HRD investigates what employers can do if they suspect an employee is stealing confidential information
What can an employer do if they suspect an employee is using their work email to steal private information?
The first port of call would be the employer’s email and internet policy, according to Sherridan Cook, partner at Buddle Findlay.
This would normally set out that email is a business tool and that they can be monitored by the employer without the employee’s knowledge at any time, he told HRD.
“Most organisations that have an email and internet policy - or it might be contained in an employee’s employment agreement - would provide for that,” said Cook.
“However, even if they don’t there may be circumstances in which you would be able to check an employee’s emails without their knowledge if telling the employee would defeat the purpose for which the monitoring is occurring.”
For example, if you have reasonable grounds to suspect that an employee is stealing confidential information then you could monitor their emails.
“This is because if you were to advise them what you were doing then they may either delete information or modify the nature of their communications given that they know about it,” said Cook.
“So they would be the circumstances on which you could do it without their knowledge.”
Cook aded that there are privacy considerations though so employers shouldn’t be “delving unnecessarily” into private communications.
“However, if you have some grounds for that then you may be able to do so as well, particularly if they are using a private email address like Gmail then images of that might be on the work computer and you might be wanting to retrieve those by using the services of a forensic computer specialist.”
“If you have reasonable grounds to suspect they are using that private email to breach their employment obligations and are using a work device then you could perhaps monitor them.
“Or at least do a forensic examination once you have got those devices to examine whether there has been anything on there that confirms those breaches.”