I have an employee who I suspect of sharing information with his friend in a rival business via Skype. Can I just grab his laptop and check it to avoid him deleting the evidence? Appreciate he may feel affronted but he is likely to be leaving soon anyway.

Yes. Its the company computed, not theirs. You shuould have a policy explaining as such.

The data shardd could also be illegal:

https://ico.org.uk/action-weve-taken/enforcement/j...

It may be a problem.

What does your company computer use policy say?

Depends on your role within the firm

IT can create a problem on the laptop and when resolving will be able to have a look.

I don't get the impression that this is a company with IT policies and IT staff

As has been suggested, you have a legal obligation to protect personal information under the 2018 Data Protection Act (& the GDPR).

If you suspect that the employee is leaking data that could include personal information (names, e-mail addresses and phone numbers included as they can identify the individual), then you must act (if there has been a breach, then you are already non-compliant, not to then take action would be viewed dimly). OK, if it is only a record or two, then the ICO will have bigger issues to deal with, but it does give you an idea of where the law stands on it.

Your employment contracts and staff privacy notices should highlight that in order to meet your legal obligations, you require full access to company resources, PC's, emails systems etc. Upon realising the legal requirements, many companies took the opportunity to update their written and procedural policies and contracts to meet their new obligations.

BYOD makes this particularly challenging, which is why the company policies should be very carefully considered.

It’s not personal data, simply test results. Thanks for suggestions. I’ll check them out.

Not all breaches are equal from a liability perspective. If the shared/leaked data had any PII and the breach wasn't assessed dealt with then OPs firm could get a real spanking from the ICO. Sharing other data may solely be a breach of internal policy or the employees contract which can be dealt with internally.

I imagine any firm that hands out laptops to employees has at least an off the shelf policy which would detail that the content of the device are not theirs and can be subject to monitoring etc. If not then just mug him in the car park.

I had this issue a three or four years back. We monitored e mail traffic form the servers to gather evidence which the employee was unaware of.

Errant employee was dismissed for gross misconduct but refused to surrender his company laptop. We recovered the laptop from employees home address which is another story.

However the whole process was carried out under the advice and management by a major international law firm specialising in employment law, so all perfectly legal.

Personal data from the works laptop was recovered and provided on a hard drive back to the employee.

+1

If it's a recruitment agency type business isn't that how all agencies start up including your own/your employers?