Can Your Employer Read Your Personal Email After You Are No Longer Employed There?
from the questions-for-the-courts dept
While we already know that plenty of companies have systems in place to monitor your corporate email, what about your personal email accounts? And, just to make it more interesting, what about your personal email accounts after you are no longer employed at the firm? That's what's at stake in a new lawsuit, filed by a guy who was fired from a company, and later learned that they were reading his personal Yahoo email -- including messages he sent to his lawyer about responding to the firing.Apparently, he left a computer at the office logged in to his Yahoo account, and that made it easy for the company to read his email -- and the company claims that since it's on a company computer, it's fair game. It's not exactly clear how he found out they were reading his email, however. Also, the company claims that the reason they looked at his email was because after getting fired, he used a computer (in plain view of other employees) to send himself various confidential company info. Even if that's true, it's not clear that the company should still be able to read emails in his personal account.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: employers, legal rights, personal email
Reader Comments
Subscribe: RSS
View by: Time | Thread
Security?
Sounds to me like they were asking for their information to be compromised.
[ link to this | view in chronology ]
Re: Security?
If the company cannot not prove their claim to be true, then there is a breach of privacy and that person who has been fired (perhaps the company downsized) can claim suit against said company for damages. It is equivalent as if you left your personal cell phone on the company desk, a coleague comes over and then checks your messages. Big problem !!!
Now, lets reverse this scenario - if said person came over to their desk, sees a coleagues corporate email account open on their desk, and reads it without coleagues permission, what would happen next to said employee who did this ? What if the colleage who left their email open were a CEO, CIO, or CFO ? Would said coleague tell their peirs what heppened, or would they give their verison of it ?
What if coleague left their personal yahoo/hotmail open on employees desk and employee reads it ? What happens then ?
[ link to this | view in chronology ]
Re: Re: Security?
huh? I thought everyone could do that. So, I figured It was a good Idea to share that I was writing policy because it seemed like getting fired was in my future since she was getting her policy written and setting me up to let me go. Well as I suspected I was discharged after telling. It was very traumatic! It was very swift and brutal, I was not allowed to remove my personal password that went to all of my personal accounts. I said that they could watch me and that I only wanted to erase two things that were personal and not inappropriate just personal and they would not allow it! They became very aggressive and rather that fight I just figured I would try to disconnect it when I got home. Then I was able to see that by the time I was able to do anything that my personal information had been accessed from the computer they said they were wiping, that night at 7pm, after work hours. So, back up to the moment that I was let go and I was terrified and crying and they had assured me that thier only intention was to wipe my computer. So, Its been a month now and I figured that I was done grieving for the most part. Fast forward now, to last night. I tried last night to log on and restore all of my emails and docs, just to see if it would work, It says everything was deleted
from 6mo prior to my hire date to the date I was let go. So, I changed my password to make sure that they could not continue to look through my personal information. Then someone went in and changed my password. I thought it may be a fluke so I changed my password again today at 3;27pm and then I was locked out of all my devices again and it said the password was changed again at 4:40. I am not a programmer and I don't know what to do to stop this. any advice?
[ link to this | view in chronology ]
First question is the only one necessary
You use corporate email accounts for corporate use, and ONLY for corporate use. Use your own damn email account for private use.
[ link to this | view in chronology ]
Re: First question is the only one necessary
[ link to this | view in chronology ]
Re: First question is the only one necessary
[ link to this | view in chronology ]
Re: First question is the only one necessary
It was his Yahoo account. Not his corpmail account.
[ link to this | view in chronology ]
Re: First question is the only one necessary
[ link to this | view in chronology ]
Privacy disclaimer
[ link to this | view in chronology ]
Actually on topic
I'd say that company is looking at a world of hurt coming their way. If they suspected that he was stealing company secrets, then they should have lawyered up and subpoenaed his yahoo email. Just because its easy doesn't mean it's legal.
IF nothing else, they should be facing "difficulties" in hiring and retention practices as a result of their actions.
[ link to this | view in chronology ]
Yes and No?
But I would add that if, after he was fired, they logged into his Yahoo account themselves and dug around to see what they could find, then that crosses the line of acceptable and legal behavior.
It's one thing to read the contents of what HE was transferring over THEIR equipment, but quite another for them to log in as the employee to view material that WAS NOT transferred over their equipment.
[ link to this | view in chronology ]
Re: Yes and No?
[ link to this | view in chronology ]
actually
[ link to this | view in chronology ]
This is why...
[ link to this | view in chronology ]
It's a pretty gray area
It looks like he might not have taken measures to secure his account properly. While it seems everyone is upset with the company for reading his email it remains, quite possibly, that the guy is a moron who didn't logout, or possibly even chose an option to keep himself logged in.
