Corporate Security Monitoring - Personal email account privacy
Corporations have a legal right to monitor employee activities for security purposes, when business equipment is being used (in the United States and it's territories). However, it is important to establish clear guidelines and actively promote them in banner messages and as part of corporate policy. There should some balance in these guidelines to respect personal privacy as long as security is not being violated.
Can company read personal e-mail sent at work?
QUOTE: Do employees have a right to privacy when using personal e-mail accounts, even when they send the messages at work? A recent court decision provides some answers. The company argued the employee had no such rights — its computer use policy stated that anything done on workplace computers could be monitored. But the court disagreed. The judge ruled the employee had a “reasonable expectation of privacy,” because the policy didn’t mention that e-mails sent using a personal account would be saved to her hard drive.
It didn’t matter that she sent the e-mails at work — she was using a password-protected account, and therefore assumed the company wouldn’t be able to read them. Add to that the fact that the e-mails were between the employee and her lawyer, and the court ruled the company was at fault when it read the messages and tried to submit them as evidence.
In most cases, whether monitoring is legal or not comes down to one question: Who owns the e-mail? In other words, are the messages stored on the company’s network or by a third party (as is the case with personal accounts, like Yahoo and Gmail)? While employers are normally within their rights to monitor employees’ work e-mail, courts will usually draw the line when the data’s stored by a third party. Also, keep in mind:
» Have a clear-cut computer use policy – Employees can also win in court when they show they have a “reasonable expectation” of privacy. So inform all employees that their Web use at work will be monitored — and think twice before conducting any monitoring that isn’t clearly mentioned in the policy.
» Train managers – Some supervisors will go to great lengths when they suspect an employee of wrongdoing. But they should be warned that an investigation could become an invasion of privacy.
IT Manager Daily