Are Personal Emails Private in the Workplace?
Can companies monitor and read personal emails? While this is no longer a novel question, companies continue to struggle with finding ways to protect their ability to access and monitor employees’ email activity. A review of recent cases reminds us that while the answer is usually situational, the result almost always hinges on the strength and specificity ofthe company’s computer and email use policy.
In Stengart v. Loving Care Agency Inc LCA (NJ: Appellate Div. 2010) an employee sued the company for discrimination. After Stengart filed suit, the company retrieved emails sent from her personal, password-protected account. The messages had been automatically saved to Stengart’s browser’s cache, and were accessed when the company looked through her work laptop to review all of her saved files. The company introduced the emails at trial despite the fact that they contained conversations between Stengart and her attorney.
Stengart objected to the introduction of the emails, claiming a right to privacy and violation of the attorney-client privilege. The company argued that Stengart had no right to privacy because their computer use policy clearly stated that any and all employee activity on workplace computers could be monitored. The court disagreed with the company, however, and ruled in favor of the plaintiff on the basis that the policy did not expressly notify employees that the policy encompassed emails sent from personal accounts or that emails from personal accounts would be saved to the computer hard drive. The Court found, therefore, that Stengart had a “reasonable expectation of privacy” in the subject emails.
In contrast to the ruling in Stengart, Holmes v. Petrovich Development Co. (191 Cal.App.4th 1047 2011), offers an example of how a clear, well-written policy can protect a company’s interests. Here, the employee sued for discrimination regarding her pregnancy leave. In the process of gathering evidence for its defense, the company accessed emails between the plaintiff and her attorney that she sent from her work email. Holmes claimed violation of her attorney-client privilege, arguing that the messages were private and should therefore be protected. The company argued that because Holmes sent the emails from work, on a company computer and used a corporate email account, there was no legitimate expectation of privacy. Holmes had been advised that employees using company computers to create or maintain personal information or messages had no expectation of privacy with respect to the message or the information. The court agreed and ruled in favor of the company.
The distinguishing factors in these cases were clearly (i) the use of a company email account versus a personal email account and (ii) the presence of a clearly articulated policy notifying employees that they should have no expectation of privacy when sending or reading emails at work, using company equipment, or when accessing personal accounts at work or on work equipment.
The increasing ease of access to e-mail makes it ever more tempting for employees to log-on and check their personal accounts while at work or to misuse corporate accounts by sending personal emails during work hours. As technology develops and as employees find it easier to send personal emails, companies must continue to specifically evaluate and address computer use, including emails, as part of their policies. Doing so is vital to defining appropriate usage in order to assure protection for the company.
Similar concerns and cases arise in the context of employee texting.