Go with perspective
News and Insights

Corporate E-Mail Privacy

April 1995

Consider the following situation: enthusiastic about their company’s new e-mail system, several employees begin using it for purposes not specifically anticipated by their employer. Steve believes the company is overworking its employees and uses e-mail to announce an employee meeting to discuss what steps might be taken to address this concern. John and Mary are having an affair, and they use the company’s e-mail system to exchange personal messages. Charles’ use of the e-mail system shows him to be a prime candidate for the position of “company gossip.”

The company president instructs the systems administrator to monitor e-mail traffic and bring “suspicious” communications to her attention. After viewing the e-mail generated by Steve, John, Mary and Charles, the company president decides that each of these employees has acted unprofessionally and the employees are terminated. The employees, angry that their “right of privacy” has been invaded and believing their termination to be unjust, consult a lawyer to ask whether they have a case.

Not long ago this scenario might have seemed futuristic; today, it is a possibility in thousands of companies in the U.S. The proliferation of e-mail systems and the range of purposes for which they might be used raise two basic legal questions for employers: one, may the employer view the messages that its employees send; and two, are there any limitations on what the employer can do based on the information it uncovers?

As to the first question, under the law as it has developed so far a company has broad authority to read its employees’ internal e-mail messages. There is no constitutional “right of privacy” for this form of communication, since the Constitution protects U.S. citizens only from certain intrusions by government, not by private companies. Moreover, employees have only limited rights under the only applicable federal law, the Electronic Communications Privacy Act of 1986 (the “ECPA”). This law prohibits the interception of electronic communications, and therefore provides protection for messages sent on on-line systems such as the Internet and CompuServe. However, the law contains a major exception: it permits employers providing e-mail access for employee use to inspect and disclose communications if the inspection is done in the normal course of business and is necessary for business purposes or to protect the employer’s rights or property.

Even though a company may (within the above limits) read its employees’ e-mail, it may not always use what it learns as the basis for disciplinary action. For example, even non-union employees have the right, protected by federal law, to engage in concerted activities for the purpose of mutual aid or protection. Accordingly, punishing an employee who uses the e-mail to announce a meeting to discuss how the company treats its employees may result in a claim against the company for unfair labor practices.

TLB Comment : Although the few legal decisions decided in this area of law have favored employers, employers should not assume that they have an unlimited right to monitor employee e-mail and, as suggested above, employers certainly should not assume they have unlimited authority to act on what they uncover. With hundreds of millions of e-mail messages transmitted annually and the number growing exponentially, this area of law has the potential to become a hotbed for litigation. Moreover, state laws may create duties and obligations above and beyond those of the ECPA, creating an added element of uncertainty. By using precautionary measures an employer may avoid becoming the “example” in a landmark case that defines new legal rights.

First, employers should develop a company policy that clearly defines employee e-mail privacy rights. Second, this policy should be described in employee manuals and distributed on-line. Employers should take whatever steps are necessary to avoid giving employees the incorrect impression that they have a reasonable expectation of privacy. And third, employers should pause and consider consulting counsel before acting on what they learn from monitoring their employees’ e-mail messages.