Should an employer change passwords on an employee's work mobile?
Where a company provides a lap-top or mobile phone, does an employer have the right to unilaterally change passwords on an employee personal internet account set up by the employee on such devices?
The case of Richmond v Selecta Systems Ltd [2018] EWHC 1446 gives some guidance on such matters where the sales director of Selecta, Mr Richard, was supplied with a work mobile phone.
Mr Richard also used the work mobile phone to access his personal AOL and Apple/iCloud accounts. As part of his termination negotiations, Mr Richmond agreed for the MD to take his work mobile phone and provided him with his passwords for the phone and his internet accounts so that the MD could check for company information.
Unintentionally the MD reset the passwords which locked Mr Richmond out of his accounts. He was also unable to download his iTunes music library.
Duty of care breached
It later transpired that Mr Richmond had intentions to set up a new business, Selecta believed this to be in breach of the agreement that they had been in the process of negotiating. Mr Richmond was dismissed without notice and brought various claims against Selecta, including that the company had breached its duty of care to him in relation to his online accounts.
The High Court held that Selecta had breached its duty of care by interfering with Mr Richmond's personal internet accounts. Selecta employees were not prohibited from using company equipment for personal purposes and the mere fact that Mr Richmond gave his employers his passwords did not authorise the change.
The loss to Mr Richmond was reasonably foreseeable where the relationship between the parties was sufficiently close and thus it was fair, just and reasonable to impose a duty of care on Selecta towards Mr Richmond.
However, the High Court did find that Selecta were entitled to protect their business by accessing the work mobile phone and Mr Richmond's internet accounts to delete any company information held there. However, they did find the MD was not entitled to change security details on Mr Richmond's internet personal accounts.
Compensation awarded
Mr Richmond was awarded £1,000 in compensation to cover the loss of access to his iTunes library and his AOL, LinkedIn and WhatsApp accounts.
This decision is helpful to employers in confirming that they can access employees' personal accounts held on a company phone or laptop. Employers must be mindful that a fair process is followed which may include taking guidance from IT specialists and to discuss issues with employees of the suspected abuse before changing passwords.
With the onset of more home working and employees accessing documents remotely it is important to be aware of what rights each party has and if this case raises any issues for you or your organisation, please speak to our Quest HR Advisors.
The content of this article is intended for general information purposes only.
To speak to an advisor please call your advice line number. If you would like to know more about our HR services please call 01455 852028
