The general rule regarding employees and their computers is that they have no reasonable expectation of privacy as to communications or other information on them, as long as their employer has given them notice of that fact. That’s a big “if,” but once met it’s pretty much a blank slate for employers to monitor computer use and computer communications.
What if an employee, however, goes out of his way to make it clear that he does expect a given communication to be private? Does that rebut the company’s “no reasonable expectation” policy?
A Massachusetts judge, analyzing the issue in the attorney-client context, says it may. The focus was on the use of web-based email from a work computer, which evidently many attorneys are advising employees is a way to (legally, not just practically) retain privacy:
[I]f an employer wishes to read an employee’s attorney-client communications unintentionally stored in a temporary file on a company-owned computer that were made via a private, password-protected e-mail account accessed through the Internet, not the company’s Intranet, the employer must plainly communicate to the employee that:
1. All such emails are stored on the hard disk of the company’s computer in a “screen shot” temporary file; and
2. the company expressly reserves the right to retrieve those temporary files and read them.
Obviously, it’s not too “forseeable” that a company would “plainly communicate” such a policy regarding such an unlikely configuration. The point seems to be that employees do retain their expectation of privacy, even on their employers’ machines, when they go through hoops to both maintain it and to indicate to anyone concerned that no waiver is intended. It does appear that this analysis, however, is limited to the retention of the a attorney-client privilege — which courts should, and do, guard jealously — and may not apply to other would-be private information.
See the analysis at Lee Gesmer’s MassLawBlog, where I picked this item up.
