Can My Boss Read My Email? Email Privacy in the Workplace. With many working from home permanently following the COVID-19 Pandemic, more and more communication is being exchanged via Email. Many companies have begun using messaging platforms such as Slack and Microsoft Teams to communicate during the workday. Likewise, more and more electronic communications are being subject to discovery in litigation and occasionally admitted into evidence. Both employers and employees should thus be wary about electronic communications. To be sure, employers are increasingly being proactive in monitoring and capturing employee communications. Keystroke tracking, compliance reporting, and even webcam monitoring software have become increasingly available to small and large companies who want to increase productivity and decrease distraction. From an employer perspective, monitoring employee communications is one way to check up on employees and ensure they are doing what they are paid to do. From the employee’s perspective, ongoing monitoring can be oppressive and many employees do not know what employers can access or what could be discovered in the future. However, knowing what is and what is probably not accessible can help the individual employee maintain a level of comfort and privacy. What Emails Are Legally Accessible? As an employee, how do you know what emails can be accessed by your employer? The legal answer, of course, depends. If the issue is raised in court, the court may look at several factors, including the following:
Does the company maintain a policy banning personal email?
Does the company monitor the use of employee email or computer use in general?
Can third parties access the employee work computer or work email?
Has the employee been notified by the employer of its computer monitoring or email policies?
Indeed, these are questions the Eastern District of Pennsylvania relied on when deciding whether an employee’s right to privacy was violated. (Dombrowski v. Governor Mifflin School District). In general, many employers have written policies that permit them to monitor your email. These policies often allow employers to access any information sent or received over the company’s server - including deleted messages!
While most employees assume that emails sent over the company server are subject to monitoring, Employees often assume that since they log in with a private password, employers cannot access these emails. However, some employer policies essentially give them permission to access any emails stored on the employer server or on the employer device. Accessing private emails or texts over the company’s server can cause them to be stored in temporary files or on the hard-drive which can be discovered later. This remains true if it is a company issued mobile device.
What About Private Direct Messages?
Programs such a Slack have built in compliance features which allow administrators to export data sets which include chats marked as private. Terms of Service or Company Policies may allow for access to these messages as well. As programs like Microsoft Teams and Slack become more common in day-to-day workplace communications, they can also easily become the subject of internal investigation and sometimes, subsequently, litigation. If you use apps such as WhatsApp or iMessage on a device provided by your employer, they may be able to access those messages or monitor your activity.
Exceptions to Employer Access There are a few exceptions to employer access to your communications. For example, if the employer does not have a policy allowing for access and allows employees to freely access private email over the corporate server, the law is unsettled as to whether this gives the employee some protection from intrusions unless there is some legitimate business reason. If an employee communicates over private email with an attorney, in many jurisdictions, a court is probably not going to allow the employer (or its attorneys) to intrude on historically protected attorney-client communications. Yet, even within these areas of exception, the law is unsettled and employees should assume that their emails sent via a corporate server or on an employer device can be accessed by the employer and potentially third parties in the event of litigation. What can I do to protect my communications? The best rule of thumb is that if you want to keep it private, keep it at separate from work. This becomes difficult, however, in a digital world where the workplace and home is increasingly interconnected and lately are one and the same. To keep communications private, employees should follow the following tips. Use your own device. The U.S. Supreme Court recently recognized that privacy interests can remain protected given the ubiquity of mobile devices. While an employer may be able to see some apps and perhaps even places you have been if you use your own IOS device over the employer’s Wi Fi; in general, the employer cannot access your private password protected emails. If the employer attempts to “intercept” private emails sent over Wi Fi on your own device, it could run afoul of the Electronic Stored Communications Act. On the other hand, if you send emails, texts, or direct messages using a computer, tablet or cell phone which is owned by your employer and provided to you for performance of your job duties, those communications may not be protected. Employers may require the use of designated networks when using employer provided devices, but you are free to use a VPN or other protection for your personal devices and personal communications.
Think before hitting send. Most people have come to realize that communications do not ever go away no matter how many times you delete them. If you wouldn’t want a judge to read the communication out loud in a courtroom or if you think the communication could create an issue for you professionally or otherwise, don’t send it.
Read the company’s policy. Many employees sign company policies and terms of service without reading what they say. Be careful. Some companies even reserve their right to track everything you type on an employer device via a keystroke tracker or other technology. While this seems draconian (and you may not want to work with such a company), you may want to know just how far the employer is willing to go. For employers, for similar reasons, it may be prudent to give employees a reasonable idea of what can be monitored and accessed. You can always ask for a copy of any company policy and should familiarize yourself with policies you may have signed without reading.
Protect your most private communications. If you communicate with an attorney, a doctor, a financial advisor or a significant other in a digital way, do so over your own device and make sure it is a protected communication and perhaps an encrypted communication. Also, do not forward such communications to others or to your personal email from a professional one. At Hennessy Law, we increasingly discourage the use of email and, when we cannot meet with a client in person or speak with the client over the phone, we communicate with clients primarily over a password-protected, encrypted Internet portal.
To some degree, it is unfortunate that privacy is being sacrificed in the digital world. Studies have shown that more privacy can give rise to greater creativity. Constant employer monitoring can also have a diminishing effect on morale and perhaps even productivity. The fear of knowing someone can be constantly looking over your shoulder can be oppressive and contrary to our American ideals. Nevertheless, unless and until the courts or legislature settle the law on some of these issues to preserve privacy rights, when it comes to digital interaction, it is better to be safe than sorry. Cases are increasing in this area of law. If you are an employee who believes your privacy has been compromised, call us. Likewise, if you are an employer and want to ensure that your monitoring activities are legally compliant and you are protecting data properly, we can provide assistance.