Who's Eyeing Your Personal Webmail?

eFC logo

As a pro who's been around the block a few times, you know better than to write or send from your office computer anything not work-related whose content might ever come back to hurt you. Like storing your current resume, for instance. Or responding to an external job posting via e-mail from your office.

But what if you use a personal Web-based e-mail account that requires an individual login password, such as Gmail or hotmail? If your employer doesn't explicitly ban or block personal Webmail, that's a safe avenue for sending private communications from work.... isn't it?

The answer could well be "No," say a pair of attorneys writing in the Business Crimes Bulletin.

Co-authors Marjorie J. Peerce and Daniel V. Shapiro of the New York law firm Stillman, Friedman & Shechtman aim their advice at employers who want to view an employee's Webmail activity. We've re-cast it from the perspective of an employee sending personal e-mails meant to remain private.

In the first place, even documents you create while signed into a Webmail account usually can be accessed from the "temporary Internet files" of the computer on which they were written. That makes any Web-based e-mails you send from a work computer your employer's property, just like anything else you create using an employer's equipment. The authors cite a New Jersey court's ruling that a worker had waived her attorney-client privilege by e-mailing her lawyer from a company laptop, even though that email went through her private account rather than the company e-mail system.

Can the Boss Use Your Personal Webmail Password?

It gets worse. Peerce and Shapiro go on to outline a scenario that could let an employer log into a worker's personal Webmail account and - without risk of legal repercussions - look at any and all documents, even ones the worker had created on her home computer. That could be legal if an employer's official electronic communications policy (which most firms include within employee handbooks) said explicitly that the employer could use any personal usernames and passwords that an employee typed on a company computer.

Most communications policies don't say this, and Peerce and Shapiro steer employers away from going down this road: "Unchecked expansion of electronic communications policies, however, may not be in your company's best interest. As policies become more onerous and invasive, they may hinder a company's ability to recruit or retain talent. Besides, a policy that purports to allow unfettered use of login information by employers could lead to disturbing scenarios....In our view, a company should decline to use recovered login information during an internal investigation."

Nevertheless, it's wise to be aware of such possibilities. The bottom line: Even the contents of personal e-mail accounts aren't necessarily safe, if you've ever typed the password into your office computer. That may be another reason to carry a smart phone - one that your employer isn't paying for.