In many cases, it’s against the law to read someone else’s personal email – but what if a co-worker forgets to log out of an account he or she opened on a shared computer? That was the question asked in one recent court case.
Wayne Rogers, a teacher, was using a shared computer in the school where he worked. Like many employers, the school had an official policy limiting use of those computers to work-related tasks, but teachers regularly used the machines to check their personal email accounts.
While there, he noticed the unoccupied PC next to him displayed the inbox of a Yahoo email account belonging to a co-worker. The other teacher, who was also president of the teacher’s union, had apparently logged in to check her email and neglected to log out after she left.
During this time, Rogers was involved in a dispute about his salary and had filed a grievance with the union. While glancing at his co-worker’s inbox he noticed a chain of emails between her and other teachers in the school regarding Rogers.
He read those messages, in which the union president claimed that Rogers “can’t be trusted,” called him “dumb” and said that nothing was going to be done about his salary complaint. Rogers made copies and brought them to the next union meeting.
After discovering that Rogers had seen the emails, the teachers who had participated in the conversation sued him for an invasion of privacy and for violating a state law prohibiting people from knowingly accessing electronic systems without authorization.
Rogers argued that the teachers could not expect their conversation to remain private if someone was going to leave the email account open on a public computer for anyone to see.
A jury sided with Rogers, and a judge upheld the decision on appeal, finding that Rogers did not violate the law by reading emails from an inbox that was left open on a public machine (Cite: Marcus v. Rogers).
When can companies monitor email use?
Though this case provides a little bit of clarification, the law is still murky regarding to what degree companies, managers and co-workers can monitor (or spy on) emails and other electronic communication.
IT departments can often get involved in tricky situations, such as when managers want to monitor their employees’ email activity. Monitoring is generally allowed with corporate email accounts, but things get tricky when someone wants to snoop on an employee’s personal email.
In one case, a court ruled that an employee had a reasonable expectation of privacy when using a personal email account while at work, even though the company had a policy stating that any computer activity in the office could be monitored.
However, a different company won its court case after firing an employee when personal emails revealed he was breaking the company’s non-compete policy. A judge ruled that the monitoring was OK because the company was watching activity on its own equipment and because it took place as part of an investigation into a serious policy violation.
IT departments can help protect their companies from lawsuits such as these by having a clear-cut computer use policy notifying users that all their Internet activity may be monitored, and training managers on the legal dangers of too much electronic monitoring.
Also, this case serves as a reminder for an important item to include in IT security training: Users should always log out of sensitive accounts when stepping away from their computers.