Snoopy Supervisors? Managing Employee Privacy & Cyber Risks

Employers must manage cyber risks. But how can that be done while avoiding problems with employee privacy issues?

Employers generally have the legal right to invade the privacy of employees at work, when they are on work computers. However, to avoid claims of retaliation and to avoid morale problems, the prudent employer will spell out in advance privacy rules in the employee handbook or other documents provided to all employees.

In particular, it is wise to develop a business e-mail and computer policy that states such devices can only be used for business purposes, and there is no privacy or right to privacy on employer-supplied computers, cell phones or other electronic communication devices. “Employees should know that employer supplied devices could be searched at any time and any improper use will not be tolerated.” Weimer et al., Employment Practices Liability, 2d ed., p. 239 (National Underwriter).

Under the federal Stored Communications Act, an employer can't (without authorization) intentionally access "a facility through which an electronic communication service is provided," unless the employer supplies the service. Conversely, prior authorization from employees provides a complete defense to an SCA claim. “When access to electronically stored documents has been granted, the SCA is not violated even if the person who was granted access later uses the documents for an unauthorized purpose.” Pierre v. Griffin, 2021 WL 4477764 (D. N.H. 2021).

Training for managers on these important privacy risks is an excellent, proactive investment!