Sophisticated programs exist that are readily available in the market place for employers to track every aspect of an employee’s electronic usage. For example, your employer can use software to record the buttons pushed on your keyboard and transmit that information secretly to them. Employers can also install monitoring applications or spyware on computers. These can allow them to watch what their employee does on the computer. Employers can then remotely view the employee’s computer screen. The same kinds of programs can be used to monitor network activity, even on computers that have not been issued by employers. It is also possible to monitor usage on mobile devices, including text messages and phone calls from employer-issued cell phones.
The question as to whether this type of snooping is legal is not settled law.
Can an Employer Read Emails?
The federal Electronic Communications Privacy Act of 1986 (ECPA) prohibits the unauthorized access to electronic communications. The phrase “electronic communication” includes the transfer of any writing or data, but it does not include oral communications. Several courts have found that the ECPA covers e-mail messages.
However, the big question is what is considered "unauthorized access?" If an employee checks their personal e-mail (e.g. hotmail, gmail, etc.) from a work computer, have they authorized their employer to access it as well? The phrase “unauthorized access” is not clearly defined. And as such, is not settled law.
Employer-issued e-mail accounts, however, are a different story. Because the ultimate ownership of the domain and the e-mail account itself remains with the employer, it is likely that the employer can authorize itself to access the e-mail account.
So, you should assume any emails sent to or by your work-issued email account can be accessed and read. Furthermore, it is safe to assume that your employer will consider those emails to be its property–not yours.
"Business Only" Use Agreement
Employers might be able to get around the "unsettled" aspects by implementing a “business-use” only policy with its computers or privately-issued e-mails. This kind of policy puts the employee on notice that its computers, servers, email, internet and/or intranet is to be used for business purposes only. And as it is inherently authorized to supervise the business conducted on its behalf by its employees, such a policy implies that the employer may snoop on their employees' computing activities–even if it does not come right out and explicitly state it.
So, by using the computer after being notified that the employer is watching, the employee may be impliedly authorizing the employer to view his or her activities, including e-mail. Courts have even found, for example, that an employee’s personal e-mails to her attorney were not private because they were sent from a work computer. (See Holmes v. Petrovich Development Co., LLC (2011) 191 Cal.App.4th 1047.) The employer had previously advised the employee that e-mails sent from that computer were not private and were accessible by the employer. Even though a communication to an attorney is normally protected by attorney-client privilege, the e-mails lost their privileged status when a work computer was used and the employer had an established policy that they weren’t private.
So What Does it Mean?
Do not use your employer's email or computer or server for items that are personal. And if you are communicating with your attorney, the exact same, unless you want to lose confidentiality and attorney-client privilege of those communications.