Why you should not email yourself work documents or information

An issue that comes up time and again is where employees send emails from their work email to their personal email with work information, and the employer subsequently finds out. This may violate company policies and could potentially have legal consequences, depending on the nature of the documents and the specific circumstances of the situation.

Often the reasons for doing so are innocent, or for work related purposes, for example where they send to a personal device so that it can be worked on at home or in their own time. Often it is just misguided by the employee, they send for future reference, rather than with any intent to exploit or utilise the information.

Sometimes the intention of the employee is not as innocent, and they have every intention of using in the future for their benefit or the benefit of their new employer.

There are various things that employers can do during the employment relationship and at the end to protect confidential information and documents.

  1. Ensure all employees have a Confidentiality Agreement in place

This can be by way of robust confidentiality clauses in employment contracts that clearly define what constitutes confidential information and the obligations of the employee to protect it.

Alternatively, where necessary having a specific NonDisclosure Agreement (NDA) in place that explicitly prohibit the sharing or misuse of confidential information both during and after their employment.

  1. Include Non-Compete and Non-Solicitation Clauses

Include non-compete clauses in employment contracts to restrict employees from joining competitors or starting a competing business for a specified period and within a certain geographical area.

Implement non-solicitation clauses to prevent former employees from poaching clients, customers, or other employees.

These can be added to the employment contract or in a separate document.

In order to be enforceable they should be relevant and proportionate to the role and responsibilities of the individual and reviewed periodically to ensure they are still relevant and up to date.

  1. Access Controls and Monitoring

Limit access to sensitive information to only those employees who need it to perform their job duties. Use role-based access controls to manage permissions.

Implement monitoring systems to track access to and usage of confidential information. This can include logging access to sensitive files and monitoring email and network activity.

  1. Exit Procedures

Conduct thorough exit interviews to remind departing employees of their confidentiality obligations and to identify any potential risks.

Ensure that all company property, including laptops, mobile devices, and documents, is returned before the employee leaves.

Immediately revoke access to company systems, email accounts, and physical premises upon the employee’s departure.

  1. Employee Training and Awareness

Provide regular training on data protection, confidentiality, and the importance of safeguarding company information.

Clearly communicate company policies regarding the handling of confidential information and the consequences of breaches. Include explicit instructions around taking documents out of your systems via email or other sources.

  1. Technological Measures

Use encryption to protect sensitive data, both in transit and at rest.

Implement remote wipe capabilities for company devices to ensure that data can be erased if a device is lost or stolen.

Use watermarking on sensitive documents to track their distribution and identify leaks.

  1. Regular Audits and Reviews

Conduct regular security audits to identify and address vulnerabilities in the handling of confidential information.

Regularly review and update confidentiality policies to ensure they remain effective and compliant with current laws and best practices.

  1. Send a cease-and-desist letter

The employer should initially and urgently send a cease-and-desist letter to the employee demanding the return of the data or documents and cessation of any further use or dissemination of the information. The letter should outline the potential legal consequences of failing to comply, including civil and criminal actions.

  1. Injunction

An employer can seek an injunction from the court to prevent the employee from using or disclosing the stolen data or documents. An injunction can also compel the employee to return the data.

  1. Damages

The employer could, in addition to or instead of an injunction, obtain damages resulting from the breach of confidentiality or theft of company data. This can include compensation for financial losses and any harm to the company’s reputation.

  1. Criminal Action

The employer could report the theft of data or documents to the police or relevant authorities. The employee may be prosecuted under criminal laws such as the Computer Misuse Act 1990 or the Theft Act 1968.

If personal data is involved, report the breach to the Information Commissioner’s Office (ICO) under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

If you are an employee departing your employment it is important to understand the potential costly ramifications of taking your employer’s data or confidential information. Even if your intentions are not to do harm but rather to aid yourself in the future, you could find yourself on the end of a threatening letter from your previous employer or even an injunction and costs from the Court.

For employers, there is no complete way to safeguard your data or confidentiality from employee misuse, but if you follow the steps set out above you can put in place measures to mitigate and reduce the risk.

If you would like any help in reviewing your processes or procedures or would like advice on enforcement of your rights, then please do not hesitate to contact us on 01983 897003.

Share This Article
Read More Articles
Any questions? Contact us

Appointments are available by telephone or via video call, so no matter where you are in England or Wales we can assist you.

The information contained in this blog post is provided for guidance and is a snapshot of the law at the time it is written. It is provided for your information only and should not be used as a substitute for obtaining legal advice that it specific to your particular circumstances.

The guidance should not be relied upon in any decision making process. It is strongly recommended that you seek advice before taking action.


Solicitor in Eastleigh | Solicitor in Salisbury | Solicitor Isle of Wight