I am not sure I like the employer reading this guy's email but if he was a dumbass and left himself logged in then it's his own damn fault and I don't see punishing the employer for his stupidity to be frank.
This is going to be an interesting case to watch.
[ link to this | view in chronology ]
Re: It's a pretty gray area
it has to do with ownership. the company owns the equipment, but they don't own the information. they own the code someone programs, but they don't own his ideas. company owns the concrete, not the abstract. they "own" the cookie stored on the harddrive, they don't own the right to unlawfully access the information with the cookie. (warning: oblig. car analogy) I leave my keys on the ground (fall out of my pocket or otherwise) it's still illegal for someone to drive off in my car, or to even open up the door and smell my air freshener.
[ link to this | view in chronology ]
Re: Re: It's a pretty gray area
If he took company information the company needs to let legal authorities gather the information. Now they have A) committed a crime in trying to gather evidence B) by proving they have access to the account, they potentially tampered with that evidence allowing the ex-employee to imply that the company planted the information into his account.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Answer is Yes
[ link to this | view in chronology ]
Re: Answer is Yes
[ link to this | view in chronology ]
Re: Answer is Yes
[ link to this | view in chronology ]
Moron
[ link to this | view in chronology ]
Re: Moron
[ link to this | view in chronology ]
Retard
[ link to this | view in chronology ]
Mail is Mail
[ link to this | view in chronology ]
More black and white than gray
http://www.usatoday.com/tech/news/techpolicy/2008-06-19-privacy-work-communications_N.htm?csp= 34
In short, a federal court has rules that employers can not access employee e-mail when it is stored off-site. Even when the organization in question is paying for the resource. If this was the guy's personal Yahoo e-mail account, they went way over the line.
[ link to this | view in chronology ]
Re: More black and white than gray
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I doub't the company is being honest
Then after he left they used the information from the logger to read his Yahoo email.
When things got nasty they tried to put a cover up in place.
[ link to this | view in chronology ]
Re: I doub't the company is being honest
[ link to this | view in chronology ]
NOTHING you do on a work computer at work is private!!!
Do not use company resources for personal use.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Structured Settlement Investments...are they nuts?
Sooooo many questions here. Aside from the company not having any exit procedures or even what might be common sense. I'm sure they don't want him to use work e-mail any longer yet they use his personal account? A Yahoo account is not stored on company resources and I'm sure Yahoo has some policy about accessing accounts that are not your own no matter how you come to be able to login. So who's to say Structured Settlement Investments didn't just send these "secrets" out via his account? If he's fired at say 9:00 am and e-mail is sent from a work computer at at 9:15 am then it can't be Scott's fault. After all, he was released 15mins ago and that machine is no longer his responsibility whatsoever. What about using an employee's name and impersonating them after they leave? They can't just have someone call clients and say they are Scott so why would they think they can keep accessing Yahoo while impersonating him? Foolish in the extreme!?!
[ link to this | view in chronology ]
We use a product that monitors computer usage including screen recording and keystroke tracking. I personally would prefer to turn off the keystroke tracking feature.
I know that I could easily find peoples personal email passwords but that certainly does not give me the right to read their email at my own free will.
Knowledge is power, power must be used morally and ethically.
[ link to this | view in chronology ]
Policy
The disclaimer clearly stats the computer and internet connection are the comapnys and should it choose to it will observe any thing that transpires on the machine.
[ link to this | view in chronology ]
Re: Policy
[ link to this | view in chronology ]
Re: Re: Policy
You need to do something personal you don't cached and stored, you do it there if you want. Also, there are no block on hosted email sites or much else for that matter. We give people freedom to what they need to, but if you mess up we will be able to prove it.
Basically if you do your job, no one will ever go back and look at what you were doing. But I mean if you are going to do in appropriate activities, you should be smarter then to do it on your work PC.
[ link to this | view in chronology ]
Re: Policy
[ link to this | view in chronology ]
Re: Re: Policy
[ link to this | view in chronology ]
Re: Policy
[ link to this | view in chronology ]
Productivity as it relates to Morale and Work/Life Balance
Today, we're constantly connected and oftentimes work/life becomes ever more blurred. We're working from home, weekends, and answering emails on blackberry more than ever. As an employee, if I'm expected to have work infringe on home/personal life, what should everyone's expectations be? Of course, there is the occasional "bad apple" that abuses their downtime. It should be a considered "a problem" for a person who spends more than an hour a day working on their Facebook or other sites. If someone spends, say, more than 40 hours a month doing things that lack value to the organization need coaching, or additional work.
Now, as for the debate on checking a person's personal email after they have left the company, it seems quite unethical. I see it akin to going to a former employee's mailbox outside their house and thumbing through their snail mail. There are protections for this. Should there be equal protections for email?
But if their value and contribution to the company was so great, that it necessitates a level of corporate espionage, why did they even allow them to be let go?
