Sat, June 01, 2002 — CIO — Readers submitted questions, which our expert answered.

Q: What rights, if any, does an employee have in protecting his privacy in the workplace?
A: When it comes to workplace e-mail, courts have tended to reject privacy claims based on employer monitoring. A handful of courts have held that an employee does not have a reasonable expectation of privacy in e-mail communication made over a company e-mail system—leaving employees with little recourse against employers that snoop through their e-mail. One federal court went so far as to say that an employee has no reasonable expectation of privacy in his workplace e-mail even when a company assures him that such communications will not be intercepted.

One thing is clear, however: A court is highly unlikely to conclude that an employee has a reasonable expectation of privacy in his e-mail communications when the employer has a policy clearly stating that such communications are subject to monitoring. As such, employers are free to monitor their employees’ use of their networks so long as the company does not violate labor and antidiscrimination laws—for example, by targeting union organizers or minorities.


Q: My company has a policy that restricts the use of company e-mail accounts for personal use. Can the company access my personal AOL account if I use its computer and Internet connection to check e-mail?
A: Court decisions that have upheld an employer’s right to monitor employee e-mail seem to center on the fact that the messages are accessed through and stored on company-owned computer resources. The fact that the messages may come from a "personal" account, such as Hotmail or AOL, would not likely alter the rationale of these decisions, unless, of course, a company policy expressly states otherwise.

For instance, in a recent Texas appellate court decision, the court held that an employee did not suffer an invasion of privacy when his employer reviewed and disseminated e-mail messages that were stored in a "personal folders" application on his office computer. Notably, the court’s analysis honed in on the misconception that an employee’s personal workstation is the equivalent to his personal property.

Following the rationale of that Texas court, it appears to make no difference whether the employer was monitoring messages stored on the computer from a work e-mail account or a personal e-mail account. An employee would not have a reasonable expectation of privacy in the contents of any application or file stored on a company-owned computer. Because your company has expressed prohibition against personal use of e-mail, you would be well-advised to refrain from using the company’s computer and Internet connection to access your personal messaging account.


Q: It seems as though companies will get sued for a hostile workplace if they don’t monitor employees’ e-mail and will get sued for privacy invasion or bias if they do monitor it! In your opinion, which course of action is the most prudent?
A: While the burgeoning risks associated with e-mail continue to emerge in today’s information society, the trigger point for an employer’s liability stems from a longstanding legal principle—the Respondeat Superior doctrine, which imposes liability on employers for the misconduct of their employees when it occurs in the scope of their employment.