ICAEW.com works better with JavaScript enabled.

New practice: Employers may need access to employees’ private phones, email, social media accounts, etc to satisfy data protection obligations

Author: Atom Content Marketing

Published: 01 Jun 2021

Employers whose employees are allowed to use their own phones, computers or tablets, private email accounts and messaging services, or personal accounts on social or business media such as Twitter, LinkedIn, WhatsApp or Instagram for work purposes should ensure they are able to require their employees to give them access to personal data held on those phones, accounts etc where this is required to comply with data protection laws.

Data protection laws require organisations served with a ‘data subject access request’ to reveal personal data they hold on an individual. Organisations are required to carry out a ‘reasonable and proportionate’ search for such data.

Guidance issued by the Information Commissioner’s Office (the independent body charged with upholding individuals’ data privacy rights) indicates that, if an organisation has authorised employees to hold such data on their personal devices, in their private email or social accounts, etc and has good reason to believe they are holding such data, then it may be reasonable and proportionate to search such devices, accounts, etc for relevant personal data.

The same may apply to those providing services to the company, but who are not employees, such as non-executive directors.

Operative date

  • Now

Recommendation

  • Employers should consider a work policy stating whether employees can use personal devices, accounts, etc for work purposes and, if they can, setting out when and how employees must make personal data on these available to their employer, how the process of doing so is recorded, and the penalties if they refuse.
  • Employers should also consider setting up dedicated business email accounts for non-employees involved with the company, such as non-executive directors, who may have access to personal data because of their role but would not otherwise have a ‘work’ email at the organisation.
Disclaimer

This article from Atom Content Marketing is for general guidance only, for businesses in the United Kingdom governed by the laws of England. Atom Content Marketing, expert contributors and ICAEW (as distributor) disclaim all liability for any errors or omissions.

Copyright © Atom Content Marketing
Looking for cases or legislation?

If you need the transcript of a case or UK and EU legislation, ask the Library & Information Service. Contact us for expert help with your law enquiries and research.

ICAEW Business Advice Service

Grow your business with trusted business advice. We connect entrepreneurs, start-ups, and SMEs with ICAEW regulated accountancy firms who will provide a free initial consultation without obligation.

Two people looking at a computer screen together smiling, one of them pointing at something on it