Skip to main content

What is "reasonable expectation of privacy" in an employment context?

Written by Cynthia and Jennifer

A recent decision by the Maine Supreme Court highlights the tension between an employee's reasonable expectation of privacy in conducting personal business through a company's computer system and the individual's right to prevent the company's publishing of such material. In Fiber Materials, Inc. v. Subilia, the Maine Supreme Court dismissed an interlocutory appeal by a former executive who charged the company with improperly accessing and publishing the executive's attorney-client privileged communications with his attorney which had been stored on the company's computer system. While the court dismissed the appeal for procedural reasons, the court criticized the company's counsel for taking the preemptive position that the material retrieved was appropriately disclosed publicly without first seeking advice from state bar counsel before publishing it in a complaint.

The issues in this case are similar to those raised in the Scott v. Beth Israel case, where a New York trial court concluded that an employee's use of the employer's email system to communicate with his attorney waived the privilege because the employer's policy expressly prohibited personal use of the email system.

While these cases appear to produce two different results, they dictate the care employees and employers alike must take with respect to accessing information on a company-owned computer system and the use of that system in the first instance to conduct any type of personal business, especially sensitive personal business.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.