[ link to this | view in chronology ]
Two wrongs
[ link to this | view in chronology ]
Not The Same
[ link to this | view in chronology ]
Re: Not The Same
He left his house keys in a COMPANY OWNED desk. He left it in their desk, they have a right to use it.
[ link to this | view in chronology ]
Re: Not The Same
[ link to this | view in chronology ]
Re: Not The Same
[ link to this | view in chronology ]
Re: Re: Not The Same
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Its an intent case
1. If you redirected the personal account to reside on the companies equipment, that would not be considered stealing As they own where it delivered (unlike regular mail it is not a crime to intentionally open email not addressed to you)
2. If you left a program fetching email off the personal account which remembers the username/password and someone their launched it, that could be accidental and not necessarily a crime.
3. If a company used usernames/passwords, cookies, etc that they knew were not theirs and used them to access a system that did not belong to them (e.g. yahoo webmail) they probably committed illegal access, illegal interception, forgery (ID Theft), and possible data interference (deletion).
A good analogy of #3 is if I left a set of house keys in my desk, and left the company, that does not give the company the right to access my home or take my property (it may not be breaking & entering but it still is trespassing with intent and theft).
So even if they might be able to convince them that the access was accidental (dropping illegal access component), using the content is still theft and fraud.
[ link to this | view in chronology ]
your personal e-mail. The dumbass deservied to be fired.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Never emailed yourself a link? Never had to check an address before you left work?
If you haven't then you are either unemployed or drive a forklift for a living.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Were they Keystroking him?
Things like this is why I now only do personal searching on my iphone.
[ link to this | view in chronology ]
Work is from 8 to 5.
You have 2 brakes and a hour lunch.
Thats your time to eat,nap or play.
At other times during the day your on company time.
[ link to this | view in chronology ]
lol
[ link to this | view in chronology ]
Can they keep my name.
Also, when I checked their website, I am listed as the Branch Manager with that email address, still.
Do I have some recourse here. It's been two months. Do you think they value my personal business contacts so much that they don't want them to know I've left?
The more I think about this the more illegal it sounds.
[ link to this | view in chronology ]
Re: Can they keep my name.
[ link to this | view in chronology ]
Re: Can they keep my name.
[ link to this | view in chronology ]
Anyone know the LEGAL Answer??
More specifically, my fiance was just wrongfully terminated from his job. He was accused of doing side jobs (which was NOT true, he was offered the opportunity to do so, but he did the right ethical thing and declined them). The man who offered him these jobs just called him up and told him that his ex-bosses had just spoken with him, and they informed him that the reason they 'thought' my fiance was accepting side jobs was because they hacked into his PERSONAL gmail account and saw some of the emails that this man had sent him.
This man told the ex-boss that while he did offer my fiance the work, he rightfully declined it, and he is happy to serve as a witness in my fiance's defense. But my question is this: were his former employers legally allowed to hack into his personal email account without his knowledge or consent (while he was away from his work computer) and read through his personal emails? Regardless of how they obtained his password (be it through keystroke recording software or other forms of employer espionage), are they legally entitled to log into his personal email account and read through his personal emails? If anyone knows the legal answer to this question, I would be eternally grateful, as I am about ready to explode with anger at this situation. Opinions are welcomed, but please clarify that they are your opinions, and not something you've excerpted from a law book. Thanks in advance!
[ link to this | view in chronology ]
Re: Anyone know the LEGAL Answer??
I hope this answers your question.
[ link to this | view in chronology ]
Re: Re: Anyone know the LEGAL Answer??
A friend went through something very similar this week. She was released last week. A work friend called her this week and said the owner quoted verbatim, a message from a colleague that sent a Private Message to her Facebook account the day aAFTER she was terminated. FaceBook policy states that only the user with the password can see that area.
It is clear to me that the former employer hacked a password protected document that contained other personal passwords (left on the company laptop), or paid for a hacker/cracker application to access her FaceBook, LinkedIn and Plaxo accounts, along with personal emails (yahoo, gmail, etc).
This is clearly unauthorized access, and a legal violation on many levels. But which laws/Acts in aprticular?
Could be jail time and civil action exposure for employer, and anyone they instructed to, or knew of that were involved.
[ link to this | view in chronology ]
Re: Re: Re: Anyone know the LEGAL Answer??
[ link to this | view in chronology ]
Re: Re: Anyone know the LEGAL Answer??
[ link to this | view in chronology ]
Employer Still Using My Email Address Even Though I No Longer Work There
I do not know if they are replying to any of my email but it seems to me that they are impersonating me and this should be illegal.
Is this legal?
[ link to this | view in chronology ]
EMAIL
[ link to this | view in chronology ]
Abandoned Property
Eddie
[ link to this | view in chronology ]
What?
