A former employee of a biotech company lost a test case at the beginning of February in the Danish Supreme Court. The case was about whether the employer had the right to read private emails which the employee had sent from her employee mailbox. 

The employer read the private emails because of a suspicion that the former employee had leaked confidential information, though she was acquitted of this in the Supreme Court.

On the other hand, the employer was told by the judge that it was all right to open and read the private emails. Following the judgement, several trade unions - among them HK (the Danish National Union of Commercial and Clerical Employees) and PROSA (the Danish Association of IT Professionals) - have advised employees not to send private emails from their employee mailbox.

Private emails may not be opened or read

On the basis of the judgement, Omnibus has asked Head of Information Security Ole Boulund Knudsen from IT and Digital Media to explain the policy at AU; who has the right to look over the shoulders of staff and students at AU and read their emails?

"We have an email policy which states that the private emails of employees ,may not be opened or read," says Ole Boulund Knudsen.

He believes that this approach to email policy reflects the fact that many university employees do not have a clear distinction between their work and private life.

With regard to students, no one has the right to open or read their emails, as students' mailboxes are considered private.

Work emails may be opened and read

However, it is possible with permission from a department head or a deputy director to gain access to work-related emails in an employee's mailbox if the employee cannot be contacted in connection with e.g. a leave of absence, long-term sickness, or if the person in question is no longer employed at AU.

Ole Boulund Knudsen explains that the IT department typically receives this type of case about once a month, though the number was slightly higher last year.

"We have seen that there can be a difference of opinion about access to a mailbox – for example in connection with a dismissal. In this type of case our advice is always to the call in the union representative, as well as a representative from HR," says Ole Boulund Knudsen.

In his six years as head of information security at AU he has not experienced any examples where he has been asked to gain access to a staff member’s mailbox on the basis of a suspicion of criminal activities.

"And if that should happen, it would also become a matter for the police." 

“The use of email is primarily intended for activities which are directly related to work/studies, but email may be used for private purposes.”

"... the content of an employee's mailbox is regarded as AU's property. However, this does not apply to private correspondence which should therefore be sorted/marked.”

IT and Digital Media can gain access to all employee and student work mailboxes, which is also stated in the information security policy:

“AU IT can gain access to all mailboxes in AU's email system. This can be necessary in case of technical breakdowns (e.g. mail loops which are filling an absent employee/student's mailbox) or an urgent need to gain access to a message which is known to have been sent to an absent employee.”

“If AU IT has to gain such access, it must always take place by agreement with the relevant employee/student or, where this is not possible, with the employee's immediate superior/deputy director of the study area.”

“When accessing an employee's mailbox, the relevant union representative should be involved. The employee/student must be informed as quickly as possible about the episode.”

“Emails are covered by secrecy of correspondence, cf. Section 263(1)-(3) of the Danish Criminal Code (Straffeloven).”

Excerpts of the information security policy at Aarhus University

You can safeguard yourself by separating private emails

• Keep your private emails in a separate folder labelled “Private".
• Mark private emails with "Private" before you send them from your employee mailbox.