I know about ACAS, he's been there under two years and they have policies about internet usage there is nothing he can do. I just wondered if there was another angle about accessing all of his information without consent.
One would assume that he has passed any probation - so he should have just as many rights, as someone who has been there 10 years.
The key now, is to get hold of his 'employee handbook', or whatever document covers the company's disciplinary procedure - the policy on IT use will also be handy.
When ACAS helped me, I had a very serious (job threatening) procedure completely quashed, as my employer had not adhered to their own processes - it was brilliant, as I went from complete misery (and the prospect of losing my job), to serenity
The whole angle on accessing his personal info without consent, will be a huge gray area, as it was a corporate laptop - their property, and subject to their rules. Sure there is an argument about the trawling through the entirety of his data that was synced, which is all kinds of wrong, but they will still hold a get out of jail card (of sorts) - in that it is a corporate device and there are IT policies governing its usage.
Edit: I'm not trying to say that they have every right to do what they did, as it was their bit of kit - just be prepared for that to be a counter argument, and their justification for doing it. Here, on our corporate kit, we would never dream of snooping like that.