Q: What privacy rights do my employees have regarding emails sent and received over my internal network? How can I avoid getting in trouble for accessing employee email?
A: If an employee can prove that he or she had a reasonable expectation of privacy, an employer can get in trouble for accessing his or her email account and messages, according to the Electronic Communications Privacy Act (ECPA). The ECPA also states that it is prohibited to intentionally access stored email communications and intercept communications without authorization. Employers in violation of the ECPA could face criminal charges.
There are three exceptions to the ECPA in which employers are allowed to access employee email:
- If the employee consents
- If the employer provides the email service (an employer who contracts with an email service provider does not qualify as the provider)
- If the email interception is unintentional
When these issues do go to court, it is most frequently determined that the employer’s right to access information sent over its internal network overpowers the employee’s expectation of privacy. Companies with email and Internet policies often include clauses stating that information sent over the network is public, that the company’s systems are to be used for legitimate work purposes only, and that the company has the right to access messages and documents within the employee’s computer or email system. Having employees sign that they have read and agree to the email and Internet policies when their employment begins eliminates any possibility of a successful claim of the reasonable expectation of privacy.