Employment law on instant messaging and business mobile phones

The rise of technology combined with the pandemic saw businesses accelerate their use of business mobile phones and instant messaging. Now, it is common to find team members using chat apps or text messages in their everyday work. Employees more so now than ever, are encouraged to use instant messaging platforms to communicate in a work context.

The use of instant messaging is arguably less formal than emails. This can raise questions about standards of conduct and communication with third parties, clients, customers, and colleagues. There are regular stories in the news related to ‘text scandals’ and it arises regularly in an employment law context.

From the Coodes Employment Team, Associate Steph Marsh and Trainee Solicitor Yasin Ahmed, highlight the issues that employers might face when allowing instant messaging in a work context.

Issues that can arise from instant messaging at work

There are a number of circumstances in which issues can arise when using business mobile phones or instant messaging. The most common issue is that the messages can be used as evidence or be disclosed which most people don’t consider at the time of sending. For example, messages could be used as evidence to support a claim which can be subject to court proceedings or a tribunal, but the writer may not have wanted them to be made available to others.

In these circumstances, employers must assess how they can get access to the messages. They also need to understand their rights when it comes to seeing the content, which will depend on the circumstances. The first consideration is whether the messaging platform is used for business communications solely. The second, is who owns the device and whether there are any relevant policies in place that govern the use of it.

Do employers have a right to access employees’ messages?

The immediate answer is that it depends on the specific facts. There are many situations where this may arise but there are 3 practical issues for the employer to consider:

Are the messages accessible? For example, are they subject to encryption or stored on a device with security measures?

• Are the messages accessible? For example, are they subject to encryption or stored on a device with security measures?
  
• Is it lawful to access the messages? Employers need to take into account the employees’ individual privacy rights and other general employment rights. These will be set out in their contract and/or any relevant policies.

• Who is the “actual owner” of the device containing the messages?

Once these have been established, then the approach ultimately depends on the circumstances in which the messages have been requested.

At what point can employers view employees’ messages?

The first step is confirming the messages are accessible and that it is lawful to access in accordance with any policies in place. Secondly, employers need to establish if the messages are held on the employee’s business mobile phone or personal device.

For business mobile phones, instant messages are just like any other business communication system. The employer will then need access to the physical device if it is not stored on a central server. They will also need to consider GDPR which is particularly important where personal information is contained in the messages.

For personal devices, the employer will need the employees’ consent to access the content on their unlocked device, which should be handled with extra precaution and care. In the 2022 case of FKJ v RVT and others, a claim was heard in the High Court in relation to the misuse of private information in respect of WhatsApp messages. The Claimant applied to have the claim dismissed on the basis that the messages the employer had obtained had not been done so legitimately. The Tribunal made it clear that all parties need to consider how they obtain evidence, especially if messages of a personal nature have been collected, stored and used in proceedings.

If employers have access to the device with messages, how can they rely on them?

As established in the case above, employees using instant messaging platforms have a “reasonable expectation of privacy” over their messages and employers need to be careful how they obtain them. This is an area that is developing in case law, where “privacy” is limited or does not apply in certain professions. An example close to home would be the case of BC and others v Chief Constable Police Services of Scotland and Others. This was heard in the Scottish Court of Succession and looked at issues around the right to privacy in messages regarding allegations of sexual offences in the Scottish Police Force. It was unveiled that offensive messages were being exchanged in a group chat between officers. This demonstrated that where the employee is subject to professional standards or is regulated by a governing body, the expectation of privacy is limited.

The practical point to consider here is that a reasonable expectation of privacy can depend on the employee’s role. The content of the information, whether it is necessary to make the request, the volume of messages and how to go about requesting and storing this information will also need to be considered.

What if the messages are private and personal, but on a business mobile phone or other work device?

Again, the answer here is that it depends. The facts of each case will need to be considered in order to access any messages. As we saw in FKJ v RVT, if messages are private, the employer may not have a right to access them.

The more cooperative the employee is with the access, and if they are willing and happy to share the information, then the easier it will be for the employer. However, employers will still need to err on the side of caution. Ultimately, this depends on the expectation of privacy regarding the messages.

What can I do as an employer to mitigate the risks of instant messaging?

• Policies and Procedures – Outline the rules and guidance for employees so that the expectation for the use of instant messaging platforms is clear for all. The policy should also outline that the messaging platform(s) may be requested and monitored, and the consequences of breaching or misuse of the platforms highlighted.
  
• Introduce systems to mitigate risk – Messages should be treated with a high degree of care. When making such requests to employees, this should only be done where there are genuine grounds to believe that the device in question holds information that could assist with an investigation. The request should be made for serious matters only, and not something trivial.

• Only extract relevant information from the device in question – Employees should have a reasonable expectation of privacy, so, it is best not to muddy the waters and only extract the information required to facilitate any search. Furthermore, any irrelevant information or messages should be ignored. Any information that is extracted should be stored safely and securely.

• Keep a record of the access request – This is more for administrative purposes. It would be sensible to keep a timeline and record of the access should any challenges arise in the future.

Employers need to consider how they keep copies of messages and records in the event of any future disclosure. Messages that are easily deleted can cause issues down the line if they are not recoverable but at the same time, they cannot store messages and personal information without having a good reason to.

Other factors to consider if an employer wrongly accesses private messages

Due to the conversational and less professional nature of instant messages, issues arise around standards of etiquette. In certain circumstances, this is appropriate and necessary, however, employees also need to be careful as this can lead to conduct issues.

Employers need to consider any data protection liabilities. Any monitoring activities could breach the duties of trust and confidence implied in the contract of employment and could give rise to potential claims. Furthermore, employers have a duty to protect the personal data of their employees and other third parties or they could be in breach of GDPR.

If you have any questions regarding this article or employment law in general, you can contact us here or call us on 0800 328 3282.