one simple request for data.

Here’s the biggest irony: If Mrs Householder had used her own personal email account, Mr Builder would have no right to ask for any data or emails. GDPR only covers businesses and organisations, rather than individuals.

Let that be a cautionary tale!

Of course Mr Builder isn't actually a builder and the company wasn't a bank. Mr Architect wasn't an architect either... We have changed the circumstances to save any embarassment.

Do you need expert legal advice on data protection legislation? Please call us on 029 2000 2339 or email contact@iolis-legal.com.

Recent Posts

Why you should use an independent person to conduct a workplace investigation

There exists in an employment contract an implied obligation to not act in a manner likely to destroy or seriously damage the relationship of confidence and trust without reasonable and proper cause. This relationship can become imperilled when an allegation has been made against an employee and this needs to be investigated. In a recent […]

Read more
Why will every toy seller in the UK soon need to up their game about data protection?

These days, internet-connected toys are in huge demand. Children want internet-connected toys such as Mario Kart Live: Home Circuit which allows you to take the online game and recreate it in your own home, setting up circuits and controlling the players via the Nintendo Switch. Or they might ask for Artie 3000, a drawing robot […]

Read more
5 Things to Remember When Meeting Over Video

As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown. There has been a lot of media coverage on […]

Read more
Will monitoring your home-working staff land your business in hot water?

Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits of remote working for their employees. Others had been wary of it and had […]

Read more
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...

I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version of the Monster Mash this Halloween! There are […]

Read more

Does your UK business need support? Tell us how we can help you.

Call us to start the conversation on 029 2000 2339 or email contact@iolis-legal.com

Contact us
6 October 2021
Why you should use an independent person to conduct a workplace investigation
There exists in an employment contract an implied obligation to not act in a manner likely to destroy or seriously damage the relationship of confidence and trust without reasonable and proper cause. This relationship can become imperilled when an allegation has…
Read More
26 January 2021
Why will every toy seller in the UK soon need to up their game about data protection?
These days, internet-connected toys are in huge demand. Children want internet-connected toys such as Mario Kart Live: Home Circuit which allows you to take the online game and recreate it in your own home, setting up circuits and controlling the players via the…
Read More
9 November 2020
5 Things to Remember When Meeting Over Video
As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown.…
Read More
25 October 2020
Will monitoring your home-working staff land your business in hot water?
Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits…
Read More
25 October 2020
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...
I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version…
Read More
20 October 2020
How could the right to be forgotten affect your amateur rugby or football club?
The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among…
Read More
IOLIS Legal Services is a trading style of IOLIS Ltd. Regd in England & Wales. Company Number 11968202. Regd office: International, House, 10 Churchill Way, Cardiff CF10 2HE. Total paid up share capital £10.
© 2020 IOLIS Ltd. | Website designed, hosted, and maintained by Jötnar Systems