I have been asked to provide unlimited and permanent access to a former employees emails by his manager. This is to review any prior client conversations. I suggested other ways to access this information such as key word email searches but this was rejected.
Our employee policy states there is no expectation of privacy however in the past I viewed this as for corruption and security purposes.
Does anyone have any thoughts or experience they can share.
Access to emails
Share
RPost
RMail email encryption makes it easy to encrypt sensitive email messages and attachments for security or regulatory compliance. For more information: https://rmail.com/product/rmail/email-encryption
Smurf333
I am in agreement with CRodica’s views that the unlimited and permanent access is excessive. With the use of eDiscovery tools the relevant subset of client related emails could have easily been provided to the manager. I would also question does the manager have a legitimate interest in processing the excessive information (that involving non-client data) after the employee has left the company? Is the processing covered by your Privacy Notice and reflected in your ROPA? From a data retention perspective it raises questions about valuable client data resting in personal email boxes, surely the information should be in a central repository or CRM system? Whilst local policy advises that there is no expectation of privacy, consideration in providing such wide ranging access may have implications in respect of the Human Rights Act and Article 8. I hope that the above is helpful.
Petra
I think it is common practice to allow excess to the manager for a certain time period. We often also share inboxes willingly if we e.g. go on holiday. If there is some client information that assists in managing the customer relationship it might be in the company’s interest. If you think you can rely on your policies and maybe a legitimate interest? Maybe going forward the expectation to the managers should be to ensure they have all this before the employee left, a good handover. THere should be no repercussion to the former employee for sure.
CRodica
You can see some case law on monitoring employees’ correspondence here https://www.echr.coe.int/Documents/FS_Workplace_surveillance_ENG.pdf
Basically, the interference should be necessary and proportionate to the purpose, hence the unlimited access is unlikely to meet these requirements
Andrea
There have been some recent cases in Europe on the topic of access to former employees email accounts which may provide some insight on regulatory expectations. Try searching https://gdprhub.eu/index.php?title=Welcome_to_GDPRhub.