Posted by: David Scott
acceptable use, content management, data access, data privacy, workplace privacy
According to a recent ruling by the New Jersey Supreme Court, a former employee’s past company should not have read e-mails that she sent from a private, password-protected, web account.
The employee was using company resources (computer, internet access, and indeed company time), but the Court ruled that she had a reasonable expectation of privacy for the account, being that the company’s policy regarding computer use was that “occasional personal use is permitted.”
Various states have differing views of workplace privacy: Most, if not all, have ruled that company-owned, corporate, e-mail accounts belong to the company – including all data that is contained – business related or otherwise. Many have ruled that any data on a workplace computer belongs to the company, “personal” passwords and allied info notwithstanding. But in gray areas, companies and individuals alike need to thoroughly understand Acceptable Use policies and to grow and amend those policies as necessary based on precedents and local rulings. Some predict that workplace expectations of privacy vis-à-vis differing locales and laws will ultimate settle into a uniform judgment as the issue inevitably makes its way to the Supreme Court.
But there’s another consideration here: Who might be accessing your e-mail and any other personal data in the workplace that you may not know about, and will never know about? Someone could be surveying your workplace computer right now – for entertainment purposes, or for judgment in your suitability for promotion, or even further employment. Can this be done in secret? Of course. Is it? Well… for certain environments and for anyone who understands enough about human nature… the answer comes back again, “…of course.”
For a little background, the following article by Susan K. Vivio at NJ.com is of interest: N.J. Supreme Court upholds privacy of personal e-mails accessed at work.
This much is certain: If you’re in the policy-making arena (whether IT or Business policy), be sure your Acceptable Use and Content Management policies are thoroughly up-to-date and that staff is apprised of your organization’s expectations. If you are a workplace user of resources (again, whether IT or Business staff), be sure you are thoroughly familiar with all policies affecting use of computer and allied resources – and be certain that any people you may manage are also fully educated and current.
In all regards, it is always wise to carefully consider what you may be saying and storing on workplace computers.