< Back

Share |

Employee emails and the workplace: practical tips for employers

July 2013

In the UK

As we reported in April, employers can track the performance of their employees by implementing clear and open monitoring systems. In this article, we discuss the wider tools open to employers seeking to manage internal and external employee interaction within the workplace proactively to ensure that their business interests are protected against unacceptable use of communication systems.

StepsThe initial step for any employer is to implement a policy dealing with the acceptable use of workplace email. This should cover both private and work related correspondence and aim to provide broad guidelines which take the needs of the wider business into account. The explosion in the use of personal devices means that any policy should also cover emails sent from mobile devices as well as the traditional office desktop.

The policy should include:

  • a clear statement of an employee’s accountability in terms of their workplace communications;
  • clear examples of unacceptable use (such as sending emails containing obscene, racist, sexist, or defamatory content);
  • a statement making it plain that any breach of the employer’s policy may result in disciplinary action including dismissal; and
  • an unambiguous explanation of when, how and why workplace emails will be monitored.

Any policy implemented by an employer should be openly communicated to staff in order to ensure that employees are aware of what’s expected of them, as well as the potential consequences of any breach. Practically, a written version of the policy should be included in the staff handbook and brought to the attention of new employees as part of their induction process. Ideally, all employees should explicitly consent to the terms of the policy by signing a statement making it clear that they have read and understood the acceptable use policy and will abide by its terms.

Employers should be alive to any changes that may be required to be made to the policy (especially in this rapidly evolving area) and ought to communicate any updates to employees and provide regular training on the acceptable use guidelines and their practical effect.

At the same time as implementing an acceptable use policy, employers should, as a matter of best practice, consider devising:

  • a risk management policy which comprehensively sets out any email retention/deletion rules to be applied, any policy relating to the use and misuse of employee passwords and whether any monitoring and filtering software is to be utilised (and if so, how);
  • a computer security policy identifying any procedures and tools to be followed or used in the prevention of any hacking or interference with an employer’s system or data;
  • a clear strategy in terms of any software to be used to monitor and filter employee email traffic and internet usage;
  • a portfolio of robust insurance protection to mitigate risks associated with email misuse or communication system failure / weakness.

Box with tickAny 'acceptable use' policy should be accompanied by an unequivocal statement which covers the circumstances in which the employer will monitor an employee’s use of email systems. Our previous article clarified the legislative framework surrounding workplace email monitoring. 

Suffice it to say that the benefits of putting in place a robust email monitoring procedure are clear. Not only does it ensure the security of any IT infrastructure by prohibiting certain activities and potentially recognising the source of security breaches, it also serves as a deterrent to employees wasting company time (for example, using private email accounts). They also unquestionably serve a valuable purpose by setting out do’s and don’ts in relation to the communication of confidential or commercially sensitive information and the consequences of failing to adhere to company regulations.

In terms of enforcement, managers need to be aware of their responsibilities. Making sure that employees understand and adhere to the rules will be critical. With regard to the practicalities, employers should also be extremely careful not to cross legal boundaries when monitoring emails in the workplace.

Essentially, employers need to remember that monitoring shouldn’t unnecessarily intrude on an employee’s privacy and should be proportionate. It is also key that employees are made aware of any monitoring and the purpose it is serving; any overtly personal email correspondence shouldn’t be opened.

The need to regulate email use is ever increasing. What constitutes ‘acceptable’ usage in an era of mobile devices and online social interaction in the workplace is a key area for employers to consider. The smart employer will implement robust policies and procedures capable of evolving quickly with ever changing boundaries.

In Germany

The use of company email by employees raises issues in terms of employment law as well as privacy rights.  Under German employment law, the scope of the allowed use of email services Person on laptopprovided by the employer for private purposes and the consequences of the employee exceeding that scope, are key issues for the employer which need to be carefully thought out.  If the employer has permitted the use of emails for private purposes, he may be precluded from scanning employee communications which are not stored locally, making monitoring compliance almost impossible.

Employers are free to forbid or allow private use by employees of the company’s email services. A violation of the employer policy can give grounds for termination for cause of the employment relationship. The term “private use” is not a clearly defined legal term. Courts have had to consider the facts of individual cases when deciding whether or not employees have been in breach of such policies. In most cases, the employees had obviously violated the employer’s instructions not to use email services for any other purpose than strictly business reasons, but there is still a grey area.  Is an employee emailing another employee to arrange a social event private or company use? There have been several attempts to distinguish private from business use, but the distinction is still insufficiently clear. It is left up to employers to tell their employees whether and to what extent, private use is allowed in the company and to be as precise as possible.

Permitting even limited private use of company email may cause severe problems under privacy law and even criminal law. If the employer allows private emails, most courts in Germany will consider the employer as providing telecommunications services and, in turn, apply the rules of the Telecommunication Act. These include very strict requirements with respect to secrecy of telecommunication processes. The employer will, in the worst case scenario, be unable to scan inboxes of employees for compliance risks. In addition, in cases of illness or absence, the Scanning radar deviceemployer is theoretically not even allowed to access the inbox to read important business emails. Several attempts to clarify this issue have failed and the German legislator decided not to touch on it during last year's reform of the Telecommunications Act.  Courts are still struggling with this issue.  Until they resolve it, employers will have to draft clear policies and implement them in line with legal requirements.

If you have any questions on this article or would like to propose a subject to be addressed by the Global Data Hub please contact us.

Envolope with at sign
Ben Bradburn

Ben Bradburn      

Laura Piper

Laura Piper      






David Klein

David Klein      





Ben, Laura and David consider the ways in which employers can best protect themselves against misuse of communication systems.

"What constitutes ‘acceptable’ usage in an era of mobile devices and online social interaction in the workplace is a key area for employers to consider."