Mr and Mrs Brake (claimants) are a husband and wife team who ran a holiday lettings business. They were declared bankrupt in 2015. The farm from which they operated the business was sold first to one of Dr Guy's companies, and later transferred to another. All three parties were named as defendants in the claim (defendants).
During her employment, Mrs Brake set up new business email addresses, including two in the claimants' names and an enquiries account, which she also used for personal emails. In 2018 relations broke down between the Brakes and Dr Guy. The Brakes were dismissed from their positions. The defendants subsequently discovered what they alleged was evidence of wrongdoing by Mrs Brake in the emails sent from the enquiries account. The emails were relevant in the context of a complex dispute between the parties pertaining to their wider business relationship.
The claimants sought an injunction and damages for misuse of private information and breach of confidence. An interim injunction was granted which prevented the defendants from disclosing the emails. However, the High Court, and subsequently the Court of Appeal, dismissed the claim, finding the claimants had no reasonable expectation of privacy in relation to emails sent from the enquiries account. The fact personal email addresses had been set up for the claimants at the time the enquiries account was created was stated to be highly significant; the inference being that the personal email addresses were subject to a reasonable expectation of privacy, whilst the general enquiries email address was not.
In respect of the enquiries email account specifically, there was no binary division of the emails so that those not business related were necessarily private and confidential. The account was a business account designed to receive enquiries from customers. Mrs Brake shared the email account with others, and this was relevant to the question of whether there was a reasonable expectation of privacy. Whilst Mrs Brake held the password to the account, the password was there to protect the defendants' privacy, not hers, and she held the password in her capacity as employee rather than in a personal capacity.
Whilst this litigation was the result of a complex and acrimonious business relationship, there are nevertheless general learning points stemming from the case. Employers will often legitimately wish to retain the power to monitor emails, as well as internet usage and other information generated and stored by staff during working time and/or using the employer's equipment. It is important to be upfront with staff about the way the organisation accesses data of this kind. Introducing policies such as an IT acceptable use policy, to include a section on monitoring, will be helpful. Where monitoring is considered necessary, employers may also need to carry out a privacy impact assessment in order to determine whether the monitoring is lawful and appropriate.