Monday, April 22, 2013
One of the areas that I have recently been researching regards the impact of technology of employees' expectations of privacy while at work or engaged in work outside of the workplace. Though not completely related, now comes word that a large law firm, King & Spalding, has put into place a very aggressive email policy. Here are some excerpts of that policy:
KING & SPALDING — FIRM-WIDE-ANNOUNCEMENT — EMAIL ACCESS
New Policy Prohibiting Access to Non-King & Spalding Email Accounts (“Personal Email Accounts”) from Firm Computers
The firm’s internal security experts, as well as our outside security experts, have advised us that accessing Personal Email Accounts from firm computers creates a significant security risk. Therefore, effective May 1, 2013, access to Personal Email Accounts (i.e., anything other than your kslaw.com email, including, but not limited, to personal email accounts like Gmail, Yahoo, Hotmail, cable company, etc.) from King & Spalding computers will no longer be permitted.
Most personal email sites will be blocked while you are on the firm’s network. However, you should not access Personal Email Accounts from a firm computer, even if you are not automatically blocked when trying to do so. For example, you should not access Personal Email Accounts from a firm laptop, even when the laptop is not connected to the firm’s network (i.e., from your home network, a hotel internet, etc.). The firm’s computer systems hold confidential information about our clients and the firm and, as you know from reading articles in the press, individual users who innocently click on malicious e-mails are often the cause of security breaches. We need your help in protecting our systems by following this and other security related policies, even when you can do things that you are not supposed to do . . . .
Permissible Ways of Accessing Personal Email Accounts
The prohibition against accessing Personal Email Accounts from firm computers does not impact your ability to access Personal Email Accounts such as Gmail, Yahoo or Hotmail from your own personal devices (e.g., smartphones, iPads, tablets, personal laptops, etc.) while at the firm . . . .
Clearly, K&S has acted decisively to protect against leaks of confidential information and perhaps against compromosing their system through viruses and other malware. Although this policy would appear to diminsih whatever expectations of privacy individuals have in personal email use during work, other cases, under the Electroic Communication Privacy Act (EPCA) stand for the proposition that whereas an employer has the ability to monitor work emails and other computer use for company violations, they do not have the same ability to monitor personal email accounts.
Perhaps because of the inability to monitor personal email accounts, the firm decided to just prohibit all access to such email period. I wonder whether there will be pushback from employees, or under current law, do employers like K&S have carte blanche when making these types of decisions in the workplace concerning email and use of technology?