Your Boss is Monitoring Your Work Emails – And May be Required to Act on Them

Monitoring Employee

Courts have generally treated a firm’s computers and information, or communication stored on them, as the employer’s property. It was therefore somewhat perplexing to see the apparent surprise and consternation at the news that a major American university had accessed and read the e-mails of some of its professors as part of an internal investigation.

Why Employers Monitor Email

Employers that provide work email and Internet access for business purposes have an interest in ensuring this use remains professional. Organizations tend to monitor employees’ email and computer usage for a number of reasons:

  1. To make sure that employees are not divulging confidential information or trade secrets.
  2. To protect itself against potential liability arising from an employee’s misuse of the organization’s email system (by introducing viruses, sending harassing emails, or visiting inappropriate websites, for example).
  3. To foster productivity by limiting the personal emails sent during work hours.
  4. To safeguard the organization’s reputation.

But Have They Told Their Employees?

Today, courts are increasingly weighing whether employers have explicitly established this property right and informed employees that their email is or may be monitored. That was what happened in a case in New Jersey, where an appeals court ruled that an employee had a reasonable expectation that email sent on a personal account wouldn’t be read—even on the company’s computer. To clarify this intent, most organizations spell this out in an Internet and Computer Use Policy.

With Monitoring Comes Obligation to Act

The very ability of an organization to monitor the emails and internet access gained through its systems, and to filter this information, can itself, in certain circumstances, result in potential liability for employers that don’t take appropriate follow-on action. A seminal decision from the New Jersey Superior Court held that a company that knows its employee is accessing pornography at work has a duty to investigate that activity and stop any potential harm to third parties.

We hold that an employer who is on notice that one of its employees is using a workplace computer to access pornography, possibly child pornography, has a duty to investigate the employee’s activities and to take prompt and effective action to stop the unauthorized activity, lest it result in harm to innocent third-parties. No privacy interest of the employee stands in the way of this duty on the part of the employer.

As for Limiting Personal Email Use…

Employees’ use of personal e-mail during business hours is common in the 21st-century workplace.  With personal smart phones in every employee’s pocket, the genie may be out of the bottle.

Unless it’s a bring-your-own-device firm—but that’s an issue for another post.

Tip-of-the-hat to Mondaq, for reminding me about this issue this week in The Dust Has Settled, But the Issue Remains: How Can Employers Avoid Liability for Monitoring Their Employees E-mails and Internet Usage?


This post was originally published August 12, 2013.


About Ann Longmore

Ann is Executive Vice President of Willis' Executive Risks practice. Based in New York, she has been with the compa…
Categories: Cyber Risk | Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *