What are Email Privacy Laws in the Workplace?

Fewer and fewer people today send emails to their family or friends. Social media and messaging apps have largely replaced electronic mail as the main way to communicate online with someone close to us.

When it comes to communicating at work, email is still number one, despite the resurgence of videoconferencing technology and apps like Zoom, Skype, Google Meet.

(Here’s why your organization needs an email encryption service)

In fact, in one report, 67% of respondents said that they use email and Zoom to communicate with their colleagues.

However, there is a lot of concern about email privacy in the workplace. Does an employer have the right or authority to monitor and read your emails?

This is the question that we will attempt to answer here.

Can My Boss Read My Emails?

Unfortunately, the answer to this can’t be a clear-cut yes or no.

The reason for this ambiguity is that oftentimes the line between a private email and a work email gets crossed.

In a 2017 survey by Avatier, nearly 4 in 10 people said they use their personal email accounts for work-related emails and 1 in 4 that they use their work email address as a login for personal email.

Src: Avatier

To answer the question “can my boss read my emails”? We need to clearly separate a personal or private email from a work or business email.

As such, a personal email is an email that an individual opens themselves, while a work email is one that an employer provides to an employee (someone they hired) and typically has the employer’s top-level domain name (TLD) in the email address.

Can My Employer Read my Work Emails?

If the employer had  provided the email account, then they (in general) retain the right to monitor and access your work emails.

This is because that email account is actually the property of the employer and not the employee.

Again, email privacy in the workplace is more complicated than this.

For instance, the US Electronic Communication Privacy Act (ECPA)  says that an employer can monitor an employee’s work email account on its system, but only IF they notify the employee in a written policy.

There are also certain limitations that an employer must adhere to if they want to monitor an employee’s email.

Most importantly, an employer must have a valid reason to monitor an employee’s account.

This means that they can’t monitor an employee’s email account to, for example, prevent an employee to organize a union.

Can My Employer Read My Personal Email?

When it comes to an employer’s right to check your personal email, they, again in general, don’t have the right to do so, without permission.

However, keep in mind that, if you use a laptop or other device that the employer has provided you, then the employer can check how you are using that device, including your browsing history, cache and, of course, email.

But, if you are using your own device, on your own time (away from the workplace), then the employer won’t have the legal right to monitor how you use or what you write in your email.

That being said, if you share or post something that might harm the employer or their business, you can still be held accountable and the employer can discipline or in some cases even fire you.

What Do the Different Email Privacy Laws Say?

Most of what was said above was supposed to give you some general idea about email privacy in the workplace. However, I am not a privacy lawyer so don’t take this as a piece of legal advice.

If you have concerns about email privacy issues at your job or with your boss, I would recommend speaking to an actual lawyer about this. When you do that, be sure that both you and the lawyer use an encryption email service.

Email privacy and security in the workplace is largely dependent upon the laws and regulations in your country.

For instance, in the United States, email privacy is mostly regulated by the Electronic Communication Privacy Act (ECPA) and in the European Union, it is the General Data Protection Regulation (GDPR).

Then, there are also other regulations and policies that you will need to adhere to, such as the Health Information Portability and Accountability Act (HIPAA), Federal Rules of Civil Procedure (FRCP) and others that in some way or form regulate how your employer might monitor or access your data (including your emails) that you would do well to get familiar with.

Another law that is very important in regulating whether an employer can or cannot access an employee’s electronic device or account is the Stored Communication Act (SCA).

According to the SCA, your employer can’t “intentionally access” a device through which the email service is provided, unless they supplied the service and the device themselves.

Here’s an example of an employer looking at the employee’s email accounts without authorization:

A recently sacked employee turned in the device her company had issued her, but neglected to delete her personal Gmail from it.

Over the next year-and-a-half, the employer read her private email, arguing that the former employee gave “implicit consent” by not deleting the account before handing over the device.

In this case, the federal court sided with the former employee, stating that the fact the employee failed to delete their account couldn’t be viewed as authorizing or approving access.

This should serve as a cautionary tale to never use your private email account from the device your employer provided you as they will usually have the right to access it.

Only access your personal email account from a personal device and work-related email from the device the employer provided.

Conclusion

Nobody wants their boss to read their emails or text messages. But that’s just how it is. If the employer-provided the email account you are using, then they will (for the most part) have the right to monitor and access your email account.

This also goes for your personal email, if you are accessing it from the company-issued device.

However, the employer doesn’t have the right to read emails from your personal account that you use on your own device. That is off-limits to them.

If you are worried that your boss or anyone else might try to read your personal emails, start using an email encryption service like CTemplar: Armored Email. CTemplar is an end-to-end encryption email that does not require a phone number and will protect your privacy from a nosy boss, or anyone else (hackers, government, etc,) who might try to look at your email.