Liverpool: 0151 224 0500   |   Manchester: 0161 827 4600   |   Email:   |   Twitter Icon  |  Linkedin Icon

Confidential information

Adrian Fryer

Adrian Fryer

Case law has shown that an employee’s right to privacy is not reduced to zero at work. Article 8 of the European Convention on Human Rights provides that everyone has the right to respect for their private and family life and correspondence. Any breach of that right can result in a misuse of confidential information claim. In Barbulescu v Romania, the employee was dismissed for personal internet use which was banned at work. The employer accessed private emails which the employee had sent to his fiancé and brother as well as his private Yahoo messages from his work computer. The ECtHR said the employee’s right to privacy had been infringed. It is a balance though. In the recent case of Brake v Guy, the Court of Appeal decided that an employer did not breach any privacy rights when accessing an employee’s personal emails.

The employee’s job with the employer had terminated. She was suspected of misconduct. The employer shared what the employee alleged were private and confidential emails, contained in work email accounts, with their lawyers and her trustee in bankruptcy. The employee applied for an injunction to stop the employer using those emails which she said were private and confidential. The employer denied the emails were private. They were contained in a generic business email account to which other staff as well as the employee had access, not the employee’s personal work email account. The employer also said there was a public interest in accessing the emails due to the allegations of serious misconduct against the employee.

The High Court dismissed the employee’s claim for breach of confidence because the employee chose to put her own private emails into the employer’s business email account instead of one of her own private accounts. She did not have a reasonable expectation of privacy and even if she had, it would not have breached this right for the employer to share them with their lawyers in order to get advice.  The employee appealed but the Court of Appeal upheld the High Court decision. The employee had only provided the Court with 2 out of more than 3000 emails she said were private and hadn’t shown why there was a reasonable expectation of privacy. The fact that the account was shared with other employees who did not use it for private emails suggested it was not reasonable for the employee to expect the emails to remain private. The password protection on the account was a security measure to protect the employer rather than the employee. Individual email accounts were set up at the same time as the business email account, inferring that the individual accounts had some reasonable expectation of privacy that the communal account did not. The nature of the employee’s activity was also relevant when considering whether there was a reasonable expectation of privacy. If that activity included unlawful conduct (as was suspected here) that was relevant both to privacy, the duty of confidence and any breaches.

Cases involving privacy at work are legally and factually complex. However this case provides useful guidance to employers about how to protect themselves from litigation. It is a good idea for employers to ensure that employees have their own named email accounts at work even if they control another more generic business account and make it clear that private emails should be sent and received from the named account. Having a clear policy about expectations around privacy and private internet use is a good idea, but it is important to be proportionate. An expectation of zero private use is unlikely to ingratiate you to your employees. It is far better to have a policy which clearly sets out your reasonable expectations, ensuring a good balance between work expectations and private internet use.


Adrian Fryer, Partner & Head of Employment

t: 0151 224 0539