Home > Case Studies > Deleted Emails Weren't Actually Deleted: A Case Study

Deleted Emails Weren't Actually Deleted: A Case Study

By: Kevin Watson MSc - Updated: 29 Jan 2020 | comments

Leo Bursleigh is a manager at a finance company. One of his duties is to implement various policies such as guidelines on computer use and emails.

The computer use guidelines worked well for some time. Last year, though, a new employee tested them to the limit. In the process, Leo and the other managers discovered something new about personal emails.

Computer Policy

“We have a computer policy at work, and as a manager I have to enforce it. Basically this means keeping a lid on the use of personal emails by staff.

“My attitude with staff about personal emails is simple. In line with the policy, I let them send and receive them now and again as long as the messages are not offensive or damaging to the company.

New Arrival

“When Jeff joined the company last year, I ran through policies and procedures with him. As part of this, I explained about the use of personal emails. I remember him saying to me at the time that emails wouldn’t be a problem.

“Unfortunately, though, emails were a problem from the very start with Jeff. I couldn’t help but notice when I passed his desk that he was frequently using the email programme, and was sometimes talking in hushed tones on the phone at the same time.

“We don’t need to send a lot of business emails during the course of the day, so I called Jeff to my office and had a chat with him. I asked how things were going, and I mentioned the policy about personal emails once again.

“Jeff said that he understood the policy. He also added that when he sent or received personal emails, he always deleted them.

“At the time, I let the matter lie. We were going through a busy period, and I had plenty of other things to occupy me.

IT Incident

“Anyway, a few weeks later, my boss Jenny called in an IT expert to resolve a system issue. In the process, the expert discovered problems caused by a virus that entered the system via a personal email.

“The first I heard of all this was at a manager’s meeting. The expert outlined his findings: it seemed that about 50% of staff regularly used the office system to send and receive personal emails, thereby putting the system at risk.

“I pointed out that our computer use policy did allow limited use of personal emails. Jenny agreed with this, and the expert went on to explain the measures he’d taken such as setting up new anti-virus software.

“Then Jenny had a surprise for us. Up to this point, the talk had been about emails as a generality. Jenny now began to refer to the actual content.

“The expert told us that although staff might delete sent and received emails, the server’s hard disc retained them. He said it was relatively easy for him to use software to retrieve these messages.

Concern

“I expressed my concern about invading staff privacy. Jenny agreed but she said she had asked the IT expert to print out some staff emails. She then went on to read out some of Jeff’s.

“Within a matter of seconds, it was clear that Jeff was running a part-time business from the office. Some of the managers demanded we sack him on the spot, particularly as he was still in his probationary period at work.

“I advised caution, however. I said we should take the advice of a human resources professional because we didn’t want Jeff turning the matter round by accusing us of privacy invasion.

“Jenny sided with the others. She told me to dismiss Jeff without further ado. Once the meeting finished, I did as asked, and Jeff left.

Employment Tribunal

“This wasn’t the end of the matter, though. Jeff took the company to an employment tribunal. Here he argued that retrieving and reading his deleted emails was an invasion of employee privacy.

“The company’s lawyer replied that Jenny had a right to retrieve and monitor all personal emails. This was because a computer use policy that covered emails was in place. The tribunal, however, said that the policy did not expressly mention the right of the company to monitor personal emails.

“The result was that Jeff won the tribunal, although he didn’t come back to work. By then, he had apparently started running his business full-time.

“The company has yet to make up its mind about any change in the policy on personal emails. It’s currently speaking to a lawyer. Nonetheless, what’s clear to me is that deleted emails aren’t always deleted, and that this doesn’t mean an employer has an automatic right to view them.”

*The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. The new policy expands the rights of individuals to control how their personal data is collected and processed. It places a range of new obligations on organisations to be more accountable for data protection.

Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold.

Business energy with a difference

Looking for better business energy options? Whether it’s advanced monitoring, new connections, or adjusting capacity, our sponsor, Purely Energy can help.

📞 Call 0161 521 3400 or simply send us your details below for a no-obligation chat.

Related Articles in the 'Case Studies' Category...

Share Your Story, Join the Discussion or Seek Advice..

