Legal Brief: How Private Are Your Work E-mails?Posted Feb. 21, 2011
"Legal Briefs" appears in e-Insidemonthly to keep faculty and staff informed of legal issues and their implications. An archive of past Legal Briefs is available online.
Employers across the country have routinely asserted that when it comes to employees' workplace e-mails — those transmitted or stored on a network provided by the employer — the content of those messages are not private. A federal court ruling in December of last year has changed that way of thinking.
In United States v. Warshak, the sixth circuit Court of Appeals held that a subscriber of Internet services enjoys a reasonable expectation of privacy in e-mails stored by a third party provider, such as the person's Internet service provider (ISP).
The court determined that telephone conversations, letters and other sealed packages have a legitimate expectation of privacy under the Fourth Amendment. According to the court ruling, "it only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber's e-mails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement absent some exception."
Kent State University already recognizes the private nature of electronic mail communications. University policy 3342-9-01 provides that "users and systems administrators shall respect the privacy of person-to-person communications in all forms including telephone, electronic mail and file transfers, graphics and television to the fullest extent possible under applicable law and policy."
Even though university policy recognizes the privacy of e-mails, it is not absolute. The university may access the e-mails and other person-to-person communications in the course of its normal supervision of the network or system (e.g. backing up electronic messages), or when exigent circumstances arise (e.g. evidence of reported violations of policies or laws). In addition, the university may receive public records requests that by law (the Ohio Public Records Act) will necessitate access to an employee's e-mail files. When such requests occur, the university will make a good faith effort to notify the affected user.
Users of the Kent State network should be aware that the university cannot guarantee the absolute security and privacy of data stored on university computing facilities. Users should engage in safe computing practices including, but not limited to, establishing appropriate access restrictions for their accounts, guarding their passwords and changing them regularly, and backing up critical files when appropriate.
For more information, contact Connie Hawke, associate general counsel, at 330-672-2982 or firstname.lastname@example.org.