1 June 2010CopyrightMeera Chature Sankhari

When is a private email not a private email?

An employee’s private life often intersects with the workplace through personal phone calls, personal emails, etc. It is also likely that an employee will store personal information and data on the employer’s computer system or other resources in the workplace.

This raises several concerns for the employer, including:

• The need to clean computer systems and resources frequently of non-work related material or data in order maximise space for official work

• Addressing security threats to proprietary, sensitive data owing to (inadvertent) downloading of viruses, etc.

• Avoiding potential liability owing to unauthorised act and/or wrongful access, use and storage of copyrighted and other proprietary information/material

• Ensuring employees are efficient, monitoring employees to detect misconduct, etc.

• Monitoring to detect and avoid crime and any associated liability for the employer—for example, if an employee commits a crime using office-provided computer resources, such as credit card fraud, or downloading and uploading obscene and prohibited material, etc.

So an employer’s right to monitor and have access to its computer resources and all material found thereon is well founded. Privacy of the employee, on the other hand, is also at least as important. Because of this, privacy has become one of the most contentious issues in an employer-employee relationship.

There is no direct legislation governing the interaction of an employee’s right to privacy and an employer’s right to access its own resources in the US, the UK or India. However, the US appears to have a statute that indirectly governs this relationship, in addition to several court judgments.

Most of the cases in this domain rely on constitutional and human rights provisions found in legislation and treaties, such as the European Union Convention on Human Rights. A landmark US case is Michael A. Smyth v. The Pillsbury Company.

The appellant claimed that he was wrongfully dismissed from the defendant’s company. The defendant maintained an email network in order to promote internal corporate communications and assured its employees that all email communications would remain confidential and privileged.

Further, it assured its employees, including the plaintiff, that email communications would not be intercepted and used by the defendant against its employees as grounds for termination or reprimand.However, in October 1994, when the plaintiff received certain email communications over the defendant’s email system on his computer at home, he responded and exchanged emails with his supervisor, relying on these assurances.

Later, the defendant intercepted the plaintiffs’ email messages and notified the plaintiff that it was terminating his employment effective February 1, 1995, for transmitting “inappropriate and unprofessional” emails.

The court ruled: “[W]e do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding any assurances that such communications would not be intercepted by management.

"Once plaintiff communicated the alleged unprofessional comments to a second person (his supervisor) over an e-mail system which was apparently utilized by the entire company, any reasonable expectation of privacy was lost.

"Significantly, the defendant did not require plaintiff… to disclose any personal information about himself…We find no privacy interests in such communications.

"In the second instance, even if we found that an employee had a reasonable expectation of privacy in the contents of his e-mail communications over the company e-mail system, we do not find that a reasonable person would consider the defendant’s interception of these communications to be a substantial and highly offensive invasion of his privacy.

"Moreover, the company’s interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments. In sum, we find that the defendant’s actions did not tortuously invade the plaintiff ’s privacy and, therefore, did not violate public policy.”

In contrast, in Doe v. XYC Corporation, the court said that an employee’s privacy interest does not trump the employer’s right to monitor an employee’s computer to see if the employee had breached a duty. In this case, the plaintiff sued the defendant because of its lack of action when the plaintiff ’s husband sent nude pictures of their daughter over the Internet from the official email system.

"If an employee wishes to maintain an enforceable privacy interest in the workplace, he or she will have to take affirmative steps such as using a lock on a desk or locker."

In Leventhal v. Knapek, the court held that even though the employee had reasonable expectation of privacy when using his office computer, the agency had specific suspicions justifying its search for ‘non-standard’ software, so was within its rights to conduct an investigatory search.

The appellant’s reliance on the Fourth Amendment to the Constitution was rejected, although the decision of O’Connor v. Magno J. Ortega was extensively discussed. That case saw the Supreme Court determine the applicability of the Fourth Amendment to a public hospital’s extensive investigatory search of a physician’s office while he was on administrative leave.

The Fourth Amendment of the United States says: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

It was determined that the test for whether the Fourth Amendment implicated by a public employer’s search of a workplace is whether the employee had a reasonable expectation of privacy. The reasonable expectation of privacy test is equally applicable when courts examine whether a government search of a private workplace violated an employee’s Fourth Amendment rights.

As per O’Connor, whether an expectation of privacy in the workplace will be deemed reasonable will depend on a case-by-case analysis. In other words, an enforceable expectation of privacy will not be found under O’Connor if an employee’s space is regularly accessed by others.

If an employee wishes to maintain an enforceable privacy interest in the workplace, he or she will have to take affirmative steps, such as using a lock on a desk or locker. Another means of eliminating an enforceable expectation of privacy under O’Connor is through an employer policy or regulation.

In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA), which provides a strong legal incentive for employers to codify and circulate computer use policies to meet one of the statutory exemptions and thereby avoid liability.

The ECPA contains two distinct titles: one of which prohibits the ‘interception’ of electronic communications; and the other, the Stored Communications Act (SCA), limits the accessibility of electronically stored communications.

Both titles include a consent exception applicable to the workplace. An employer can avoid liability under either title by imposing a user policy, reserving its right to intercept, monitor and access emails and other files contained on a workplace computer.

The introduction of a computer use policy in the workplace can form an important evidentiary foundation for an employer’s effort to terminate or otherwise discipline an employee. At the same time, an employer policy or practice that explicitly permits employee private email communications, including a system for distinguishing between public and private emails, can form the basis for an enforceable expectation of privacy.

The UK has no legislation to deal with this. It relies on the European Union Convention on Human Rights (ECHR). In Copland v. United Kingdom, a woman’s telephone line, email account and Meera Chature Sankhari works in the intellectual property department of Luthra & Luthra Law Offices.

She graduated from the National Law School of India University in the year 2001 and joined a leading IP boutique firm in New Delhi. Before joining the firm, she worked with a IP litigating firm in Delhi. Her primary areas of practice include IP transactions, advisory and litigation involving trademarks, copyrights, confidential information and copyrights.

Internet usage were under surveillance without her knowledge and permission. This was held to be in violation of Article 8 (1) of the ECHR. The court said that all communications from the office, phone calls, emails and Internet usage were part of the appellant’s private life and thus protected by the ECHR.

India too lacks legislation for this purpose, although the constitution clearly safeguards the right to privacy as a part of right to life under Article 21. Despite the fact that privacy is a fundamental right, it is a well-established principle that it is not an absolute right and that it may be lawfully restricted for the prevention of crime, disorder or protection of health or the protection of others’ rights and freedoms.

In fact, the Supreme Court has gone as far as stating that if there were a conflict between the fundamental rights of two parties, the right that advances public morality would prevail. Given the aforesaid decisions and findings by the Supreme Court of India, it may reasonably be expected that India would protect the interests of the employer or the employee, where one of those interests would advance public morality.

Meera Chature Sankhari is a senior associate at Luthra & Luthra Law Offices. She can be contacted at: msankhari@luthra.com

Already registered?

Login to your account

To request a FREE 2-week trial subscription, please signup.
NOTE - this can take up to 48hrs to be approved.

Two Weeks Free Trial

For multi-user price options, or to check if your company has an existing subscription that we can add you to for FREE, please email Adrian Tapping at atapping@newtonmedia.co.uk