Rights of Privacy in Electronic Mail

Once the province of the technologically elite, electronic communications are now proliferating throughout the work force, but the expectations of companies and their employees about privacy are sometimes divergent.

A local example underscores the potential problem. Three employees of Epson America in Torrance filed a suit against the company for violating their privacy rights with regard to electronic mail. (One plaintiff’s allegation has since been dismissed.) The plaintiffs used company electronic mail systems and services to exchange routine business messages both within and outside the company. The systems and services used by Epson America are similar to those used in many Fortune 1000 companies.

The suit alleges, among other things, that a supervisor routinely read electronic messages that were not intended for him. Plaintiffs contend that this “electronic snooping” violated their right of privacy.

What level of privacy are users of business electronic mail systems entitled to expect?

Electronic communications are strongly protected from electronic eavesdropping by outside third parties. First, the Electronics Communications Privacy Act of 1986 protects electronic communications in the same way that wiretap laws protect voice telephone calls. Second, it is much more difficult for an electronic eavesdropper to make sense out of a digital electronic message than it is to listen to a telephone conversation.

In this case, however, the issue is whether a supervisor has a right to review the messages of his staff. How do you balance the rights of a company in accessing its electronic records versus the rights of employees to expect privacy in their electronic communications?

Electronic mail is analogous to paper memorandums. Employees share and file memorandums where they are readily accessible to all who may need them. Electronic mail makes it easier to communicate information and makes the information immediately accessible to users who touch a few buttons on a personal computer keyboard. Information sharing improves productivity, enhances decision making and gets the word out more quickly. Such sharing is essential in today’s vast, fluid and competitive environment.

Nonetheless, there are times when electronic records should not be read. A company shows disrespect for its employees when it routinely reviews electronic messages, peruses paper files or searches employees’ desks. Without reasonable justifications, these actions undermine employee loyalty and can cause embarrassment and the loss of good will. In addition, in California and other states, local laws may be violated. It is a touchy and dangerous area.

What are some justifiable reasons for someone in a company to access another person’s electronic information?

First is the sharing of information in the routine course of business. For example, if I were out ill, I would want a colleague to retrieve my electronic records and complete my report to a client on time. This kind of behavior should be encouraged.

Companies are also justified in reviewing electronic records when an employee is suspected of stealing trade secrets or committing computer crimes using the company’s computers. Furthermore, one would expect companies to cooperate with law-enforcement agencies investigating other criminal activity, such as drug dealing, gambling or fraud via their computers. Otherwise, a company is poorly served by going on electronic fishing expeditions.

At the very least, a company has an obligation to communicate clearly to all its employees what level of privacy they can expect when using the company’s electronic communications. Electronic records management policies must be established that:

* Encourage the sharing of electronic information.

* Prohibit supervisors from electronic snooping except when there is clear cause and when approved by a corporate officer.

* Reserve for the company its proprietary rights in its electronic records.

The success or failure of privacy litigation is often related to the level of expectation that the employer sets or the employee has. Written policies should communicate the company’s intentions to both management and staff. Electronic records management policies should be regularly reviewed and updated and should parallel, as much as practical, physical records policies. Privacy should be an important consideration in both.