Access to Emails
Discussion
A company that I do contract work for from time to time has two directors, each owning 50%. They use Office365 and have a mailstore archiving system that I host for them. Office365 & Mailstore are paid for by the company
The directors have fallen out with neither wanting to talk to the other except via solicitors.
Recently Director A bought out Director B (Director B is now no longer a director or employee, but may remain a shareholder [I don't know]). I don't believe that all the legal issues are finished
Director B's mailbox was deleted when he left and the email address added to the leavers mailbox.
Director B did (when he was still a Director) ask me to delete his mailbox and archive. I deleted the mailbox, but due to ongoing litigation decided that deleting the archive was NOT a sensible idea
Director A now wants access to Director B's mail archive and all his historical emails
My question is this:
Does Director A have the right to access all the historical emails or does X-Director B have any form of "right to privacy"? I know that there is email in the archive that Director B does not want Director A to have access to.
The directors have fallen out with neither wanting to talk to the other except via solicitors.
Recently Director A bought out Director B (Director B is now no longer a director or employee, but may remain a shareholder [I don't know]). I don't believe that all the legal issues are finished
Director B's mailbox was deleted when he left and the email address added to the leavers mailbox.
Director B did (when he was still a Director) ask me to delete his mailbox and archive. I deleted the mailbox, but due to ongoing litigation decided that deleting the archive was NOT a sensible idea
Director A now wants access to Director B's mail archive and all his historical emails
My question is this:
Does Director A have the right to access all the historical emails or does X-Director B have any form of "right to privacy"? I know that there is email in the archive that Director B does not want Director A to have access to.
It's my understanding that anything produced during your employment becomes the IP of that employment.
If I write my book on works time, it's works, not mine.
The emails are the property of the company and with due regard to GDPR etc. I would have thought an appropriate employee can have access to company emails.
IANAL, however if they exist and everyone knows they do, I'm not sure you can say no, however, why didn't you delete them when asked to by the other director, had they already been locked out, or could they not be bothered to delete them?
If I write my book on works time, it's works, not mine.
The emails are the property of the company and with due regard to GDPR etc. I would have thought an appropriate employee can have access to company emails.
IANAL, however if they exist and everyone knows they do, I'm not sure you can say no, however, why didn't you delete them when asked to by the other director, had they already been locked out, or could they not be bothered to delete them?
dundarach said:
The emails are the property of the company and with due regard to GDPR etc. I would have thought an appropriate employee can have access to company emails.
IANAL, however if they exist and everyone knows they do, I'm not sure you can say no, however, why didn't you delete them when asked to by the other director, had they already been locked out, or could they not be bothered to delete them?
Working in IT myself i'd say pretty much - This.IANAL, however if they exist and everyone knows they do, I'm not sure you can say no, however, why didn't you delete them when asked to by the other director, had they already been locked out, or could they not be bothered to delete them?
The mailbox is property of the company, not the individual. If he decided to sign up to dodgy website or cheat on his wife for example via Company emails, thats just silly of him but those emails don't belong to him. If you want any shred of privacy, you should not conduct personal business on a company device (including access PH.. oops!)
As for the question of "Why not delete when asked?" Anyone in IT knows that deleting things in that nature is just shooting yourself in the foot, it's always best practice to archive for a period of time and then delete at a later date, the last thing you want is Mr Director telling you to delete stuff with "it's okay, im the director" and then 2 months later they come back with "Remember those things I asked you to delete? I need them back!... what do you mean you can't get them back, i'm a director!"
NugentS said:
Does Director A have the right to access all the historical emails or does X-Director B have any form of "right to privacy"? I know that there is email in the archive that Director B does not want Director A to have access to.
Yes - the data is that of the company. Your contract I presume is with the company so give him the access/data. HantsRat said:
Surely your contract is with the business and not individuals therefor only deal with the business only.
Yes any big decisions should be confirmed by both.I think the op did the correct thing. And also he now employed by the director still working.
I'm pretty certain op could cite data protection laws holding information for 6 years or something.
Edited by mickythefish on Wednesday 26th February 15:47
NugentS said:
My question is this:
Does Director A have the right to access all the historical emails or does X-Director B have any form of "right to privacy"? I know that there is email in the archive that Director B does not want Director A to have access to.
IMO, this depends on the company IT policy and/or within an individual's contract.Does Director A have the right to access all the historical emails or does X-Director B have any form of "right to privacy"? I know that there is email in the archive that Director B does not want Director A to have access to.
However, I also agree that this is not your dilemma to resolve. You're contracted (presumably) for IT services so follow their instructions - whether what they are accessing is permissible is their lookout, not yours.