1. Keeping your company email address > Yes, the employer can keep your company's email address as long as they feel there is a need to. They own it, but they can't use your email account in replying, that would be impersonating. They keep it because your email may have customer request/discussion which affect the company. It might be possible to set a forward email address & out of office note which will forward the email & also let the sender know that this person is no longer working for the company.
3. Personal email @work > WHY WOULD YOU USE PERSONAL EMAIL AT WORK? SHOULDN'T YOU BE WORKING? Check it at home and don't send email from your company's email to your personal email. Company that allow you to use your personal email at work is lacking major security issues, they can eventually loose the company for a lot of reason.
4. Yahoo email disconnect > they do disconnect, but they have an option to keep it log on for 2 weeks. Some people might be stupid enough to leave it log on. Keep log on even if you close the browser. Again, read # 3 cap phrase.
5. Abandon property > as long as you give a reasonable notices & time to response to the employee that the personal property will be consider "abandon". I think it could be consider so.
6. Work environment (@the other Paul) > No. you have to set a rule to run a business. If you don't, your employee will do whatever they want. They are there for work, not for fun. Productivity is control by management not vise versa. "No Horse playing"
[ link to this | view in chronology ]
A colleague sent me an e-mail from my account
[ link to this | view in chronology ]
How about the deleted emails
[ link to this | view in chronology ]
a possible answer
When you sigh up for a yahoo, msn, or google mail account, or many other types of mail accounts, you enter a contract with that service provider. That contract states something to the effect that you (the account holder) may not share or rent your account to another person. It gives only you limited rights to acess and use that account for personal use.
In civil law, the employer interfered with the yahoo account user's contract with yahoo. The employer can be sued by both the employee and by yahoo itself. The employer did not have Yahoo's consent to access their servers.
It is against federal law to access stored communications without consent. Because the employee (the person who was under contract with yahoo) was obviously not present at the time the data was accessed, this action can be considered a federal crime. Refer to 18 United States Co de section 2510.
The best way to explain this is that yahoo.com did not give the employer consent to access its servers, with specific data from a password protected account. Since a contract for employment terminates at the end of employment, accessing such information, whether or not you have the "password" is still not legal, because the access was not done by the yahoo account holder, during employment. The only way this would be legal is if the employer was yahoo.
If an employee were to access an employer's network without their knowledge, after they left work, they would be in violation of the law. The same applies the other way around.
Its a complex situation, but basically, because you (the employee) have a contract with yahoo, your employer cannot interfere with it. Presenting copies of illegally accessed data in a court of law can incriminate the employer.
As I say, "Bugs" are for the FBI. If I were the employee in this case, I would call the US attorney's office, and the FBI.
[ link to this | view in chronology ]
Re: a possible answer
can an employer monitor e-mails sent from a terminated employee to colleagues at the company ? The ex-employee was using his own device and e-mail account.
[ link to this | view in chronology ]
Cure Herpes Simplex
Cure Herpes Simplex
Cure Herpes
http://www.cureherpessimplex.com/
[ link to this | view in chronology ]
Buy kamagra
Kamagra discount
Buy kamagra
http://www.bestkamagrarx.com/
[ link to this | view in chronology ]
It should be fair game!
Just like the Army policy I think all companies should have the same policy. Anything done on the company computer is subject to investigation. If you did not want your personal email being viewed by others then you should have not of been viewing it yourself at a public computer.
The first thing you do before you can login to any Military computer is the DOD Banner:
"You should have no expectation of privacy in your use of this network. Use of this network constitutes consent to monitoring, retrieval, and disclosure of any information stored within the network for any purpose including criminal prosecution."
I imagine millions if not billions of dollars is lost in two ways. People checking personal emails/social groups/phone calls at work and people taking potential business for their own profit and filtering it to their personal email/phone. You are using their electricty to power the network/computer their computer their network and I imagin you are getting paid while doing this to check your email at work.
Also as a side note after 180 days email messages lose their protection under the Electronic Communications Privacy Act. And on top of that if your company has a policy in hand stating the same thing as government computers it does not matter what agreement you have with someone else you broke that contract when you logged onto the computer and started checking your email.
On top of all that I imagin he gave them the right when he logged on and left it open.
I'm not a legal guy so I may be wrong but I'm great when it comes to IT things. I think that company needs to filter out personal email sites and other persoan things like twitter or myspace and put more strict policies into place as far as using them and monitoring them.
[ link to this | view in chronology ]
Another Question
[ link to this | view in chronology ]
Bosses Who Hack
[ link to this | view in chronology ]
Bosses Who Hack
[ link to this | view in chronology ]
As Neil Schubert pointed out about, what they did probably violates both civil and federal law.
So, actually, you are 100% wrong. It's not his problem, it's their problem.
[ link to this | view in chronology ]
Hacked by Boss after I successfully complete contract.
[ link to this | view in chronology ]