No Email Message Is Private if You Get It at Work


Man looking at a laptop screen through binoculars

iStockphoto/Thinkstock

It’s pretty clear that using your employer’s email system for personal business is not a good idea and can get your fired; it could also send you to jail, if your emails reveal a crime. Employees have very little to no expectation of privacy in emails received through employer accounts.

An employee at Aeropostale, the clothing company, found out that not only can his employer use a personal email to fire him, but the government can also use it against him: A federal court ruled recently that prosecutors can use an email he received in his company account to convict him for receiving illegal kickbacks.

 

Unrelated Investigation

When Christopher Finazzo received an email in his Aeropostale account in 2006 from his personal attorney, listing his assets for the purpose of revising his will, he claims he forwarded it to his personal account immediately and deleted it from his work account, according to the court.

But Aeropostale found the email anyway, during an unrelated internal investigation, and it was not happy about its contents. Apparently it revealed that Finazzo had an ownership interest in a company owned by one of Aeropostale’s primary vendors, and he had never told his employer that he stood to gain personally from giving that company business. 

Aeropostale fired Finazzo, and the government prosecuted him for mail and wire fraud, as well as making false statements to the Securities and Exchange Commission. When prosecutors attempted to use the email to prove his illegal ownership interest, he argued he had a privacy right to the email, and that it was protected by attorney-client privilege. 

The court rejected his argument, ruling that Aeropostale had a clear policy that employees have no expectation of privacy in their company accounts, and Finazzo knew of this policy. Thus, he had no privacy and no privilege protects the email’s contents.

 

Know the Policies

While Aeropostale’s policy was very clear, many employers don’t have such a policy in place. In that case, an employee might have a better shot at keeping personal emails on company accounts private, says Jon Hyman, a partner Kohrman Jackson & Krantz in Cleveland who wrote about the case recently.

Jon Hyman

“The very first factor courts consider in assessing an employee’s reasonable expectation of privacy in a work computer or email account is whether the corporation maintains a policy banning personal or other objectionable use,” he tells Lawyers.com. The second factor is whether the employee intended the email to be confidential.

“The lack of a policy cuts against the employer on both of these factors,” Hyman says. “I do not believe a policy is absolutely required to pierce the employee’s expectation of privacy, but it makes the claim that much harder on which to succeed.”

Everyone keeps a personal Gmail or Yahoo! account these days: What if Finazzo had simply used his Gmail account at work to receive the smoking-gun email?

“The Stored Communications Act could protect that account from an employer’s prying eyes,” Hyman explains. “Basically, the SCA prohibits a third party from accessing someone’s online account without their permission.”

But the SCA didn’t protect an employee from getting fired when her bosses used her cell phone to discover she had violated her employer’s policies.

Hyman acknowledges that the law is unsettled in the area of employees’ expectations of privacy when they use corporate systems for personal emails and that employers who snoop into personal accounts – even ones used on company servers and systems – take a big risk.

 

Content of the Email Is Key 

The Finazzo case also raises the question of what would happen if an employer snooped and found something in a company account that is not illegal but still objectionable to the employer in some way. That depends, Hyman indicates, on whether other laws forbid the employer from acting on the information it finds.

“The laws against discrimination apply no matter how an employer came in possession of protected information,” he says. “For example, if an employer learned an employee’s medical information, the employer needs to wipe that information from its mind and act as if it had never seen it.”

“If, on the other hand, the employer discovers information that could give rise to an issue of harassment, the employer has an obligation to investigate and take remedial measures as if another employee had lodged a formal complaint,” he adds.

“The same would hold true if the employer discovered something criminal,” Hyman concludes. The employer would be obligated even to bring it to the attention of the authorities.

Tagged as: , ,