Personal Email – An Employers' Dilemma
Q: A senior member of staff died in an accident recently and I am uncertain as to how to deal with his emails. He has several personal folders and thousands of emails relating to out of office matters. What should we do?
A: First of all it is good practice for businesses to have an email usage policy
in place which implements proportionate monitoring of employee emails. If you have such a policy then the now deceased staff member would have been informed that his emails might be monitored and signed a consent form
Access to his emails should be restricted to a limited number of staff
- all of whom must have signed confidentiality and security agreements. Responsibility for the emails should then be allocated to a specific individual or two at the most, whose task it will be to review them.
Some emails might need to be retained, for example in order to comply with health and safety obligations. Where that is the case these emails should be held securely for as long as they serve their purpose and then deleted.
It is important to make sure that the information is disposed of securely
. That means not simply pressing ‘delete’ but having it professionally removed from all storage devices it has been saved on including, for example, a company Blackberry or laptop.
The emails that contain purely personal information should be destroyed
although it would be sensible to consult his next of kin
before doing so.
Although this is a rare dilemma you should consider amending existing email policies so that a specific member of staff has specific responsibility for confidentially and securely retaining all employee information after their employment is terminated. It will then be their job to irretrievably delete it after a specified period of time.