By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Some state constitutions, most notably California's, provide some online privacy rights in the private sector, but generally in the U.S., statutes and principles of the "common law" serve to protect privacy in the commercial context.
Prohibitions against monitoring employee email or other communications have historically focused on interception of messages, not retrieval from electronic storage. As Yaron Dori, an attorney who specializes in telecommunications and privacy law at Covington & Burling LLP, said, when it comes to an employee's expectation of privacy, there's "very little, especially if the employer has notified the employee they will be monitoring him or her. Even less if the employee has acknowledged or consented to such monitoring."
Another statute has relevance to online privacy. The Electronic Communications Privacy Act (ECPA), passed in 1986 as an amendment to the Wiretap Act of 1968, applies to both government employees and private citizens. The ECPA protects communications in storage as well as in transit. It specifically prohibits a third party from intercepting or disclosing communications without authorization.
The ECPA or its subsequent amendments does not specifically limit any monitoring of social media messaging. As Aaron Massey wrote at The Privacy Place last December in a post on the ECPA and personal health records systems, there are "two main exceptions of the original Wiretap Act, both of which were retained by the ECPA.
"The first exception allows interception when one of the parties has given prior consent. … The second exception allows interceptions if they are done in the ordinary course of business. This could mean that your data would be accessible by third parties such as an information technology vendor that maintains the software."
As attorney Evan Brown pointed out on his blog, Internet Cases, recent court rulings suggest that the scope of the Electronic Communications Privacy Act may not be so narrow. The ECPA only prohibits monitoring of electronic communications if it is done "without authorization" or in a manner that exceeds the authorization given.
"The case instructs us that this court is not willing to read the definition of electronic communication as narrowly as the court did in Ropp," Brown writes. "No doubt there will be some interesting evidence produced in discovery that shows how the keystrokes were allegedly intercepted. But at least we know at this early stage in the litigation that the court will consider whether the transmission of electronic data within a system -- and not crossing state lines -- may still affect interstate commerce."