Consumer law firm Slater + Gordon found itself the subject of global headlines last month after a damning email was sent to hundreds of its Australian employees. The poison pen email, which purportedly shared details on pay, performance and some very personal gripes, was blind copied to nearly 300 staff before being shared with media.
It had been speculated that the email, which branded key figures at the firm as "disloyal", "useless" and "lazy", had come from the firm’s outgoing chief people officer. But that’s been vehemently denied by the firm, which also insists any information related to remuneration is fake. It’s been reported that the matter has now been referred to police.
Whatever the source or accuracy of the email, the incident is at best embarrassing and at worst downright damaging for the law firm, which has offices around the world, including in the UK. The biggest fallout from a scandal like this one isn’t legal, points out Beth Hope, an executive coach who has worked with brands like Waitrose, Xero and Depop on leadership and people management. The biggest blow is to reputation and relationships.
“It’s about trust, culture and leadership credibility,” she says. “These take time, effort, and consistency to rebuild, but they are the most worthwhile work a company can do to increase its competitive edge, employee engagement and the bottom line. Internally, leaks like this erode confidence in leadership, making employees feel disempowered, disengaged and unheard. Externally, they can damage employer brand, investor trust and client relationships.”
Read more: Reputations at risk due to lack of HR board representation
So, what might other HR leaders learn from the debacle to avoid finding themselves similarly red-faced?
“Notwithstanding the various denials and pending legal action, there’s a lot that HR can learn from the fallout from the recent Slater + Gordon incident,” believes Chris Garner, managing director of consultancy Avensure. “In a world that is becoming increasingly reliant on online technologies and remote working, businesses are more vulnerable than ever to the actions of bad actors with an axe to grind, or hackers taking advantage of weaknesses in cyber security.”
Although Slater + Gordon representatives have said that any private details on pay and performance shared in the email are fake, the purported breach still flags how perilous it can be for HR teams operating in an increasingly digital landscape and with significant volumes of sensitive information to hand, agrees Hope. “The more digital and data-driven organisations become, the higher the risk – not just from cyber threats but from internal breaches rooted in dissatisfaction.”
Tackling this starts with having a robust set of guardrails in place to protect private data. “Effective offboarding for leavers, effective dispute resolution procedures, together with clear rules on confidentiality and robust cyber security, are just some of the steps that businesses must take to keep their organisation safe and compliant,” says Garner.
This process needs to start the minute someone is hired, recommends Lillian Tsang, senior data protection and privacy solicitor at Harper James. “To prevent former employees from sharing sensitive company data, businesses should have clear confidentiality agreements in place, outlining the legal consequences of doing so after they leave,” she says. “These agreements should be introduced during onboarding and reviewed regularly.
“Regular training on data privacy laws is crucial, and reinforcing confidentiality through internal communication channels and company policies also helps employees understand their responsibilities when handling personal information,” she adds.
HR also needs to ensure there’s a structured offboarding process in place. Exit interviews, for example, create an opportunity to remind outgoing staff members of their confidentiality obligations and reiterate company and legal expectations on data privacy, explains Tsang.
“When an employee leaves, it’s vital that businesses collect company equipment in a timely manner,” points out Garner. “Access to systems, client lists and so on must be revoked immediately upon the termination of employment, along with the deactivation of their email account. Consider the use of payment in lieu of notice clauses to minimise the risk of an employee working during their notice period from getting up to any costly mischief like stealing client lists.”
Once HR teams are satisfied that they’ve ringfenced sensitive and confidential data, they need to address the second, more complex part of the challenge: creating a culture that doesn’t breed the type of simmering resentment in the email sent out to Slater + Gordon staff. After all, as Hope explains, “data security and privacy policies need to be watertight, but security alone won’t prevent these incidents. When an employee feels unheard, frustration builds. When frustration reaches a boiling point, leaks like this happen.”
The primary focus for HR teams here is to ensure that grievances are shared and addressed behind closed doors, rather than becoming the subject of a company-wide email. “All workplaces will encounter unhappy staff at some stage, but when an employee feels their voice has not been heard, or concerns haven’t been taken seriously, this is when they’re most likely to slate their employer publicly,” says Garner.
“Dispute resolution procedures are something all businesses must have in place; they promote good employee relations and can stop minor concerns escalating into major disputes. The aim is to ensure that employees know how, when and where to raise concerns and how they will be dealt with.”
For David Liddle, president of the people and culture association and CEO of the TCM Group, current grievance procedures are often far too transactional and reactive. “This means opportunities to spot issues early are missed because HR are seen as the custodians of these grievance procedures,” he says. “Though the spirit of them is an attempt to resolve issues, these policies often feel very adversarial, even destructive, and as a direct result people don’t trust the process. As much as it pains me to say it, they don’t trust HR. That opportunity to act as peacemaker is missed.”
Liddle advocates for a more progressive approach to conflict resolution where, rather than rely on policies and procedures to dictate how grievances are handled, organisations adopt a resolution framework. “This focuses not on the aggrieved parties but on creating a culture of constructive resolution,” he says.
“It helps HR to shift focus from a reactive transactional process-driven approach to conflict resolution to a proactive transformational people-centred approach with some fantastic benefits.” Central to this approach is a central resolution unit within a company that includes HR, but also other managers, employees or employee representatives.
This approach means finding a resolution to conflict “becomes everybody’s business”. Plus, when there’s an issue, it’s assessed using an objective scoring system rather than the subjective views of HR.
“It’s not just an HR initiative, it’s cross-functional, so people come to it much earlier. And it’s objective so they trust the process and they trust the outcomes.” It’s an approach that would hopefully make staff far less likely to put (poison) pen to paper.
What exactly happened at Slater + Gordon?
In February, a “malicious email” was reportedly sent to hundreds of the firm’s Australian employees. The email, titled ‘CPO Handover,’ was purportedly sent by Slater + Gordon’s outgoing chief people officer, Mari Ruiz-Matthyssen, and was reportedly addressed to the human resources lead at a university law school – someone who was believed to have been taking over Ruiz-Matthyssen’s role.
The email, reportedly blind-copied to nearly 300 staff, threw out some brutal critiques of the company’s senior leadership, alleging some were ‘disloyal,’ ‘useless,’ ‘a gossip’ and ‘lazy.’ It also claimed to include an attachment that detailed the salaries and bonus packages of many of those C-suite staffers.
The law firm has vehemently denied that the email came from Ruiz-Matthyssen. It has also insisted any salary information is fake.
Within days, chief executive Dina Tutungi announced that the company would conduct an internal ‘forensic investigation’ to find out the origins of the email. Formal complaints have also been made to the police.
The CEO’s response
Dina Tutungi, Slater + Gordon’s CEO described the incident as a malicious hoax and a deliberate invasion of privacy. She also apologised and said that she understood the upset and distress caused by the leaked email.
“It contains many disparaging, false, and deliberately misleading claims,” Tutungi told the Australian Financial Review. “The information attached to the email, while unreliable, should never have been shared.”
This article was published in the March/April 2025 edition of HR magazine.
Subscribe today to have our latest articles delivered to your desk.