17 August 2020

Using Works Email for Personal Business May Get you Fired! Don’t become a cautionary tale…

A Case Study

You’re busy in work and you need to drop someone a line about a non-work matter.

It’s fine to do that from your work email account, right?

Wrong… In fact, you could find that it’s a very career-limiting thing to do!

Take the case we undertook recently of Mrs Householder, who was organising building works at her home with Mr Builder, her contractor, and Mr Architect.

She worked in a large bank and sent them several emails from her work email account.

As the project progressed, suggestions by the architect caused the costs of the project to increase as the work expanded.

Mr Builder sent Mrs Householder the bill, but she emailed him that she wasn’t going to pay the extra amount because he had sent her an estimate at the start of the project which was £10,000 less.

Mr Builder tried to reason with her, but she was adamant. She was NOT going to pay it.

We were asked by Mr Builder if we could help.

Mr Builder said he would be significantly out of pocket if Mrs Householder didn’t pay in full.

When we looked at the paperwork we realised all the emails had come from Mrs Householder’s work email address.

What did we do?

We lodged a Subject Access Request with the large bank to see what data it held on Mr Builder.

The General Data Protection Regulation (GDPR) gives people the right to ask what information any business or organisation holds on them, how it was gathered and for what purpose, under what legal basis it is held, when it will be destroyed, and whether it has been shared with anyone. This applies to large and small businesses and organisations.

Here’s the interesting part in this story… that includes all emails within the organisation, including Mrs Householder's.

What did the bank do?

The bank received this SAR and passed it to their data controller to gather the information together and reply.

So, Mrs Householder’s employers discovered that she had been conducting her personal business from her work email account.

Her employers also realised that decision was going to cost them in terms of staff hours to investigate the request.

Awkward.

Yet, this wasn’t the worst part of the situation for Mrs Householder.

You would expect the investigation to find the emails Mr Builder had been sent by her.

Mr Builder’s name was also found in emails between her and Mr Architect.

These emails discussed tactics Mrs Householder could use to avoid paying Mr Builder for his work.

Not only did her employers see these emails, and take a dim view of them, the bank realised that under GDPR it had to release those emails to Mr Builder.

Suddenly, Mrs Householder no longer had access to her work email account.

She no longer works at the bank.

What’s the outcome?

Now, Mr Builder has an excellent case against Mrs Householder, should the matter go to court if she doesn’t pay. He also has the evidence to refer Mr Architect to the Architects Registration Board, the governing body for the profession.

All from one simple request for data.

Here’s the biggest irony: If Mrs Householder had used her own personal email account, Mr Builder would have no right to ask for any data or emails. GDPR only covers businesses and organisations, rather than individuals.

Let that be a cautionary tale!

Of course Mr Builder isn't actually a builder and the company wasn't a bank. Mr Architect wasn't an architect either... We have changed the circumstances to save any embarassment.

Do you need expert legal advice on data protection legislation? Please call us on 029 2000 2339 or email contact@iolis-legal.com.

Recent Posts

5 Things to Remember When Meeting Over Video

As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown. There has been a lot of media coverage on […]

Read more
Will monitoring your home-working staff land your business in hot water?

Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits of remote working for their employees. Others had been wary of it and had […]

Read more
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...

I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version of the Monster Mash this Halloween! There are […]

Read more
How could the right to be forgotten affect your amateur rugby or football club?

The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among the new rights it introduced was the right for individuals to ask to have their personal data […]

Read more
What are the 4 common data protection mistakes which could cost your business dearly?

Every business has a duty of care for the personal data of its customers, suppliers, and staff. The law enshrines it in the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the PECR, and any data breach must be reported to the relevant authorities, generally within 72 hours. In the UK, that’s […]

Read more

Does your UK business need a mediator or support with data protection and GDPR? Tell us how we can help you.

Call us to start the conversation on 029 2000 2339 or email contact@iolis-legal.com

Contact us
9 November 2020
5 Things to Remember When Meeting Over Video
As industry and commerce gets used to the ‘new normal’, the use of video conferencing facilities and software is becoming widespread. It is a useful tool and has undeniably been a major factor in bringing teams back together in a virtual way during the pandemic lockdown.…
Read More
25 October 2020
Will monitoring your home-working staff land your business in hot water?
Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits…
Read More
25 October 2020
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...
I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version…
Read More
20 October 2020
How could the right to be forgotten affect your amateur rugby or football club?
The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among…
Read More
13 October 2020
What are the 4 common data protection mistakes which could cost your business dearly?
Every business has a duty of care for the personal data of its customers, suppliers, and staff. The law enshrines it in the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the PECR, and any data breach must be reported to the relevant authorities,…
Read More
25 September 2020
Five Reasons you should not use WhatsApp in your business
As a business, it is very convenient to use WhatsApp to communicate with your staff and to allow staff teams to communicate with each other. But could this easy and flexible communication tool land you in hot water? In short, the answer is yes, let’s look at some of the…
Read More
© 2020 IOLIS Ltd. Reg. in England & Wales Num.11968202 For reg. address see contact details | Website designed, hosted, and maintained by Jötnar Systems