Employment Law Cases

Company negligent in interference with employee's personal internet account

Richmond v Selecta Systems

An employer breached its duty of care when it changed an employee’s personal password on his iCloud account.

Background

Mr Richmond was negotiating his departure from Selecta Systems. Among the property that Mr Richmond handed over were passwords to his online accounts, so that SS could check that no company information was being held by him. SS discovered that such information was held on an iCloud account in his name. SS changed the password to prevent access, but this left Mr Richmond unable to access his other accounts (WhatsApp, LinkedIn and AOL). Mr Richmond brought a High Court negligence action claiming that SS had breached its duty of care owed to him.

High Court decision

Upholding his claim, the High Court said that SS did owe Mr Richmond a duty of care. While SS had a right to protect its business interests by accessing Mr Richmond’s phone to discover whether there was any company information on it, it had no right to change the password. The employee of SS who accessed the data was not an expert in IT issues and could have sought expert help but chose not to and took the risk of causing a serious problem. By altering important security details of Mr Richmond’s internet accounts, SS had breached the duty of care it owed him. It was ordered to pay Mr Richmond £1,000 in damages.

Link to judgment: http://www.bailii.org/ew/cases/EWHC/Ch/2018/1446.html

Comment

This is a useful reminder of the care that needs to be taken with personal passwords and accounts. Whilst it might be legitimate to have a policy allowing access to personal accounts to check there is no confidential information, changing passwords to prevent access is a step too far. All SS needed to do was to copy the emails and documents as evidence of what he had taken and obtained an ex-parte ‘do not destroy’ injunction from the High Court to prevent him tampering with the information.