The New Jersey Supreme Court recently ruled that a company shouldn’t have read an ex-staffer’s private e-mails even though they were sent from her employer’s computer. NorthJersey.com article.
Interesting ruling which will certainly change some thoughts as to personal use of work computers. While I’m a proponent of privacy rights, I’m torn on this particular ruling. The company had a policy in place that warned e-mails “are not to be considered private or personal to any individual employee”. That’s a fairly common policy statement but the usual intent is the use of company e-mail not a personal Yahoo account. I tend to side with the court that the attorney-client privilege applied because there was an attempt to keep the personal e-mail secure. Personal e-mail accounts, especially with an attorney seems to be reasonably outside the reach of an employer in my non-legal opinion.
That said, I think the issue here revolves around the personal use of company-owned computers rather than specific e-mail. In this case the employee was absolutely out of her mind to be exchanging communications with her attorney in preparation for a lawsuit against her company using a company issued laptop. Stupidity aside, the question is if the company had a right to “monitor, audit, intercept, access and disclose” any information that was sent using, or stored on company-owned equipment. This is where things get a little fuzzy for me.
Since businesses are responsible for the protection of PII that is transmitted from or stored on their equipment, there is certainly an obligation to monitor and audit their equipment to assure compliance. While I don’t think that extends into people’s personal e-mail accounts let’s create a scenario based on the patient privacy breach at University Medical Center I blogged about in November.
What if the employee was “hired” by a dubious attorney to provide them with face sheets as part of an unethical “referral gathering” scheme. Now, instead of taking the hard copy face sheet as was done in this case that employee used a personal Yahoo account to send this information to their “attorney”. I doubt this hits the same measure of attorney-client privilege identified in the New Jersey case but certainly this illustrates a point regarding potential misuse of employer-owned computer assets that can be quite damaging to both business reputation and finances.
As this New Jersey ruling resonates it will be interesting to see how organizations shift their policies, if they do at all. With the proliferation of social media and smart phones, it may not be an unreasonable time to revisit policies anyway.
Connect with me