In a decision likely to be quoted in television drama courtrooms and real ones alike, the Third Appellate District Court in Sacramento California upheld in a 3-0 ruling that a lower court’s decision to admit emails between the plaintiff and her attorney were not privileged because the plaintiff used her employer’s (the defendant) systems to send the emails, and a written policy was in place restricting the personal use of company computers and informing users that email communications could be monitored.

Continue reading Motion Upheld! Acceptable Use Policy trumps Attorney Client Privilege

The Wall Street Journal carried an article last week on the US court’s shifting position on whether or not it’s okay for a company to read employee email. Most companies tend to take the position that whatever goes on within the corporate walls–or even within its virtual walls–is company property, and the actual keystrokes that take place on company property are fair game for snooping. However, that’s not always the case.

First of all, let’s take a look at why a company would be snooping on employee email. Are they worried about gossip? Or are they just nosy? In fact, the reasons revolve mostly around concerns of security leaks, and information leaks. Security leaks may occur if an employee is using their personal email account from a work computer. Information leaks can occur from anywhere–and this just involves a company employee emailing sensitive information that they ought not be sending to anyone. If you’re using your email account to send the Colonel’s secret recipe, or some such trade secret to the competition, then the company would like to know about it. Some employers take this very seriously, and use software to check all outgoing emails for sensitive information. Some 38 percent of companies analyze the contents of outgoing mail for these purposes.

The question is, are you allowed to do that? Courts, which in the past were more sympathetic to the employer, are now starting to weigh in favor of employees. The legalities of it get a little hairy, but the basics of it are that it is necessary to describe to every employee, in very specific terms, what the expectations are in regards to employee email privacy. The Journal article cites a particular case where an appeals court ruled that an employee had a “reasonable expectation” of privacy when they sent out an email using their personal account. To quote the article, courts are now finding that “unless they (the employers) have explicitly told the employee they will monitor email, they don’t have the legal rigth to do it–even if the email in question was a personal one sent using a work account, rather than a personal address.”

The bottom line is that if your company policy is to read, either by human or software means, employee emails, you need to make sure that every employee had been explicitly informed of that policy. Of course, telling someone you’re going to snoop on them kind of takes the wind out of your sails, but can still be a good preventive measure regardless.

As the year comes to a close it’s good time to review your Email and Internet usage policies and insure that they are clear and comprehensive. The folks over at SmartBiz have published some helpful tips to assist you. Here’s an excerpt:

As the Internet and email have become a big part of our everyday lives, employers need to make clear the separation between work and non-work. What someone would consider appropriate with friends may be out of line in the workplace. Each practice needs to have a clear, written policy in place to eliminate confusion by the employees on what is and is not acceptable.

Such policies are critical in this day and age. It only takes one email or dubious website to cause your business a lot of trouble in the form of viruses, security or confidentiality breaches, even lawsuits. So keep your policy updated and easily available to all your employees!