Accessing a leavers mailbox

Domo · 27 Jul 2021 at 21:56

Is there any guidance or regulatory obligation an employer should be aware of? In this instance, an employee has left an organisation but deleted all their mailbox contents on the last day, because of the large amount of personal email included. Now managers are asking for access because the mailbox would have contained important emails. But I don't think it's that straight forward. Is it?

Does GDPR come into play? What rights does an employer have? It is possible to retrieve the deleted emails, but should they?

whitecrook · 27 Jul 2021 at 21:58

Presumably its the companies mailbox, so they can do as they wish.

if employee was using it for personal things then that was dumb of them . Unless that was allowed (which i doubt). But in any case company resources

vanandjuanunited · 27 Jul 2021 at 21:59

Does the company not not have an email policy. IE it shouldn't be used for personal emails

Deleted member 77746 · 27 Jul 2021 at 22:16

You are not supposed to use a work email for personal things. It belongs to the company not the person so they can put a request (as long as it comes from a higher up than the member of staff). I get requests like this all the time. I know who is higher than who in companies I deal with so I know when to grant a mailbox delegation.

Domo · 28 Jul 2021 at 09:43

I'm curious about the legal aspects with regards to users deleting their emails before leaving an organisation.
The emails are retrievable, but does that mean an employer can act on it without consent from the ex staff member? Particularly in the absence of any such policy?

BigT · 28 Jul 2021 at 10:10

Depends how goods your employment contract is. A decent one will outline that all work conducted using company provided assets (such as an email account) remain the property of the employer and shouldn't be used for personal use. That gives you enough of a basis to do what you want. In the absence of it being in the contract or a policy on it then IAMNAL but I'd argue the fact you have and always had admin capability to get to them if you wanted is enough of a binding agreement that use of the email system is the employer's right to do so as they wish. GDPR may say otherwise though so if you think it's going to come back to bite you then seek professional advice.

vanandjuanunited · 28 Jul 2021 at 10:14

Are you going to keep asking this until you get an answer you are happy with

OspreyO · 28 Jul 2021 at 10:26

Domo said:
I'm curious about the legal aspects with regards to users deleting their emails before leaving an organisation.
The emails are retrievable, but does that mean an employer can act on it without consent from the ex staff member? Particularly in the absence of any such policy?

Act on it how. Your question is very vague.

I can only assume that someone did something dubious via company email, then thought deleting the emails would cover their tracks or prevent it from being discovered. Which it won't. Probably did it as they were leaving our quitting. Thought they were untouchable. Well they aren't.

OspreyO · 28 Jul 2021 at 10:39

Company email belongs to the company.

Deleting emails like that is highly unprofessional.

melmac · 28 Jul 2021 at 11:01

Domo said:
Is there any guidance or regulatory obligation an employer should be aware of? In this instance, an employee has left an organisation but deleted all their mailbox contents on the last day, because of the large amount of personal email included. Now managers are asking for access because the mailbox would have contained important emails. But I don't think it's that straight forward. Is it?

Does GDPR come into play? What rights does an employer have? It is possible to retrieve the deleted emails, but should they?

Does the company have any policy regarding emails? Since GDPR, Employers need a valid reason for accessing an employees work email.

I wouldn't be too sure what happens if an employee leaves the company. I am pretty sure the same rules apply.

So, it all depends on what email policy they have.

Pipe & Slippers · 28 Jul 2021 at 12:15

If you have a legitimate business reason for retrieving them, there shouldn't be a problem

The issues become less clear cut if you are trying to retrieve non-business related emails

GravyMonster · 28 Jul 2021 at 12:22

Pipe & Slippers said:
The issues become less clear cut if you are trying to retrieve non-business related emails

Not really. If it's a mailbox provided by the company for use by the employee, held on a server/service provided by that company, then the content of the mailbox is owned by the company and they are free to access it at any point, regardless of the person's employment status. There's no distinction between the content of the emails the company is/is not allowed to access in that mailbox.

As @BigT pointed out above, this should all be covered in the employee contract, specifically stating that the company-provided mailbox should not be used for personal business and that it can be accessed by authorised personnel at any time.

sanaxe1 · 28 Jul 2021 at 12:25

OP wants to stalk a former staff member to see if she liked him as she didn't reply to his love heart shaped cookie he left on her desk.

Feek · 28 Jul 2021 at 12:36

Two threads for the same thing, I've merged them.

OspreyO · 28 Jul 2021 at 12:43

People really should have more cop on.

If you are working on a a cloud based system. Even if you work on a personal doc on your desktop then delete it, it will be often still be recoverable in the could for 3 months or so, depending on the policies in the organization.

if people are WFH, they might mistake of treating the work computer/laptop as ok for personal use if its at home. It isn't. People should be careful.

Email is the same. keep work and personal stuff seperate. You could end up leaving work tomorrow and never have access to those systems again.

Deleted member 77746 · 28 Jul 2021 at 12:50

Domo said:
I'm curious about the legal aspects with regards to users deleting their emails before leaving an organisation.
The emails are retrievable, but does that mean an employer can act on it without consent from the ex staff member? Particularly in the absence of any such policy?

Don't think there is a legal aspect. Basically if the person leaving deletes them there's not a thing the company can do apart from restore the mailbox from backup. They have backups right?

You are restoring the mailbox for business emails right? or are you wanting to restore them to go snooping through their personal ones?

Semple · 28 Jul 2021 at 12:50

Domo said:
I'm curious about the legal aspects with regards to users deleting their emails before leaving an organisation.
The emails are retrievable, but does that mean an employer can act on it without consent from the ex staff member? Particularly in the absence of any such policy?

Why would a company need permission from an ex-employee to read their work emails? They're not the property of the ex-employee in the first place.

GR63 · 28 Jul 2021 at 19:29

Some good responses here... let's ask a related question.. if someone WAS leaving and wanted to make life difficult w.r.t email what would make it hardest to retrieve emails? :-)

Asking for a friend

OspreyO · 28 Jul 2021 at 20:05

JudgeDeath said:
Some good responses here... let's ask a related question.. if someone WAS leaving and wanted to make life difficult w.r.t email what would make it hardest to retrieve emails? Asking for a friend

If they have a backup system nothing. They have a copy for ever, and you can't access it. Same with the cloud.
if you move it to local storage PST etc, they won't have a copy. But you probably can't do that, and it would likely be against the rules and could get you fired in some places.

GR63 · 28 Jul 2021 at 21:32

Thanks... TBH I think most firms like to use electronic filing so by merely not filing stuff for future drones you are doing your "bit" to be a disruptive influence... having said that, why file stuff cos if its important someone else will have ?