EN
HR Legal Technology

Danish Data Protection Agency issues guidelines on access to e-mails of former employees

logo
Legal news
calendar 31 May 2011
globus Denmark

The Danish Data Protection Agency has recently published guidelines on how long an employer may keep the e-mail account of a former employee open, on who should have access to the account and for what purposes the account may be used.

As a result of several cases brought before the Danish Data Protection Agency concerning the employer's handling of the e-mail account of a former employee, the Agency has drawn up some guidelines on the subject.

The guidelines apply where there is no specific agreement between the employer and the employee.

The guidelines provide among other things that:

The e-mail account of a former employee may only be kept open for as short a period as possible, and this period may not exceed twelve months. The twelve-month period begins to run from the time when the employee ceases to work regardless of whether the company pays salary to the employee for a period after the end of employment.

As soon as the employee has left the workplace and no longer has access to his or her e-mail account, the employer is required to set up an autoreply stating that the employee no longer works for the employer.

The e-mail account may be used only to receive e-mails. Any personal e-mails sent to the e-mail account may, however, be forwarded to the employee's personal e-mail account.

Only one or very few trusted employees should have access to the e-mail account of the former employee.

Information on the employee's e-mail address must as soon as possible be deleted from the company's website and other information sites open to the general public.

In cases where the company keeps the e-mail account of a former employee open, it must comply with the rules of the Danish Data Protection Act, including the rules governing the duty of disclosure, access, etc. As to the duty of disclosure, it may be incorporated in the company's IT policy, and the Data Protection Agency also recommends that the company draws up guidelines on the handling of the e-mail accounts of former employees.

It should be emphasised that the Danish Data Protection Agency does not provide any directions as to whether the employer may read the former employee's personal e-mails as this issue is governed by the Danish Criminal Code. However, the general rule is clearly that the employer is not allowed to do so.

[The Danish Data Protection Agency published the guidelines at its website on 24 May 2011]

As a result of several cases brought before the Danish Data Protection Agency concerning the employer's handling of the e-mail account of a former employee, the Agency has drawn up some guidelines on the subject.

The guidelines apply where there is no specific agreement between the employer and the employee.

The guidelines provide among other things that:

The e-mail account of a former employee may only be kept open for as short a period as possible, and this period may not exceed twelve months. The twelve-month period begins to run from the time when the employee ceases to work regardless of whether the company pays salary to the employee for a period after the end of employment.

As soon as the employee has left the workplace and no longer has access to his or her e-mail account, the employer is required to set up an autoreply stating that the employee no longer works for the employer.

The e-mail account may be used only to receive e-mails. Any personal e-mails sent to the e-mail account may, however, be forwarded to the employee's personal e-mail account.

Only one or very few trusted employees should have access to the e-mail account of the former employee.

Information on the employee's e-mail address must as soon as possible be deleted from the company's website and other information sites open to the general public.

In cases where the company keeps the e-mail account of a former employee open, it must comply with the rules of the Danish Data Protection Act, including the rules governing the duty of disclosure, access, etc. As to the duty of disclosure, it may be incorporated in the company's IT policy, and the Data Protection Agency also recommends that the company draws up guidelines on the handling of the e-mail accounts of former employees.

It should be emphasised that the Danish Data Protection Agency does not provide any directions as to whether the employer may read the former employee's personal e-mails as this issue is governed by the Danish Criminal Code. However, the general rule is clearly that the employer is not allowed to do so.

[The Danish Data Protection Agency published the guidelines at its website on 24 May 2011]

Receive our newsletter

Anders

Etgen Reitz

Partner

Søren

Hessellund Klausen

Partner

Similar

logo
HR Legal

20 November 2024

Fast track work permits for high skilled workers

logo
HR Legal

25 October 2024

The (un)free movement of third-country nationals

logo
HR Legal

25 October 2024

Two cases for the history books

logo
HR Legal

27 September 2024

Double discrimination against part-time carers

logo
HR Legal

26 September 2024

Diagnosis: no discrimination

logo
HR Legal

26 September 2024

Work permits were required for offshore work on the Danish continental shelf

The team

Alexandra

Jensen

Legal advisor

Alma

Winsløw-Lydeking

Junior legal assistant

Anders

Etgen Reitz

Partner

Cecillie

Groth Henriksen

Senior associate

Johan

Gustav Dein

Associate

Julie

Meyer

Senior legal assistant

Kirsten

Astrup

Managing associate (on leave)

Maria

Kjærsgaard Juhl

Legal advisor

Søren

Hessellund Klausen

Partner