Managing Email Misuse At Work

What is your business liability if an employee misuses your communications network by sending out email erroneously? How can you reduce the risks of being held responsible if an employee libels another in an email?

This article look at the legal principle of vicarious liability in relation to email use.    

In today's world of networked communications virtually every worker can use the Internet and has access to email whilst at work. Both are enabling tools for the business. It no longer makes sense for businesses to implement a total ban on use of email at work. When used correctly they can bring both competitive and collaborative advantage to the organisation.

However, we are all human. We do not always do everything as we should. Sometimes we make mistakes, whether by accident or deliberately. This means that staff members often do things that they perhaps regret doing after the event. We've all sent an email in haste only to find that it was sent to the wrong person or contains spelling mistakes which we should have seen.

Once an email is sent it cannot be undone. That's why organisations must ensure that members of staff take care when sending the contents of electronic communications. It's easy to be flippant and upset another whilst online.

For example, if the organisation fails to discourage email use that introduces racially or sexually offensive material, the employer can be challenged for failing to protect employees from harassment or discrimination at work. There is no limit to the amount of compensation which can be awarded.

Two most frequent Internet and email use issues

  • The excessive use of social networking sites.

For example, an employee shares confidential or proprietary business information (maybe they give out insider information about the value of shares);  or comments made are construed as being harassment or discriminating against a person.

  • Misusing the e-mail facilities.

For example, the content of an email contains inappropriate sexual material; breach confidence by sending out confidential files or information; defamation; breaching the Data Protection Act 1998; contract formation by employees without realising it; discrimination.

Vicarious liability


The employer can be made liable for the acts of employees. This is called vicarious liability. This can lead to expensive and time-consuming litigation which might also include adverse publicity for the organisation. Adverse publicity is usually not welcome.

The employer can take action to mitigate the problem. But it is necessary to be aware of the relevant legislation, including the provisions of the Data Protection Act 1998 regarding processing of personal information. Employers also need to familiarise themselves with laws around privacy and monitoring of employees.

Preventative steps

Employers should take preventative steps to ensure employees do not misuse or abuse email. This can include setting out email use policies which are linked to the employment contract. Most employees do not intend do things that may lead to the prospect of dismissal.

Employers should also advise staff about the risks in using email. For example, an email from an unknown sender may contain an attachment with a virus inside. Advising the employee not to open attachments from unknown senders and deploying scanning software to remove threats are two ways in which employers can reduce their risks.

Writing and implementing policies

Give consideration to either writing and implementing appropriate policies, or where the organization does not have them, to prepare such policies, including:

  • an e-mail and internet use policy;
  • an IT policy;
  • a disciplinary policy;
  • a harassment policy; and
  • a whistleblower's policy.

Education and training

Policies without training do not work. Training is imperative, and consideration should be given to the various mechanisms that can be used to ensure all members of staff have regular training. Restricting training to one particular method (for instance, on-line training) soon fails, because it becomes too familiar: the only way is to ring the changes with different types of training (on-line self-taught; internal 1 or 2 hour sessions; external training providers to reinforce the message).

Further information

Please read our section on Electronic Communications

E RADAR Email, Internet and Social Media Law Masterclass

workshop, masterclass, e radar masterclassYou may also want to consider joining one of our business training masterclasses aimed at board level directors, Chief Information Officers and in house compliance and IT specialists.

The trainer is a top UK barrister specialising in electronic communications.