In the news this week has been a story about a decision by a university to search email accounts of several staff members in an effort to determine the source of a leak to the media. Like many employers, the University did not seek the employees permission before reviewing their emails. The employees whose emails were reviewed were not aware of the University’s actions until earlier this month.
The fallout from this incident is a good reminder that employers and employees may have very different expectations regarding emails and other electronic information stored on the employers’ computer systems. To avoid legal and political issues from erupting, it is wise to have a clear policy spelling out the company’s perspective regarding the confidentiality of such information. Training employees on the details of the policy is also worthwhile.
Because privacy is always a concern, it is important for the policy to spell out whether the employer reserves the right to review employee emails without the employees prior notice or consent. An individual can hardly claim an expectation of privacy if the employers policy makes it clear that emails are subject to inspection. Even when a policy makes it clear that the employer may review employee emails, however, employers still need to proceed with caution. As we have noted in a previous post, review of employee emails should occur only when there is a legitimate business purpose. The review should be limited to the extent necessary to determine whether an email is related to the issue being investigated. If possible, all reviews of employee emails should be conducted under the guidance and direction of legal counsel.