Following this summer’s press interest in the allegations facing former Cardiff City boss Malkay Mackay, who was reported to have sent potentially discriminatory texts on his personal mobile phone about others in the football profession, we examine the right an employer has to monitor and take action on the basis of an employee’s personal messages sent on company mobile phones.
With employers ever keen to provide clients with a round the clock service, it is now common for employees to be issued with company mobile phones. In return, employers are increasingly permitting employees reasonable personal usage to encourage them to check the phone on a regular basis. This includes use for calls, texts, internet access, photos and downloading apps. This can result in the company mobile phone storing a significant amount of personal data, a lot of which the employee would not want their employer to see.
Is the personal use of a company mobile phone indeed personal and private to the employee? Can the employer monitor its use and take action if it discovers any potential breaches? The following legal concepts must be considered in answering these questions:
- The right to privacy under the Human Rights Act 1998.
- The obligation on employers not, without reasonable or proper cause, to act in a way that is calculated or likely to destroy or severely damage the mutual trust and confidence between employer and employee.
- The right not to be discriminated against on a protected ground, e.g. race or age. Such allegations can be avoided if employees are treated consistently.
- The obligation on employers to process data in accordance with the principles of the Data Protection Act 1998.
- The Regulation of Investigatory Powers Act 2000 which prevents the interception of personal messages by the employer without consent.
The key overriding question from the legislation is whether or not the employees have a reasonable expectation of privacy.
In the recent case of Atkinson v Community Gateway Association, the Employment Appeal Tribunal (EAT) held that an employee had no expectation of privacy in respect of private emails (not marked as private) sent from his work email account to a lover, who was also a job applicant, that were of a sexually overt nature. These emails were discovered as part of a wider investigation into other allegations for inappropriate conduct. A key factor influencing the EAT was the fact that the employer had a clear policy regarding the use of the email system which stated that “Email Communications, in general, cannot be guaranteed to be private / confidential and should not be treated as such.”
The question is whether employees have a greater expectation of privacy when using a company mobile phone? Arguably yes, so if this is not the case employers should ensure they have a robust and clear mobile phone policy in place and that this is communicated to employees. Ideally employees would sign to confirm their consent to their employer’s policy on monitoring and use when they receive the mobile phone.
How far can you go?
It is however not enough just to have a clear policy in place, the employer must ensure that their policy is not too far reaching. Personal data should be monitored by the employer only if there is a legitimate purpose for doing so and the method of monitoring should be proportionate to the purpose. The Employment Practices Code issued by the Information Commissioner publishes more detailed guidance which includes the recommendation of an impact assessment before any monitoring and suggests that only a limited number of trained staff should have access to the discovered data.
Employers should think carefully about the interests they are actually seeking to protect through controlling use of the company mobile phone. Although it is not been tested yet, the Tribunals may well find there is a higher threshold for employers to satisfy before being able to review and rely on messages on a mobile phone as opposed to emails sent on the company’s system. This is on the basis that it could be argued that emails sent from a business address have a greater ability to damage reputation and to be read by a wider audience whether by being forwarded as part of a chain or being seen on the screen in an open-plan workplace. That is not to say that damage from misuse of a company mobile phone is not possible. However, it would seem disproportionate in most instances to be able to monitor the content of text messages, even just with spot checks, unless there is a serious interest to protect that is not possible to safeguard through other methods. As a minimum an employer is likely to want to reserve the right to review personal messages where there is reason to suspect that there has been a breach of an obligation by the employee.
A question that quite often comes up is whether employers can discipline employees for a breach of their policies where inappropriate content on a mobile phone (such as in the Malkay Mackay case) only comes to light by accident or through some unrelated investigations. The answer to this question will usually be yes. Where there is a genuine evidence of misconduct, Tribunals are going to be reluctant to criticise an employer for commencing disciplinary investigations. However, if an employer has been “fishing” for evidence without real reason for suspecting wrongdoing then this may leave the employer open to discrimination or breach of trust and confidence claims. Also, if evidence has been obtained through unlawful means the Courts will question how much weight to give to it and there may be cost implications.
In summary, as with all other policies involving staff use of technology, businesses need to consider what their rules are and why and then ensure that these are clearly documented and communicated. If you would like us to review or update your policies then please let us know.
By Laura Conway