What can employer's learn from Suella Braverman's recent antics?

What can employer's learn from Suella Braverman's recent antics?

Released On 17th Nov 2022

This week the Employment Team at Porter Dodson has been discussing Suella Braverman’s controversial reappointment as Home Secretary. This took place a mere 6 days after she was forced to resign after admitting that on 6 occasions, she had forwarded official documents from her government email account to her personal email account. it then appears that she used that personal email account for government purposes.

To those of us who do not have our heads up in the iCloud, it is quite surprising that a person who holds one of the four ‘Great Offices of State’, considered such actions appropriate; indeed, some may say that it would take a Braverman to conduct themselves in such a manner. In turn, it has caused us to ponder just how many employees are using their personal email accounts to conduct employer related business; not least as more and more people are working remotely and the lines between home and work have become blurred.

On a more sinister note, a quick Google search has suggested that just under half of employees have admitted to taking company data with them before leaving their employment and yes, you’ve guessed it, the most common way of doing this was by using email.

So, what’s the problem for employers? Well, there are several. These include possible:

• Loss of intellectual property, confidential and/or business sensitive information;

• Breach of the employer’s commercial contracts and/or non-disclosure agreements;

• Loss of control/inability to keep an audit trail - employers will not be able to easily and accurately keep track of what is being sent/received, and will likely face difficulty in trying to access the information that is contained within those personal emails;

• Difficulties in complying with data subject access requests - employers will not know what data is contained in the personal emails, to whom they have been sent and how long the data will be kept by the sender and recipient(s); and

• Breach of data protection laws with the associated risk of hefty fines/penalties being imposed by the Information Commissioner’s Office;

Ultimately, the employer risks being on the receiving end of litigation, damaging its reputation, losing customer/third party trust and losing contracts/revenue.

All of the above can leave employers hitting their heads against a (fire)wall, feeling hacked off, and having no choice but to step into the (data)breach when finding themselves having to defend fines/criticism from the Information Commissioner’s Office as well as possible litigation.

Our advice:

1. Have clear policies in place that cover data protection, including data security, use of IT, email and other communications systems and importantly, make it clear to your employees that using personal email for work purposes is strictly prohibited;

2. Get into the (algo)rhythm of reviewing and updating your policies on a regular basis, so you can ensure they are up to date with relevant laws and remain relevant to your business and specific data/IT related risks;

3. Provide regular training on your policies to your employees, including educating employees so that they understand not just their obligations, but also the fact that failing to comply could result in disciplinary action up to and including immediate dismissal;

4. Ensure employees know to whom they can report data related breaches, concerns, and/or queries, how, and the timescales for reporting;

5. Use IT systems and software that

  •  help employees work remotely in a proper and lawful manner, thus mitigating the need for employees to use their personal email to access work related information outside of work e.g. using VPNs and secure file storage solutions; and
  •  can assist with detecting and preventing the improper use of work email and IT/systems.

As always, if you need any help with implementing the above, perhaps you feel it is not your domain, then please do not hesitate to email a member of our Employment team (please just make sure you use your work email account)!