Hillary Clinton knows all too well the perils of using a personal email for work matters
As Hillary Clinton has found, using a personal server/email account for a work related matter can have serious consequences. In her case, her opponents in the presidential campaign have used the controversy to question her judgement and fitness to hold office.
So should you tell someone if you have used your personal email for a work related matter and the account has been hacked?
Put simply, yes.
Most employers will have rules on how work related and/or confidential information can be used and would almost certainly prohibit sending any such information to a personal email account. Even if forwarding information is not specifically forbidden, it is likely to be a breach of the implied duty of fidelity. As such, the best course of action will be to put your hands up and admit your error to your boss, rather than have him/her find out from another source, which undoubtedly will make things look much worse.
Let’s assume the worst case scenario, the information contained in the email was highly confidential and contained details of a possible high profile acquisition, and it is now reported in the press. If this were the case, then it is likely that your employer would have grounds to fairly dismiss you as the decision to dismiss will be reasonable in the circumstances given the potential damage the leak will have caused.
The best case scenario is that the hackers were not interested in the content of the email and had no intention to use or disclose the information. In any event it would be wise to tell your boss who can then put in place a plan to deal with the issue, including notifying any affected clients or regulatory body as necessary. It is possible that disciplinary proceedings will still be taken against you but if you have an exemplary record and have disclosed your error, apologised and co-operated throughout, you may well only be subject to a warning.
With the development of technology enabling more agile working, the pressure to be responsive, including when out of the office, has increased. This, coupled with the ability to go between personal and business accounts on mobile phones and tablets, heightens the risk of information inadvertently being sent to a personal account or indeed the wrong person altogether. It also increases the possibility that personal accounts will be used on the go, increasing the likelihood of sensitive or confidential information ending up in the wrong place. This and the advent of cybercrime has meant that it has never been more important to proceed with caution when emailing sensitive information.
Businesses spend a lot of time, effort and money to ensure that their IT systems are secure and resilient to hackers. In contrast, personal email accounts are far less robust and are less likely to withstand a cyberattack. Rules against using personal emails for work or sending data to personal accounts are put in place to protect confidential information, the employees themselves and clients so need to be followed. Be careful, once you press send, there is no going back and no one wants to have a “Hillary” moment.
• Alexandra Bonner is a partner at Goodman Derrick LLP