Hancock exposé | Can you sack employees over using personal emails for work?

Can you sack employees over using personal emails for work?

Matt Hancock – the now former Health Secretary – resigned from his position last month following the news that he broke social distancing rules and after an alleged affair with his aide Gina Coladangelo was exposed.

Other allegations unearthed, including by The Sunday Times, included claims that Hancock used a personal email account for Government work, which was said to include deals involving track and trace and PPE.

While the rules differ from workplace to workplace, these allegations shine a light on employee conduct and the use of personal emails in the workplace.

For employers and HR, there will also be follow-on questions about whether using personal emails for work is a sackable offence, and whether employers should have subsequent policies in place.

Is it a sackable offence?

Karen Holden, CEO of A City Law Firm, told HR Grapevine that what a worker can and can’t do in work hours, or regarding the use of equipment, should be clearly communicated in a staff handbook or employment contract.

She explained: “Specific policies about using your own devices, personal use and the likes will often consider cybersecurity, data protection and ensure it is not being used for unfavourable behaviour.

“Otherwise, it’s going to come down to the behaviour surmounting to gross misconduct, such as sending harassing emails or causing an accident due to distraction, which can lead to a fair dismissal.

“If, however, there is no specific policy or complaint, a verbal warning may be sufficient. If they persist a written warning or disciplinary action could then be forthcoming,” Holden added.

Should employers have policies in place?

A follow-on question for HR will be around whether employers should have policies in place to prevent personal email accounts being used to transfer work-related information.

Holden said that employers should “definitely ensure they have written policies and training for staff use of company data”.

She explained: “The Data Protection Act 2018 is extremely strict about transferring personal data belonging to clients or staff to personal devices especially if insecure or overseas.

“The loss or misuse of data can be serious for any business and could lead to ICO complaints or even penalty. As such, how an employee processes or shares data is key, especially transferring this to personal devices or insecure email accounts and doing this should be specified to be a disciplinary or gross misconduct.”

The legal expert went on to highlight an additional concern for employers around the fact that staff could retain confidential information placing the organisation at risk. Alternatively, Holden noted that post-termination, this information could be misused by a staff member.

Holden continued: “Then you also have the concern of where a client, for example, wants to have their data destroyed or as per company policy, the period of consent has lapsed this would be impossible if staff held this data on their own devices as well as that of the company, without consent or a form of tracking this.

“This use and policies governing use and access should be clearly set out, incorporated into employment contracts and training provided,” the legal expert concluded.

Have you enjoyed this piece?

Subscribe now to myGrapevine+ and get access to exclusive new content, and the full content archive.

Be the first to comment.

You are currently previewing this article.

This is the last preview available to you for the next 30 days.

To access more news, features, columns and opinions every day, create a free myGrapevine account.