Email Privacy Concerns
Created by FindLaw's team of legal writers and editors | Last reviewed June 20, 2016
This should come as no surprise anymore, but your email isn't private. In fact, it's one of the least secure methods of communication you can use. In contrast, phone calls typically aren't recorded and stored, and even if they were, your employer and law enforcement would have to go to court to gain access to them.
Emails are stored at multiple locations: on the sender's computer, your Internet Service Provider's (ISP) server, and on the receiver's computer. Deleting an email from your inbox doesn't mean there aren't multiple other copies still out there. Emails are also vastly easier for employers and law enforcement to access than phone records. Finally, due to their digital nature, they can be stored for very long periods of time, so think twice before writing something down in an email you don't want others to see.
The Fourth Amendment, the Electronic Communications Privacy Act and the Patriot Act
Email privacy is derived from the Fourth Amendment to the U.S. Constitution and is governed by the "reasonable expectation of privacy" standard. Unfortunately, given the open nature of email mentioned above (passing through several computers and stored at multiple locations), the expectation of privacy may be less for email, especially email at work, than for other forms of communication.
Emails are also governed by the Electronic Communications Privacy Act (ECPA) and the Patriot Act. Although the ECPA originally set up protections (such as a warrant requirement) to protect email, those protections have been weakened in many instances by the Patriot Act. Even where the protections remain under the ECPA, emails lose their status as a protected communication in 180 days, which means a warrant is no longer necessary and your emails can be accessed by a simple subpoena.
Email at Work for Employees
Most employers have their employees sign a computer and network usage policy, which typically will set forth that your email is to be used only for business purposes and grants the employer the right to monitor email and computer usage. This agreement normally deprives an employee of any reasonable expectation of privacy, and means that your emails are fair game for an employer to search through. Employers, unlike law enforcement, do not have very many obstacles preventing them from searching your emails. You are sending communications from their equipment that could affect their business, which usually provides them with the justification to search through your emails.
Even without an agreement in place, courts have rarely found that the employee had a reasonable expectation of privacy to his or her email at work for a variety of reasons. For example, one court held that emails used in a business context are simply a part of the office environment, the same as a fax or copy machine, in which you don't have a reasonable expectation of privacy. Another court found that by corresponding with other people at work, work email was inherently work-related, and thus there could be no reasonable expectation of privacy.
Email at Work for Employers
On the flip side, employers have a host of issues to be concerned about regarding email and email privacy. At a very basic level, employees are supposed to be working, and monitoring email at work is one way to ensure that employees are using work email appropriately.
The larger issue for most employers however is liability. Workplace harassment lawsuits are prevalent, and one way to protect a business from being sued is to monitor and prevent any harassment in the first place. Many employers run software that searches for offensives words and highlights problematic emails.
The other main concern with liability is that old emails will be used years down the road in a lawsuit. What an employee says can be preserved for years, and unless the company has an established, reasonable practice of purging its emails, those emails can be a gold mine for anyone suing the company. Emails can be especially devastating, because of the informal way that people write and send them, saying things in emails that they never would in professional correspondence.
Government Employees and Email
Government employees have even less privacy than the little privacy a typical employee in the private sector may have. Under various public records acts and the Freedom of Information Act (FOIA), the public can gain access to almost anything a government employee writes down. Also, due to the nature of their job, courts are typically unwilling to find that government employees had a reasonable right to privacy in the first place.
Email from Home
Unlike your email at work, emailing from home is more likely to grant you a reasonable expectation of privacy, but even then, it's not very difficult for prying eyes to gain access to your emails. Because your emails are stored locally, at your ISP, and on the receiving end, there are multiple points that hackers or law enforcement can gain access to. While it may be difficult for law enforcement to legally gain access to your home computer and local copies of your emails, it is substantially less difficult for them to get your ISP to turn over your emails.
ISPs are also increasingly creating End User Service Agreements that users must agree to abide by. These agreements reduce any expectation of privacy, and often include terms that grant the ISP the right to monitor your network traffic or turn over records at the request of a government agency.
How to Keep Your Email Private
First, to maintain your expectation to privacy in the first place, always use password-protected computers and email clients. After that, there's really only one way to ensure that your emails are kept confidential -- encrypt them.
The two most popular forms of email encryption are OpenPGP and S/MIME. Encryption scrambles your email into something unintelligible that only someone who has the correct digital "key" can read. Due to speed and convenience issues, however, few people use encryption and most email remains unencrypted and unsecure.
The best advice is to treat every email as though it were open to the public to read. Don't say things you don't want others to read, and remember that even after you've deleted your emails, they will be available for years from other sources.
You Don’t Have To Solve This on Your Own – Get a Lawyer’s Help
Meeting with a lawyer can help you understand your options and how to best protect your rights. Visit our attorney directory to find a lawyer near you who can help.
Contact a qualified consumer attorney to assist with the hazards and stress accompanying identity theft and online scams.