EN
HR Legal Technology

Danish Data Protection Agency issues guidelines on access to e-mails of former employees

logo
Legal news
calendar 31 May 2011
globus Denmark

The Danish Data Protection Agency has recently published guidelines on how long an employer may keep the e-mail account of a former employee open, on who should have access to the account and for what purposes the account may be used.

As a result of several cases brought before the Danish Data Protection Agency concerning the employer's handling of the e-mail account of a former employee, the Agency has drawn up some guidelines on the subject.

The guidelines apply where there is no specific agreement between the employer and the employee.

The guidelines provide among other things that:

The e-mail account of a former employee may only be kept open for as short a period as possible, and this period may not exceed twelve months. The twelve-month period begins to run from the time when the employee ceases to work regardless of whether the company pays salary to the employee for a period after the end of employment.

As soon as the employee has left the workplace and no longer has access to his or her e-mail account, the employer is required to set up an autoreply stating that the employee no longer works for the employer.

The e-mail account may be used only to receive e-mails. Any personal e-mails sent to the e-mail account may, however, be forwarded to the employee's personal e-mail account.

Only one or very few trusted employees should have access to the e-mail account of the former employee.

Information on the employee's e-mail address must as soon as possible be deleted from the company's website and other information sites open to the general public.

In cases where the company keeps the e-mail account of a former employee open, it must comply with the rules of the Danish Data Protection Act, including the rules governing the duty of disclosure, access, etc. As to the duty of disclosure, it may be incorporated in the company's IT policy, and the Data Protection Agency also recommends that the company draws up guidelines on the handling of the e-mail accounts of former employees.

It should be emphasised that the Danish Data Protection Agency does not provide any directions as to whether the employer may read the former employee's personal e-mails as this issue is governed by the Danish Criminal Code. However, the general rule is clearly that the employer is not allowed to do so.

[The Danish Data Protection Agency published the guidelines at its website on 24 May 2011]

As a result of several cases brought before the Danish Data Protection Agency concerning the employer's handling of the e-mail account of a former employee, the Agency has drawn up some guidelines on the subject.

The guidelines apply where there is no specific agreement between the employer and the employee.

The guidelines provide among other things that:

The e-mail account of a former employee may only be kept open for as short a period as possible, and this period may not exceed twelve months. The twelve-month period begins to run from the time when the employee ceases to work regardless of whether the company pays salary to the employee for a period after the end of employment.

As soon as the employee has left the workplace and no longer has access to his or her e-mail account, the employer is required to set up an autoreply stating that the employee no longer works for the employer.

The e-mail account may be used only to receive e-mails. Any personal e-mails sent to the e-mail account may, however, be forwarded to the employee's personal e-mail account.

Only one or very few trusted employees should have access to the e-mail account of the former employee.

Information on the employee's e-mail address must as soon as possible be deleted from the company's website and other information sites open to the general public.

In cases where the company keeps the e-mail account of a former employee open, it must comply with the rules of the Danish Data Protection Act, including the rules governing the duty of disclosure, access, etc. As to the duty of disclosure, it may be incorporated in the company's IT policy, and the Data Protection Agency also recommends that the company draws up guidelines on the handling of the e-mail accounts of former employees.

It should be emphasised that the Danish Data Protection Agency does not provide any directions as to whether the employer may read the former employee's personal e-mails as this issue is governed by the Danish Criminal Code. However, the general rule is clearly that the employer is not allowed to do so.

[The Danish Data Protection Agency published the guidelines at its website on 24 May 2011]

Receive our newsletter

Anders

Etgen Reitz

Partner

Søren

Hessellund Klausen

Partner

Similar

logo
HR Legal

27 March 2024

Rules on pay transparency on the way

logo
HR Legal

27 March 2024

Internal information was not trade secrets

logo
HR Legal

10 March 2024

Every beard you take

logo
HR Legal

25 February 2024

A salary freeze is not always a breeze in the Nordics

logo
HR Legal

25 February 2024

Next stop, neutrality town!

logo
HR Legal

25 February 2024

Money speaks louder than words

The team

Alexandra

Jensen

Legal advisor

Anaïs

Kjærgaard Crouzet

Associate

Anders

Etgen Reitz

Partner

Caroline

Thorsen

Junior legal assistant

Cecillie

Groth Henriksen

Senior associate

Johan

Gustav Dein

Associate

Julie

Meyer

Senior legal assistant

Kirsten

Astrup

Managing associate (on leave)

Maria

Kjærsgaard Juhl

Legal advisor

Sofie

Aurora Braut Bache

Managing associate

Søren

Hessellund Klausen

Partner