With us in your corner, the commercial side of your business is in safe hands.

Practical, focused and fast when you need us to be, we pay attention to the detail while keeping things moving – leaving you to stay focused on your next move.

Whether you’re buying, selling, structuring or investing in your business, let us do the heavy lifting so you don’t have to.

Legal expertise that supports your employees and your business. We’re always available and always ready to step in when you need us. 

Our breadth of expertise means you’ll be prepped and ready to handle the unique challenges of this fast-paced and ever-changing sector. 

Your business is unique. We’ll help you keep it that way. 

Our deep level of sector expertise means we’re the go-to law firm for clients leading the way in the low-carbon industry. 

Employer Data Q&A: How private are your management emails? 

Before you press send on a management email about an employee, stop and think to yourself, would I be happy for the employee to read this? 

Data subject access requests (known as DSARs or SARs) are frequently the first course of action for disgruntled employees contemplating grievances or employment tribunal proceedings.   

As an employer, it is important to understand which documents it is necessary to disclose to the employee in response: Is that HR advice you received as confidential as you would like?  And what about the comment that you added when you forwarded it to your FD? 

What is a DSAR/SAR? 

The right to make a SAR is a key element of data protection law1.  

Any data subject (employee) has the right to make a request to a data controller (employer) for the delivery up of copies of all personal information held on them together with other certain specified information.  The information must be provided free of charge (unless the request is manifestly unfounded or excessive) and within one month of the request (unless there are reasons for the time limit to be paused or extended).  

The ICO has recently produced some new SAR Q&A information for employers, which can be read here. 

What information can be requested? 

Any information relating to the employee or from which the employee can be identified can be requested and should be disclosed (unless subject to an exemption – see below).  This could include the following: 

  • Personnel files 
  • Computer log files 
  • The employee’s own email and computer files 
  • Any emails sent in the course of business or from a business email account that relate to the employee. 

An employer must make “reasonable efforts” to disclose any such documents.  

Do I have to disclose everything? 

Maybe not.  Consider the following: 

Excessive requests – If the request is not limited to specific dates, times, subjects, etc potentially thousands of pieces of data could be included.  You may argue that it is “manifestly unfounded or excessive” and seek to charge a fee or refuse to act on the request.  The more focused and reasonable an employee is, the harder that argument will be. 

Data relates to another employee – If the personal data is also information relating to another individual, unless that individual has consented, you must consider whether it is reasonable to disclose the information without consent or if it can be disclosed with appropriate redactions.  

Data held on other systems – Unless you are a data controller in relation to data held on other systems, it falls outside the scope of a subject access request. 

Deleted data – You are not expected to recreate this data.  However, back-up data should be included in a search.  

Exemptions – There is a specified list of exemptions.  Those most likely to be applicable in the employment context are: 

  • Confidential references where it is made clear on the reference that it should be treated as confidential. 
  • Management information i.e. personal data processed for management forecasting or planning about a business or other activity.  This could include potential business restructuring and redundancy information. 
  • Negotiations with the requester to the extent that disclosure would prejudice those negotiations. 
  • Legal professional privilege generally confidential communications between clients and lawyers. 

Do employers have to disclose confidential HR advice?  


If the advice is provided by a law firm – Only the advice provided by lawyers (including supervised non-lawyers within a law firm such as paralegals and trainee solicitors) benefits from privilege.  This means that if you instruct a law firm, you can rely on legal privilege as a reason not to disclose that advice and it can remain confidential.  

What about advice given by non-lawyers (i.e. HR consultants)? – The current position is that information provided by non-lawyers is not subject to legal privilege and therefore should be disclosed, unless another exemption can be applied.  

What does this mean for HR advice provided in the context of disciplinary and grievance procedures?  – Advice provided by a lawyer will benefit from legal advice privilege and you can be confident that any documents do not need to be disclosed. 

Advice provided by external HR advisors and consultants may be up for grabs2 unless that advice was provided with the dominant purpose of dealing with a litigious dispute (court or tribunal proceedings).   Often, at the time advice is produced in relation to grievance and disciplinary proceedings, it is not known whether legal proceedings will result and therefore privilege does not apply. 

Can advice from an HR consultant ever be privileged? Possibly.  Where the dominant purpose is to deal with court or tribunal proceedings, privilege may apply.  However, the advice provided at any stage prior to the filing the claim (or perhaps the Acas Early Conciliation Notification Form) is vulnerable.  Employers should be aware of this when considering an appropriate advisor.  If confidential advice is something that you value, it is important that you chose your advisor carefully.     

What about that email to the FD? 

Before sending stop and apply the “would I be happy for the employee to read this one day?” test and perhaps pick up the phone instead.  

If you would like to discuss any aspect of employment law, please contact Melanie Rowe or Luke Smith on 01872 226990 or email  melanie.rowe@murrellassociates.co.uk.

Key contacts

Luke Smith


Luke Smith


Luke is an associate in our corporate team and a specialist in employment law too.

More About Luke

Melanie Rowe

Legal Director

Melanie Rowe

Legal Director

Employment issues can be tricky, but employment law expert Melanie is regularly praised for making painful processes easier.

More About Melanie