Electronic payslips - emailed to work addresses?

Moving to electronic payslips for all, but rumours that they cannot be sent to work email addresses.

Didn't find your answer?

We are looking to move all our employees to electronic payslips - currently around 1/3 receive paper payslips, which need to be folded, enveloped and posted, which obviously adds costs and time to the payroll function. We want to move to electronic payslips for all, but when we introduced them (some years ago - before I was with the company), advice was provided that electronic payslips could not legally be emailed to work email addresses, and therefore if employees did not have, or refused to share, a personal email address, the company had to provide them with a paper payslip.

I cannot find anything online that supports this, and I think previous employers of mine have sent payslips to my work address, but my memory could be playing tricks on me.

Does anyone know what restrictions there are on email addresses for payslips?

Replies (15)

Please login or register to join the discussion.

avatar
By pedre
20th Jun 2017 13:58

I don't think there would be a problem provided the following:

1) The employee has given you consent to send it to their work address
2) The payslips themselves are password protected

Bear in mind that some people do not fathom that if they leave the organisation, they no longer get access to the payslips unless they've been saved.

Thanks (0)
avatar
By Alex_T
20th Jun 2017 14:48

This is a very interesting post. I'm not aware of any restrictions but I could stand corrected. I'll follow this thread with interest. We email password protected payslips to our employee's personal email address and all were very willing to give us this information.
Best of luck!

Thanks (0)
avatar
By Livepay
20th Jun 2017 16:10

Interesting article here http://netsend.com/blog/paperless-office/are-electronic-payslips-legal/ however as a payroll burea we NEVER email payslips as email is not secure even if password protected. We provide our clients employees with access to our employee portal which is totally secure. All their payslips and P60s are archived for them to print at will.

Thanks (0)
Replying to Livepay:
avatar
By ShayaG
22nd Jun 2017 12:35

Unencrypted email is not secure; but neither is paper. Even if you glue it closed, you could still steam it. It think encrypted email is the best solution.

Thanks (0)
Replying to ShayaG:
avatar
By Livepay
22nd Jun 2017 15:39

A portal will always be more secure since
1. All access is encrypted, emails may not be
2. Payslips are not "accidently" available, emails may be forwarded, opened by others etc.
3. Good portals will only allow a limited number of password attempts (LivePay = 3), password protected documents are open to brute force attack.
4. Good portals are monitored and automatically detect hack attempts, emails cannot be monitored.
5. Portal passwords can be regularly changed and controlled by the user, email passwords are more difficult to change so often are not.
6. With a portal the data never leaves the host and all traffic is encrypted, emailed data is released and relies only on the password.

Thanks (0)
Replying to Livepay:
avatar
By ShayaG
22nd Jun 2017 18:16

Fair enough - but portals require employees to 'pull' information whereas email 'push' is less effort (remembering password for the one time a year I log on to download my P60 adds to the pain).

Thanks (0)
avatar
By Livepay
20th Jun 2017 16:17

Also, this is an interesting article "borrowed" from the IRIS website reproduced in full: -

Following a recent court case involving Google inc. v Vidal-Hall, the Court of Appeal have clarified the rules under the Data Protection Act 1988 (DPA).

Previously, a compensation claim could only be made if a breach of the DPA resulted in financial loss. This meant that claims could not be made against any stressful or embarrassing consequences of a data breach.

The Court of Appeal ruled that this was unfair and clause 13 of the DPA now states that financial loss no longer needs to be shown for compensation claims for any impact upon the individual that could be seen as emotional.

The impact that this now has on businesses is the effect upon the emailing of payslips and P60s. While this practice is generally frowned upon anyway, there are still businesses that adopt this practice and now there businesses could be breaking though if there is a data breach.

Having someone intercept a payslip or P60 that has been emailed to someone counts as a breach of DPA and an invasion of privacy meaning that, that person will have a cause for claim against their employer.

