[1]
In TechLawNews 1 we presented a Federal Court decision on surveillance at work with spyware. In this newsletter we provide some insight into private emailing at work by means of three use cases:
[2]
Case 1: An employee accesses his/her private email account (e.g. you@gmail.com) on his/her private mobile device during work hours. The employee primarily uses work time for private communication, which might result in a warning (and possibly a dismissal) by the employer. Unlike the telephone, e-mail allows for asynchronous communication. Hence, it might be necessary for an employee to make a phone call during work time, but it is usually reasonable to postpone private emailing to work breaks.
[3]
Case 2: An employee accesses his/her private email account on a corporate device during work hours. Not only is there a loss of productivity (Case 1), but the security risk and workload of the corporate IT system also increase.
[4]
Case 3: An employee uses his/her corporate email account (e.g. you@office.com) on a corporate device for private purposes. Not only are there a loss of productivity (Case 1) and an increased security risk (Case 2), but the employer’s risk of a reputational damage and the employee’s risk of a breach of his/her privacy rights also increase. Using a corporate email account for private purposes may suggest the content is the opinion of the employer, unless e.g. such email is marked «private». Moreover, such private use of the corporate email account begs the question whether the employer may access the private correspondence of the employee.
[5]
[6]
Given this instruction right by the employer, it is advisable to issue a directive on the use of email at work. Such directive can range from permission to prohibition, and serves the legal certainty of both parties. Especially with regard to Case 3, such a directive ensures proper access to the employee’s corporate email account during unplanned absences, e.g. sickness or accident. It should instruct the marking of outbound private emails in the subject line (e.g. «Private:») and also regulate the storage of private emails in a separate private folder on the e-mail server. Such a private folder should be accessible by the employer (e.g. HR or legal department) if there is a reasonable suspicion that corporate information might be stored therein. We also recommend regulating the archiving of all the emails submitted or received on the corporate email account (i.e. also private emails). Archiving of business correspondence is required by law5 and justified by an overriding private interest6, even for unmarked private emails.
Daniel Ronzani