Business Law Civil Litigation Compliance/Best Practices Employment Law Legal Topics

Privacy for Employees’ Personal Emails — It’s All in the Policy

Do you or your employees check personal email from work computers? Probably so, as most of us do it at least occasionally. Are those personal emails actually private? The law in California is clear that employers can limit or even completely prohibit personal and Internet use on company computers. See TBG Ins. Servs. Corp. v Superior Court (2002) 96 CA4th 443, 452, 117 CR2d 155. But what if the employer does not prohibit employees from making personal use of its computers — does the employee have any expectation of privacy in emails sent from his or her personal email account while on the company computer?

Although no California case has addressed this issue yet, it seems that an employee may have a reasonable expectation of privacy in emails sent from his or her employer’s computer when the employer does not have a clear policy banning personal use of emails at work.  This means that a clear employer policy on the issue can go a long way toward refining employees’ expectation of privacy in their personal email messages and thus minimizing employer exposure to litigation based on accessing these messages.

As reports, several recent court decisions have highlighted the need for employers to have clear policies on employee use of work-issued electronic devices. For example, in City of Ontario v Quon, the California Supreme Court held that a police officer did not have a right to privacy in personal text messages sent to and from a city-issued pager.  Although this decision involved a public employer, notes that “the ramifications and lessons learned extend to private employers.”

When drafting an employer policy on the use of employer-issued electronic devices and computers, make sure to at least

  • Clearly define which work devices and messages are covered by the policy;
  • Address whether and the extent to which employees may use work devices for personal use;
  • List any absolutely prohibited uses of work devices;
  • Inform employees that the employer may monitor and log all work devices and accounts, as well as access and search work devices and accounts;
  • State that employees have no expectation of confidentiality or privacy in messages sent over those devices;
  • Provide for disciplinary action if the policy is violated; and
  • Require employee signature acknowledging receipt of the policy.

On privacy issues relating to employee emails, as well as other workplace privacy issues, check out Privacy Compliance and Litigation in California, chap 8 (Cal CEB 2008). There is a sample Electronic Information Systems Policy in §8.73 of that book.

© The Regents of the University of California, 2010. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.

8 replies on “Privacy for Employees’ Personal Emails — It’s All in the Policy”

The discussion is clear and accurate. Unfortunately you forgot to mention that 75% of employers either have software that scan for key words or have people read ALL email.

Secondly, your personal web based email is stored on the company’s mail server and backed up on off site storage facilities.

Any time some one wants to investigate your personal use of your or the company’s email it is a trivial process to access all of it.

While at IBM a EVP friend of mine from a well known company sent me pornographic pictures. There is know way to know that until you open the email sent directly to me at my IBM email address.

I told the friend to never send me anything to that address and I never checked my personal email at work. Secondly, I found out from IT who was in charge of security and told that person what happened. He actually took the offending email off of the servers.

The law may say one thing but email and PHONE CONVERSATIONS using the company’s resources are not private.

One employer I worked for had a strict “no outside emails” policy. I reminded our new secretary about this when I saw her checking a Yahoo! account from her company desktop, and I know she had been to the employee orientation where she’d be told by the IT people. She should have listened to me, because she was fired after only a couple of weeks because the company discovered that, not only was she continuing to use her personal email on company time on the company machine, she was using to set up drug deals!

Add your comment to the blog post

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s