The use of private email addresses for work purposes is not an uncommon practice – a recent survey by Avatier showed that nearly 40% of respondents use personal email accounts for work-related emails.
Such trends have understandably caused much concern for employers, who fear the business and legal risks of such behaviours. For instance, it may expose the company to data security breaches, difficulties may arise if such information has to be retrieved for audits or litigation, and it may even cause companies to fall foul of personal data protection legislation.
Without an appropriately drafted employment contract or confidentiality undertaking however, the use of private email addresses for work purposes is not, in and of itself, illegal. To understand why this is so, we begin from the legal maxim that “everything which is not forbidden is allowed” – actions will only be illegal if they contravene a statutory provision, or if they breach a rule in the common law. As of the time of writing, there are no statutes prohibiting the use of private emails for work purposes. We thus turn to examine whether there are common law grounds for prohibiting such conduct.
Does the use of private emails for work purposes amount to a breach of confidence?
The use of private emails for work purposes may not amount to a breach of confidence, depending on whether the information in the email is confidential, as well as what the employee does with it.
First, only confidential information is protected by the law. In I-Admin (Singapore) Pte Ltd v Hong Ying Ting  1 SLR 1130, the Court of Appeal held at  that to establish a breach of confidence, the claimant must show that the information in question (a) possesses the quality of confidence, and (b) was imparted in circumstances importing an obligation of confidence. If the content of the email is not confidential, a case of breach of confidence cannot be made out.
For instance, information which is likely to be considered confidential includes:
- Commercially sensitive information that only authorized members of the organisation are allowed to know
- Trade secrets
- Personal data of employees or consumers
Information that is unlikely to be considered confidential includes:
- Information that is widely available in the public domain
- Trivial information that is of little value
Furthermore, even if the information is confidential, using private emails to handle such information will not necessarily result in a breach of confidence. The tort of breach of confidence is guided by the claimant’s interest to prevent wrongful gain or profit from its confidential information (wrongful gain interest), as well as to prevent dissipation of the confidential character of the information (wrongful loss interest). In the absence of the employee using the information to further an unauthorised purpose or circulating the information, such actions are not prohibited by law. Simply put, if the employee did not actually send the email to anyone else, or use the email for any purpose other than for the furtherance of their work for the employer, there is no breach of confidence.
Does the use of private emails for work purposes amount to a breach of fidelity?
Similarly, the use of private emails for work purposes may not amount to a breach of the employee’s implied duty of good faith and fidelity towards the employer.
In Smile Inc Dental Surgeons Pte Ltd v Lui Andrew Stewart  4 SLR 308, a dental clinic brought claims against its former employee, alleging that he had breached his duties as an employee by setting up a competing business nearby. The Court of Appeal, in considering the scope of employees’ duties toward their employer, held that a breach of fidelity will only occur if the conduct was dishonest and a dereliction of the duty to act in good faith towards the employer. In this case, this means that if the employee is merely using his or her personal email address for work with no dishonest intentions, the duty of fidelity will not be breached.
What can companies do to prevent their employees from utilizing their private email for work purposes?
To prevent current employees from using their private email for work purposes, companies can consider implementing a formal workplace policy to explicitly prohibit such practices. This will help to set clear standards of behaviour for employees to adhere to.
Additionally, the policy can mandate that departing employees sign a statutory declaration to confirm that they have not contravened the policy by using their private emails for work purposes. For employees who make false statutory declarations, they will be guilty of an offence and punished with imprisonment of up to 3 years and liable to a fine.
If a formal company policy is in place, employees who use their personal emails for work or refuse to sign the statutory declaration will be acting in breach of the company policy. Moreover, since most employment contracts have a clause mandating that employees comply with company policies, such employees may also be acting in breach of their employment contract. The employer can then subject them to disciplinary action, withhold performance-related or other discretionary bonuses, terminate their employment, or commence legal proceedings against them.
However, employers should note that they will only be able to deduct an employee’s salary for breaching company policy if they have obtained the employee’s written consent to do so, and such consent is capable of being withdrawn by written notice prior to the deduction. Employers should thus include a clause in the workplace policy signifying that employees consent to salary deductions for breach of the policy and get employees to sign off on it.
Even with the written consent however, employees may attempt to challenge the quantum of the deduction. The clause should thus be drafted in a manner which accords the company maximum discretion to determine the quantum of the deduction. Without such a provision, it might be challenging for the employer to demonstrate, in cash terms, the losses incurred at the point of discovery of the breach. Furthermore, the employer will have to show that the loss was caused by the employee’s breach, that the loss flowing from the breach was reasonably contemplated between the parties, and that the company had performed reasonable mitigation of its losses.
In today’s digital age, the importance of information security cannot be overstated. Companies should take proactive steps to cultivate best practices and implement appropriate policies to protect its interests in the long run.
For more information on this matter, please feel free to contact Ms Jennifer Chih and Galen Ong.