The law regarding employers' rights to employee e-mails and computer usage is evolving as fast as the technology. Federal law prohibits the unauthorized interception of, retrieval of or access to certain wire or electronic communications, including stored communications such as e-mail. Violators are subject to various civil and criminal penalties. However, once the communications are downloaded to a company computer, they may be subject to control by an employer.
In one recent case, the employer's policy limited the use of company computers to business purposes and prohibited their use for inappropriate purposes, such as obscenity. An employee was fired for viewing pornography on a company computer used at home. The employee sued, claiming a right of privacy in personal confidential information on the computer. The court held that the employee waived any such right when he agreed to the policy that employees had no right of privacy when using a company computer.
This case demonstrates the need for companies of all sizes to have properly drafted, written policies covering the use of company owned and provided computers and computer systems, whether they're used on company premises or by employees at home or when traveling for business. The policy should include a specific, express waiver by employees to any right to privacy in information contained on the company computer.
The policy also should contain separate language that eliminates any expectation that information or communications on company computers are confidential and that acknowledges the employer's right to access company computers at any time to review and monitor the contents. To be on the safe side, however, employers should restrict their own access to employee e-mail and computer content only for valid business purposes, such as when there's a reasonable suspicion of work-related misconduct by the employee, rather than non-specific trolling or fishing expeditions.
Such policies should further clearly and redundantly express that all computers are company property and shouldn't be used in any disruptive or offensive ways, such as communicating sexually explicit content, ethnic or racial slurs, or any type of harassing, disparaging, or harmful comment based on race, gender, sexual orientation, religious convictions, and political beliefs or associations. Employees should be notified that the company deems all computer content permanent and subject to retrieval and review at any time.
Many companies allow employees to make minimal personal use of e-mail and the internet, as long as such use does not interfere with employees' job responsibilities. In these cases, the employer must emphasize that such personal use is subject to all the rules of company ownership, access, inspection and lack of confidentiality. To enforce these policies, employers have to retain the right to possession of all passwords and prohibit the use of unknown passwords or other security features designed to prevent unfettered company access to company computers.
To protect these rights and to prevent the loss or theft of company trade secrets or proprietary information, companies may want to restrict the use of employee-owned computers on company premises and prohibit the transfer of company-owned information to those computers.