If someone on here says Director B has a right to privacy, are you going to tell Director A that you refuse to do it? I hope not.
NugentS said:
Given that there is ongoing litigation in process I felt that deleting what may end up being evidence would be a foolish idea
me, I would say you did it for GDPR rules and were going to review this with the other director. deleting the emails, just wouldn't be prudent for the business, especially the other director leaving. I think 1-2 years would be prudent.https://www.geldards.com/insights/how-long-can-you...
What if an important contractual issue came up that hinged on B's emails at the time, unrelated to the current falling out, would you consider denying that access? Of course not, this is exactly what the mail archive is for. How different is this really?
Careful what you say on company emails is the lesson, always has been, always will be.
Careful what you say on company emails is the lesson, always has been, always will be.
There are some complexities - the emails don't necessarily belong to the company just because they were produced on company equipment.
But at least some of the emails are company property. So Director A almost certainly has a right to access them (or at least someone does; But I am assuming it is a small company, so no dedicated HR, so full access will probably revert to Director A).
Director A does have to comply with GDPR, and private, non-work related emails will belong to Former Director B, so Director A shouldn't be using them for anything.
But the only way to differentiate between work related and personal is for Director A (or company HR) to read the emails...
Basically dealing with the right to privacy is almost certainly Director A's problem, not yours, and they do have a right to access, because how else do you determine if the emails are personal or business...
But at least some of the emails are company property. So Director A almost certainly has a right to access them (or at least someone does; But I am assuming it is a small company, so no dedicated HR, so full access will probably revert to Director A).
Director A does have to comply with GDPR, and private, non-work related emails will belong to Former Director B, so Director A shouldn't be using them for anything.
But the only way to differentiate between work related and personal is for Director A (or company HR) to read the emails...
Basically dealing with the right to privacy is almost certainly Director A's problem, not yours, and they do have a right to access, because how else do you determine if the emails are personal or business...
Mars said:
Make sure any requests that either director ask of you are in writing and that you keep copies.
No need for that.Director B is no longer an employee. They have no right to ask for anything, beyond GDPR requests like a regular member of the public, etc. Any request coming from them would be "emotionally driven", and the OP ought to ignore it.
Director A is both an employee and director - so can ask for whatever they want. Director A is "the company" as far as the OP is concerned.
OP shouldn't even be thinking about withholding or otherwise stymying access to data for compassionate or comfort reasons or anything like that, lest he finds himself in a compromising position himself.
qwerty360 said:
There are some complexities - the emails don't necessarily belong to the company just because they were produced on company equipment.
There should be no expectation of privacy for personal data stored on or transmitted through company infrastructure. "Ownership" isn't really a thing in this context, and the company would certainly own the storage where this data exists (either the equipment or in the cloud).Edited by Durzel on Wednesday 26th February 22:44
Actually your problem goes back to when Director B asked you to delete and shred the mailbox AND archive. If you failed to do this, and the contract doesn't specifically touch upon the right to override his instructions for data protection or legal or whatever, then technically you are in breach of the contract and could be sued. However since it would be Director A enacting this, I think its a non-issue. Unless, of course, Director A goes and Director B returns.....
Thats never going to happen
And what contract - I don't have one. Its a verbal zero hours contract - I bill (probably far less than I should) for my time
I retired 5 years ago - and do this for amusement rather than anything else (not that its amusing at the moment)
And what contract - I don't have one. Its a verbal zero hours contract - I bill (probably far less than I should) for my time
I retired 5 years ago - and do this for amusement rather than anything else (not that its amusing at the moment)
Edited by NugentS on Thursday 27th February 07:10
NugentS said:
Thats never going to happen
And what contract - I don't have one. Its a verbal zero hours contract - I bill (probably far less than I should) for my time
I retired 5 years ago - and do this for amusement rather than anything else (not that its amusing at the moment)
So you don't charge for the kit then and it's yours?And what contract - I don't have one. Its a verbal zero hours contract - I bill (probably far less than I should) for my time
I retired 5 years ago - and do this for amusement rather than anything else (not that its amusing at the moment)
Edited by NugentS on Thursday 27th February 07:10
I charge to host their virtual server since they lost the company office due to the legal dispute. I don't mind hosting a mailstore server - but I refused to host the file server and have since transitioned that to Office365 Sharepoint
File server would have required VPN Access, DMZ and always on type access. Where Mailstore doesn't really matter if it goes down when I do some maintenance for a bit
File server would have required VPN Access, DMZ and always on type access. Where Mailstore doesn't really matter if it goes down when I do some maintenance for a bit
Gassing Station | Speed, Plod & the Law | Top of Page | What's New | My Stuff