EMPLOYEE E-MAIL PRIVACY ISSUES
E-mail has become the preferred method of communication for millions of individuals. Because of the relative ease in accessing personal e-mail accounts at work, many employees routinely check their personal e-mails and respond to them from the workplace. Many employees assume that the e-mails they send and receive are protected from review by their employer and, in certain limited circumstances they may be right. Employees may also assume that when they hit the “delete” key on their keyboard, that an e-mail is removed from their computer. However, many systems have automatic backup features and other methods of storing deleted e-mails on a computer that can retrieve e-mails you thought had been destroyed.
To prevent claims of invasion of privacy by employees, it is important for an employer to develop and distribute a clear written policy limiting use of e-mail for company business only and advising employees that e-mail messages may be subject to review by the employer. The written policy should also require that employees follow company guidelines regarding the creation, use and protection for the company’s e-mail and database systems.
The company policy should also establish e-mail retention terms. These terms should establish how long e-mail is allowed to be stored and at what point e-mail should be purged and relevant data converted to hard drive storage or hard copy. Obviously, the best time to set retention terms is when the company is not involved in litigation. This dispels the appearance that the retention policy is being instituted to avoid producing certain documents connected with the litigation.
E-mail content policies are also necessary to make sure employees are aware that the use of e-mail for circulating sexist, racist or otherwise harassing material that could be deemed to create a hostile workplace is not permitted. Under the Communications Decency Act of 1996, sending an e-mail that is obscene and is intended to annoy, harass, abuse or threaten another person can subject the sender to criminal penalties. Employers should consider requiring all e-mail users to use their real names in all e-mail communications so that any offending messages can be easily identified.
In conclusion, to manage expectations and reduce the risk of invasion of privacy claims, employers should publish and disseminate a written policy indicating that e-mail, voicemail, and the Internet are to be used only for business purposes and that all communications must be appropriate in content. Most importantly, the policy should make clear that the employer has the right to review these communications with or without the express consent of the employee. Such a policy or statement is the surest way to significantly reduce the employees’ expectation of privacy and diminish the risk of exposure to the employer.