I am involved in a disciplinary issue where the complainant has resurrected text messages from 2016,2017 and 2018 that have foul and abusive language in. They are not directed at the complainant however they are on a company phone. My arguement is that they were part of a 2 way conversation however the complainant she part of that has been withheld. We have proof that messages were sent from the complainant at the time but no detail. We don't believe there can be a fair hearing without both sides of the conversation. Any advice?? I know Under data protection law, data should only be kept as long as is necessary and it should be adequate and relevant. Not sure how this sits with text messages between 2 individuals

Tiger - 29-Jan-20 @ 3:20 PM

Breezy - Your Question:

I was confused about the sick leave policy at work (public sector) and wrote an email to our HR department asking about my sick leave. The policy is complicated and I had inadvertently triggered an abscence warning last year by not understanding the 'rules'. Many people at my work do not understand the policy and have also inadvertently triggered an absence warning. Admittedly my email was poorly worded but it ended up being misinterpreted by HR that I thought I was entitled to sick leave. I didn't hear back from HR until three weeks later, when I received a reply which told me to read the policy and then speak to my line manager if I still didn't understand it. My line manager doesn't fully understand it either.The same day I received my reply from HR, I was about to attend a staff road show, which all staff are required to attend, and where the Leader of the Council and Chief Executive speak about the achievements of the council, council employees and answer any questions that have been sent in. Twenty minutes before I was due to attend, my line manager asked to speak to me and told me he'd been to the road show that morning (they hold several as there are several hundred or a couple of thousand employees). He told me that my email - without my name - had been used to discuss sick leave.I attended the road show and my email was flashed up as example of someone who was clearly trying to 'use' the system: apparently I was already planning my sick leave for the year. People laughed and tutted and I felt belittled and humiliated, even though no one knew I'd sent the email.My line manager and section head have done little to find out what happened, ie how my email was used without my knowledge and certainly without my consent. They have both stressed that I am a well respected employee, considered to be hard working and clearly HR or the people putting together the road show misinterpreted my email.I feel that my confidentiality has been breached, even though my email appeared without my name and I'd like to know if this is the case.I have sent an email to the head of HR requesting a face to face interview and a written apology. I asked that my email be treated confidentially and that HR contact me first and not to contact my line manager or section head without my permission.I feel like there is no one I can trust, that my confidence has been betrayed and that I have suffered personal humiliation unnecessarilyI would appreciate your views on whether or not my employees have:a) breached my confidentiality b) should have at least warned me that my email was going to be used knowing I would attend the road showc) acted in an uncaring manner towards me.Thank you!

Our Response:

You do have some valid points which your HR should address. If the situation cannot be resolved internally, or to your satisfaction, your only option would be to raise a grievance, please see link here. I hope this helps.

EmployeePrivacyRights - 2-Dec-15 @ 11:08 AM

I was confused about the sick leave policy at work (public sector) and wrote an email to our HR department asking about my sick leave.The policy is complicated and I had inadvertently triggered an abscence warning last year by not understanding the 'rules'. Many people at my work do not understand the policy and have also inadvertently triggered an absence warning.Admittedly my email was poorly worded but it ended up being misinterpreted by HR that I thought I was entitled to sick leave.I didn't hear back from HR until three weeks later, when I received a reply which told me to read the policy and then speak to my line manager if I still didn't understand it.My line manager doesn't fully understand it either. The same day I received my reply from HR, I was about to attend a staff road show, which all staff are required to attend, and where the Leader of the Council and Chief Executive speak about the achievements of the council, council employees and answer any questions that have been sent in. Twenty minutes before I was due to attend, my line manager asked to speak to me and told me he'd been to the road show that morning (they hold several as there are several hundred or a couple of thousand employees). He told me that my email - without my name - had been used to discuss sick leave. I attended the road show and my email was flashed up as example of someone who was clearly trying to 'use' the system: apparently I was already planning my sick leave for the year.People laughed and tutted and I felt belittled and humiliated, even though no one knew I'd sent the email. My line manager and section head have done little to find out what happened, ie how my email was used without my knowledge and certainly without my consent.They have both stressed that I am a well respected employee, considered to be hard working and clearly HR or the people putting together the road show misinterpreted my email. I feel that my confidentiality has been breached, even though my email appeared without my name and I'd like to know if this is the case. I have sent an email to the head of HR requesting a face to face interview and a written apology.I asked that my email be treated confidentially and that HR contact me first and not to contact my line manager or section head without my permission. I feel like there is no one I can trust, that my confidence has been betrayed and that I have suffered personal humiliation unnecessarily I would appreciate your views on whether or not my employees have: a) breached my confidentiality b) should have at least warned me that my email was going to be used knowing I would attend the road show c) acted in an uncaring manner towards me. Thank you!

Breezy - 1-Dec-15 @ 3:09 PM

Title:

(never shown)

Firstname:

(never shown)

Surname:

(never shown)

Email:

(never shown)

Nickname:

(shown)

Comment: