work email access

[plasticpotato]

I was off work recently for two weeks, during that time the password to my emails was changed by senior management without my consent. This has only happened to staff who have resigned or been sacked, no current employees. Other staff members have been off for a lot longer than two weeks and not had their passwords changed.

Since my return I have had my access reinstated but I have noticed senior management have been forwarding emails from my account to their own - nothing dodgy of course....is this legal?

Yes it's legal. It may or may not be against company policy depending on what was done, by who and on who's authorisation but it's the company's email system and the company's data, not yours.

Yes it is legal. It might be worth having a chat and finding out why this is being done if it is not the norm.

This is why company emails should only ever be used for work related tasks and conversations.

Are you sure it did not just lapse anyway. Some email systems require password updates regularly. It is not uncommon to have a forward on emails of absentees with or without explicit permission, especially if work is ongoing. Would you rather your inbox had just built up and nothing been dealt with?

Totally legal - it's work email and belongs to them. You not only shouldn't expect privacy on it, you may (should!) be forbidden by your company rules from using it for anything other than work stuff.

Pretty sure there won't be any laws covering the changing passwords of work email addresses.

Have you asked them to get you a new password?

The password reset may have happened automatically when IT overrode the current access permissions to allow one or more people to access your inbox. Your password might be the same password you use for other work systems so I suspect it is a security measure not to pass on any passwords but just reset it.

As PP have said it is legal. There will be a clause in the IT policy allowing for this. In my last company a manager had to request access, this then had to be signed off by another, more senior manager and then IT would take the action so the agreed people could access your emails.

That's why no one should use their work email for anything personal or ever refer to someone by name and say something in an email that you would not say to that person's face or be happy for your manager to read.

Thank you for clarifying. I was off because of stress related to work and I think that is why I am feeling a bit paranoid.

I'll check our policies about this tomorrow.

All my work emails are just that..work related - nothing incriminating. One forwarded email from my account contained DBS checks info.

@PattiStanger - yes I have asked for one, and got a new password from our IT dept.

What sort of dbs details?

@LIZS info on potential volunteers

I've had a look and we have no workplace policy in regards to monitoring. According to the ACAS website, employees should be made aware of monitoring but as I am the only employee that this has happened to, I feel somewhat targeted. I can't find any information on what an employers right is to change the password without the employee's consent.

www.acas.org.uk/media/pdf/d/b/AL06_1.pdf

All my work emails are just that..work related - nothing incriminating.

Apologies OP, I was not suggesting you used your email inappropriately. It is just a useful reminder to those reading the thread to be careful.

It's their IT system and they can reset a password whenever they want, it's not your personal property.

It's a bit sloppy not to have a policy disclaimer but there is no expectation of privacy on work computers.

The same would apply to monitoring all Internet access and reviewing automatically what software is installed.

Om an IT note the fact that DBS checks go to a personal account not a shared mailbox is pretty poor practice.

Any information which may need to be accessed by multiple people especially in the event of absence should go to a shared box with an appropriate access control list

@JenniferJareau

No worries at all, I understand.

@IWouldPreferNotTo - agree! Its turning out to be quite a poorly run organisation..the monitoring feels invasive and has stressed me out further, I can honestly say I am a decent hard-worker and this feels unjustified.

'These rights are protected by Article 8 of the European Convention on Human Rights forms part of UK law, thanks to the Human Rights Act 1998.

According to the European Court of Human Rights, private life is a broad concept that does not stop at the door of the workplace. For example, under the Convention:

Workers have a reasonable expectation of privacy when using the phone at work, especially if employees have not been warned them their telephone might be bugged

5 Monitoring of work emails can breach employees’ rights to privacy, particularly where employers do not have a workplace policy.

6 Employers must be able to justify surveillance of employee communications, especially if this involves reading employees’ private emails or online messaging. They should also explore any less intrusive alternatives

7 Covert surveillance at work can only be justified in exceptional circumstances

8 Monitoring email, internet and phone use
Employers have no legal obligation to allow staff to use the phone, email or internet at work for personal reasons. However, good employers trust staff with some private use during working hours, as long as it does not interfere with their work.

To comply with data protection rules, employers must tell staff of any plans to monitor email or internet use and the reasons for doing so. Employees should have a clear understanding of when monitoring will take place, why information is being gathered and how it will be used. ''

from www.tuc.org.uk/research-analysis/reports/i%E2%80%99ll-be-watching-you?page=5

Have they been forwarding emails from your account to their own now you are back or did they do it whilst you were away? If the latter then completely normal to need to deal with things whilst you are off, if the former (and it’s not related to stuff they picked up whilst you were away) then they are obviously monitoring you and you should ask why. A change of password as a PPnsaid was probably to give them access whilst you were off which for 2 weeks would be completely usual.

@thewinkingprawn

It was the latter. That isn't the issue for me. What it is, is that I had no idea that this was normal practice as it has never happened to any other colleagues. This practice has never been used before or disclosed to employees. It is a small org and if anyone is off for any length of time their email is ignored with an out of office put on. One colleague, for example, has a very important role and was off for almost three months, and their was no access to email accessed. I am aware of three other similar circumstances.

If requested I would have had no problem with anyone accessing my email but it felt covert, and they were aware it was for two weeks only plus there is nothing major or demanding/pressing in my department at the moment.

Have you had a return to work interview? If not, request one. In it, mention that you noticed the password had been changed and emails had been forwarded. That you’d like to understand why as it hasn’t been explained. Don’t go in guns blazing, ask lightly, see what happens.
Say wou were really looking forward to coming back to work after your abscence and felt freshly and ready to get back down to it so it was really disappointing to find this had happened and not explained

@JuniperBeer

Yes, that's a good plan, thank you for your advice! Its all a bit weird tbh

The TUC information is interesting but I think you're confusing the bit of 5 & 6. Your work email is not personal email nor are they private emails

The actual outcome is that if you had sent an email about non-work related matters they should not read it once they have identified it does not pertain to work. Although in practice I think this is unfeasible, unrealistic and not accepted by most companies and the TUC are just chancing it by making such bold assertions.

Emails related to your role are not covered by this definition by the TUC. While I think you firm is sloppy in IT practices I don't see that they've done anything out of the ordinary or in contravention of the points made by the TUC.

@IWouldPreferNotTo yeah you are right, I think I am just a bit baffled as to why they needed to access my emails and maybe the last point is most from the TUC is most pertinent here...

To comply with data protection rules, employers must tell staff of any plans to monitor email or internet use and the reasons for doing so. Employees should have a clear understanding of when monitoring will take place, why information is being gathered and how it will be used.

It is not so much the legality for me, the more I think about it, it is more how I am now feeling like a untrusted member of staff, when I have been anything but. There are other issues at this workplace going on (unrelated to me) but would be too outing to disclose at present.

One colleague, for example, has a very important role and was off for almost three months, and their was no access to email accessed.

Could they have granted access to someone else without you being aware? Their PA perhaps or their manager?

What type of emails did they forward?

The dbs info can be shared as required in the organisation. It does not "belong" to you and presumably was requested as part of a recruitment process. If it was required in order to process the volunteers' applications in your absence it is appropriate for it to be forwarded to an individual to do so. Unless it has been circulated around the organisation beyond necessary I am not clear what the problem is. Tbh you seem rather sensitive about this. Maybe others made arrangements fir an automatic forward of emails in their absence or monitored it from home. Or maybe their work was not high priority.

Are the emails theyy forwarded all linked or about something in particular? Was there a piece of work that desperately needed doing?
I wouldn’t mention anything about being monitored or if you think emails are private. It’s a naive view to think emails sent using a work email address are private. Stick to wanting to know why they did it

In the kindest possible way I think you are overreacting and should just let it go. It isn’t normal practice to let emails languish for weeks (or even a week!) so maybe they are just putting best practise in place now and you happened to be first to go. Ideally someone would let you know but if you were off with stress they will also have worried about bothering you and may just have forgotten. Unless there is something you are not telling us about the emails they forwarded then I would urge you to let it go - I think you’ll look paranoid and that you may be concerned about something that is in there if you raise it. If they’ve not forwarded anything since you have been back then try and move on.