No Expectation of Privacy in Emails Sent Over Employer's Email Account, Massachusetts Court Decides

Does an employer invade an employee’s privacy by accessing and reviewing the employee’s email? A recent Massachusetts Superior Court decision, Falmouth Firefighters Union v. Town of Falmouth, answers “no.”

For a two year period, the town of Falmouth, Massachusetts, used Google Gmail for its email.  Falmouth entered into a contract with Google for use of Gmail, and the town purchased the domain names used for the email accounts.  Each town employee was given a Gmail address and was responsible for managing the email sent to his or her address.  Although Falmouth’s system did not save any emails on any computer, server, or disc, it was the administrator of the email accounts.  The Gmail accounts were widely used by Falmouth employees for personal communications.

Falmouth published an email policy stating that the town maintained the ability to access any messages on or transmitted over the email system.  “Because of this fact,” the policy stated, “employees should not assume that such messages are confidential or that access by the employer or its designated representatives will not occur.”  Although there was a dispute over whether this policy was subject to collective bargaining between the town and the union representing Falmouth employees, it was clear that employees were never told that their emails were confidential. 

The emails to and from the account of a Falmouth firefighter were reviewed and copied during the course of investigating a charge of sexual harassment brought against the town by a former employee.  Some of these emails contained highly personal, intimate, and embarrassing emails.  The firefighter sued, claiming that Falmouth had invaded his privacy in violation of the Massachusetts Privacy Act, which provides that “[a] person shall have a right against unreasonable, substantial or serious interference with his privacy.”  To prevail, a plaintiff must show an expectation of privacy and an unreasonable and either serious or substantial interference with that privacy. 

In a case of first impression, the Court found that the firefighter had no legitimate expectation of privacy in the emails and, therefore, no invasion of privacy.  In a very interesting analysis, the Court did not reach the issue of whether the town’s email policy was properly implemented or even relevant.  Rather, and importantly, the Court found that the firefighter “did not have a reasonable expectation of privacy in the emails he voluntarily sent over the Town’s email system absent any assurances that such communications were private or confidential.”  

What does this mean for Massachusetts employers?   We continue to recommend that employers implement electronic communications policies that clearly and unequivocally state that the employer has the right to access and review any and all information sent, received, or maintained on any employer-owned or maintained electronic devices or systems.  However, at least in Massachusetts, the absence of such policies will not restrict the rights of employers to access employee emails.