This article is from RISQ Consulting’s MyWave Connect portal, a resource available to all RISQ Consulting clients. Please contact your Benefits Consultant or Account Executive for more information or for help setting up your own login.
Think back to a time when a former employee departed your company. Do you remember collecting their work phone and laptop? Did you happen to search their device–perhaps even their personal email? If so, you may have unwittingly violated the Stored Communications Act (SCA), a federal law enacted as part of the Electronic Communications Privacy Act of 1986.
Stored Communications Act Background
The SCA establishes a criminal offense for whoever “intentionally accesses, without authorization, a facility through which an electronic communication service is provided.” In other words, the SCA protects the privacy of electronic communications while in electronic storage (for example, emails stored on an electronic server). Consequences for violating the SCA include a fine or imprisonment for up to five years for the first offense, and an additional fine or imprisonment for up to 10 years for any subsequent offense. The SCA can be used in civil litigation as well. In the case of a civil lawsuit, a successful plaintiff may obtain actual damages of at least $1,000, plus reasonable attorneys’ fees and other costs.
Interpretation and Application to Employers
As it pertains to employers, the SCA has been interpreted to allow employers to access communications stored on their own wire or electronic communications services (for example, employer-provided email service) so long as the access is authorized under the employer’s own policies, and the employer has a valid business purpose for doing so. That interpretation even applies in situations in which the employee considers such messages to be private. Additionally, even if an employer does not require employees to sign an “electronic communication in the workplace” policy, they still likely have the legal right to read employee email messages transmitted through company email accounts.
But what about situations in which an employee uses a personal email account on an employer-provided device? Typically, in these instances, courts have held that an employer cannot access employees’ private, personal email account communications. Other courts, however, have held that employers may monitor personal email accounts if the employee is using employer-provided technology and has consented in writing to a broad policy that allows for the monitoring of all computer use. Of course, the answer to this developing legal topic will vary court-by-court and state-by-state. In the interim, employers may consider addressing the monitoring of emails on employer-provided devices. If they choose to address this topic, employers should do so with the following in mind:
- Just because employers are legally allowed to monitor emails in some circumstances, does not mean they should, or that it is a best practice. Remember that, in most instances, personal email use on work technology is common and harmless.
- Consider drafting a policy or amending a pre-existing policy notifying employees that their use of the company-provided technology may be monitored and that employees have no expectation of privacy on the employer’s technology.
- Hold a frank discussion with employees regarding the nature and extent of email monitoring and the reasons for its implementation.
- Be clear regarding the consequences for violations of their email monitoring policy.
Note that employee privacy is a constantly evolving area of law, and legalities will vary state by state. For a more detailed, case-specific analysis, contact your local legal counsel.