Earlier this week, a story broke reporting that Harvard University surreptitiously viewed the
work emails of 16 residential deans as part of its investigation into
a cheating scandal. Your level of outrage at Harvard's investigation will
depend entirely on the degree to which you believe employees have an
expectation of privacy in a corporate email account.
According to U.S. v. Finazzo (E.D.N.Y. 2/19/13) [an enhanced version of this opinion is available to lexis.com subscribers],
employees enjoy no such expectation of privacy, provided that you have the
right language in your email policy.
In Finazzo, the U.S. government alleged that
Christopher Finazzo, an executive at the clothing retailer Aéropostale,
received illegal kickbacks from transactions between his employer and one of
its vendors. During an unrelated internal investigation, Aéropostale discovered
an email in Finazzo's Aéropostale email account between him and his personal
attorney. That email contained a list of Finazzo's personal assets, which
included several companies he co-owned with the vendor from whom he received
the illegal kickbacks.
In his subsequent federal criminal trial, Finazzo
attempted to block the government from using that email against him. The trial
court denied his motion, holding that he had no expectation of privacy in his
work email account.
In reaching this conclusion, the federal court relied
upon Aéropostale's email policies, which stated:
Except for limited and reasonable personal use (e.g.,
occasional personal phone calls or e-mails), Company Systems should be used for
Company business only. Any limited exceptions to this rule must be approved
through the IT department. Under no circumstances may Company Systems be used
for personal gain or profit; solicitations for commercial ventures; religious
or political issues; or outside organizations. Company Systems may not be used
to distribute chain letters or copyrighted or otherwise protected materials....
You should have no expectation of privacy when using
Company Systems. The Company may monitor, access, delete or disclose all use of
the Company Systems, including e-mail, web sites visited, material downloaded
or uploaded and the amount of time spent on-line, at any time without
notification or your consent.
The court concluded that Aéropostale's policy, and
Finazzo's knowledge of it, disposed of any claim that the email exchange
with the personal attorney was private and therefore privileged:
Finazzo has no reasonable expectation of privacy or
confidentiality in any communications he made through his Aéropostale e-mail
account. Aéropostale had a clear and long-consistent policy of limiting an
employee's personal use of its systems, reserving its right to monitor an
employee's usage of the system, and making abundantly clear to its employees,
including Finazzo, that they had no right to privacy when using them.
Do you have an email or workplace technology policy? Do
you employees know that you have such a policy? Does your policy-
Following these simple steps will go a long way to
dispelling any idea by your employees that their work email is private, while
providing you sufficient coverage lest anyone challenge your ownership of
employee corporate emails and or your right to search such emails.
Visit the Ohio Employer's Law Blog for more
Presented by Kohrman Jackson & Krantz,
with offices in Cleveland and Columbus. For more information, contact Jon Hyman, a
partner in our Labor
& Employment group, at (216) 736-7226 or firstname.lastname@example.org.
For more information about LexisNexis
products and solutions connect with us through our corporate site.