John Warchus, partner at commercial and technology law firm Moore Blatch said that "accountants should urgently review their data protection procedures and strengthen where necessary as more compensation claims are likely and the amount of damages awarded is also likely to increase".

It is worth noting that the regulations are going to get even tighter with the introduction of GDPR!!

Thanks (0)
avatar
By pauljohnston
22nd Jun 2017 10:33

Emailing to a private address and password protected makes sense. A portal makes even better sense and thats what we use.

But as mentioned earlier there is a problem when an employee leaves and he is then prevented from access his payslips etc.

Based on our experience a fair number of employers (big and small) email to work email addresses.

Thanks (0)
avatar
By ohwhatnow
22nd Jun 2017 11:17

an interesting thread. we email our employees payslip to their work email if they haven't provided their own personal one. the only other option is to hand out paper slips which would require some to be handed out by team menbers - surely that it itself could be considered "risky" and indeed was how it was done before technology came in?
or do we post to home addresses - not always convenient and certainly more costly, but again not 100% safe as staff do not always keep us up to date with their current address......

Thanks (0)
avatar
By keithsharvey
22nd Jun 2017 14:06

Is logging on to a portal to access payslips really any more secure than logging on to gmail (for example)? Unless you have some sort of 2 factor authentication in place then it is potentially just as open to be hacked.

Thanks (0)
avatar
By martinengland
22nd Jun 2017 19:07

The best method is to publish the payslips and forms P60 on a secure portal. Then email the employee a notification that their payslip is available, and email this to their *work* email address.

I would strongly recommend against emailing payslips at all, let alone to personal email addresses (i.e. servers you as employer cannot control). Even if the connection to an employee's email server is encrypted by TLS, an email is still a open broadcast of data over the internet, on which you rely on all email bots being honest, nice and good little bots. Of course, not all of them will be as such... And that's where your employer's duty-of-care kicks in... and GDPR... And not all employees will have signed up to email servers with TLS, especially the smart-posteriors who have built their own email servers and cut corners in the build of their network security... As employer, good luck proving your innocence from amongst this!

I acknowledge another comment about the "push" v "pull" debate. I hear it too often. My response would be "tough: deal with it."

Thanks (0)
Replying to martinengland:
avatar
By skaickin
25th Jun 2017 14:20

I agree with the "tough, deal with it" comment. Too many people expect to be spoon fed everything, taking minimal responsibility for their own affairs. If someone has access to the Internet to receive email they can use the same access to retrieve their payslip from a portal. I received my payslips from my previous employer through a portal. After I left, I was informed by email I would have access to the portal for some time, maybe a month, after I left. I'm pretty sure I received a reminder shortly before the period expired.

Thanks (0)
RLI
By lionofludesch
22nd Jun 2017 22:48

It depends to some exgtent on the work email system but I would always recommend that payslips are sent to a personal email.

This saves getting requests for copy payslips/P60s/P11ds etc when the employee leaves and has no access to his work email address.

Thanks (0)
Portia profile image
By Portia Nina Levin
25th Jun 2017 14:32

I think most solutions are web based, and it's up to the employees where they download them from.

Thanks (0)
avatar
By MartinDW
05th Sep 2017 15:22

Some very interesting comments and observations here regarding epayslips over encrypted email and portals.

Epayslipsecure is a secure online portal which has been recognised by payroll professionals in UK and global payroll industry awards for the last three years and to date has never had a security breach.

Payroll administrators, IT, HR and finance love it and employees receive push notification by email, text or sms, with access to payslips using secure individual logins/passwords or via company Intranet/HR portals via Single Sign On.

Employees can also access their epayslips via the Epayslipsecure app on iOS, Android and Windows mobile devices.

As for leavers, we can even provide ongoing access post termination!

We work with SME's, bureaux, accountancy firms and large multinationals, providing epayslips, eP60's, eP11D's and employee communications via our secure portal.

For an Epayslipsecure demo and to find out what we're doing for GDPR, visit: www.epayslipsecure.co.uk/contact/

Thanks (0)