The Wall Street Journal carried an article last week on the US court’s shifting position on whether or not it’s okay for a company to read employee email. Most companies tend to take the position that whatever goes on within the corporate walls–or even within its virtual walls–is company property, and the actual keystrokes that take place on company property are fair game for snooping. However, that’s not always the case.

First of all, let’s take a look at why a company would be snooping on employee email. Are they worried about gossip? Or are they just nosy? In fact, the reasons revolve mostly around concerns of security leaks, and information leaks. Security leaks may occur if an employee is using their personal email account from a work computer. Information leaks can occur from anywhere–and this just involves a company employee emailing sensitive information that they ought not be sending to anyone. If you’re using your email account to send the Colonel’s secret recipe, or some such trade secret to the competition, then the company would like to know about it. Some employers take this very seriously, and use software to check all outgoing emails for sensitive information. Some 38 percent of companies analyze the contents of outgoing mail for these purposes.

The question is, are you allowed to do that? Courts, which in the past were more sympathetic to the employer, are now starting to weigh in favor of employees. The legalities of it get a little hairy, but the basics of it are that it is necessary to describe to every employee, in very specific terms, what the expectations are in regards to employee email privacy. The Journal article cites a particular case where an appeals court ruled that an employee had a “reasonable expectation” of privacy when they sent out an email using their personal account. To quote the article, courts are now finding that “unless they (the employers) have explicitly told the employee they will monitor email, they don’t have the legal rigth to do it–even if the email in question was a personal one sent using a work account, rather than a personal address.”

The bottom line is that if your company policy is to read, either by human or software means, employee emails, you need to make sure that every employee had been explicitly informed of that policy. Of course, telling someone you’re going to snoop on them kind of takes the wind out of your sails, but can still be a good preventive measure regardless.