Yes, Your Boss Can (and Maybe Should) Read Your Emails

Document review, doc review, discovery, e-discovery, or – my favorite – e-disco is generally regarded as the worst part about being a junior litigation associate. You get thousands or hundreds of thousands of documents (emails, spreadsheets, contracts, photos, instant messages, texts, you name it!) to review. Working in-house presently, this job is slightly more interesting because I actually know the people whose emails, IMs, etc. I have the pleasure to read.

Given the various additional channels our employees are able to communicate, like Teams, and the fact that the DOJ has announced its intention to more expansively investigate federal construction contractors, my company is revamping its compliance program. And part of the compliance revamp includes how we will be ensuring compliance across the various additional channels. The short of it is that we will be training employees on the public nature of their communications (in case you didn’t know: your communications on your company’s devices are property of the company and are completely discoverable in litigation, unless protected by some sort of privilege (like attorney-client or attorney work product privilege)) and clarifying the approved uses of the various additional channels (like any prudent employer, we do not condone doing business over text messages and, like any sane legal department, do not want to (a) read and (b) produce your text messages).

All this being said, you may be wondering why the H-E-double-hockey-sticks do I care and will this girl EVER stop blabbing about legal nonsense?

To answer your questions: (a) because as managers of companies you should be aware of the liability of your employees’ use or misuse of internet-connected or any similar technology and (b) not yet, sorry!

First, let’s talk about the two main legal bases under which a company can be held liable for its employees’ use or misuse of internet-connected or any similar technology. There are two legal bases under which a company can be held liable for its employees/ use or misuse of Internet-connected (or any similar) technology: (1) the doctrine of ratification and (2) the doctrine of respondeat superior:

(1) The Doctrine of Ratification

An employer may be liable for an employee’s willful and malicious actions under the principal of ratification. An employee’s actions may be ratified after the fact by the employer’s voluntary election to adopt the employee’s conduct by, in essence, treating the conduct as its own. The failure to discharge an employee after knowledge of his or her wrongful acts may be evidence of supporting ratification.

For example, in Fines v. Heartland, Inc., an employee sued her employer after being sexually harassed and defamed by another employee. There, the sexually harassed employee claimed that her employer ratified the misconduct because her employer delayed in discharging the harassing employee. The court found that by coming to a decision and taking action to discharge the employee within four business days, the company did not ratify the misconduct.

As follows, it is imperative for companies to maintain tight compliance policies that allow for swift considerations of misconduct so as to avoid the consequences of the Doctrine of Ratification

(2) The Doctrine of Respondeat Superior

Under the Doctrine of Respondeat Superior, an employer is vicariously liable for its employees’ torts committed within the scope of the employment. To hold an employer vicariously liable, the plaintiff must establish that the employee’s acts were committed within the scope of the employment. An employer’s vicarious liability may extend to willful and malicious torts. An employee’s tortious act may be within the scope of employment even if it contravenes an express company rule. But, the scope of vicarious liability is not boundless: an employer will not be held vicariously liable for an employee’s malicious or tortious conduct if the employee substantially deviates from the employment duties for personal purposes. Thus, if the employee ‘inflicts an injury out of personal malice, not engendered by the employment’ or acts out of ‘personal malice unconnected with the employment,’ the employee is not acting within the scope of employment.” Fines v. Heartland, Inc. (quoting White v. Mascoutah Printing Co.).

For example, in Fines v. Heartland, Inc., the sexually harassed employee also claimed that her employer was liable under the doctrine of respondeat superior. There, the employer’s handbook stated that “office computers were to be used only for business and not for personal” and that “use of office equipment for personal purposes during office hours constituted misconduct for which the employee would be disciplined.” Id. The court found that such provisions put employees on notice that certain behavior was not only outside the scope of their employment but was an offense that could lead to being discharged. Accordingly, the court found that since the harassing employee’s purpose for sending harassing company emails over company property was “purely personal,” there were no grounds for finding the employer liable under the doctrine of respondeat superior because “there mere fact that they were coworkers is insufficient to hold [the employer] responsible for [the harassing employee’s] malicious conduct.” Id.

It is, thus, important for companies to clearly define the scope of employment, or at least what does not fall under the scope of employment, so as to put employees on notice that certain behavior is outside the scope of their employment and avoid the consequences of the Doctrine of Respondeat Superior.

Second, if you’re still reading, let’s talk about what you – as a manager – can do to help minimize liability exposure. Want to take a guess? Hint, I said it earlier… Yes, that’s right! You should help facilitate changes and additions to the employee manual. (To be clear, it is advisable to consult an attorney (I’ll be able to help in Fall 2022), your company’s compliance officer (if s/he exists), and your company’s HR director.)

Your goals in revising your company’s employee manual in order to minimize liability exposure should be to (a) clarify ownership and monitoring of technology, (b) ensure that the company’s technology is used only for business purposes, and (c) make the policies reflected in the manual effective and enforceable. These goals can be achieved by (1) ensuring that there is no expectation of privacy and (2) dispelling risks of waiver by following the newly-stated employee manual:

(1) Ensure that there is no expectation of privacy by clearly stating that the technology is property of the company and that the company reserves the right to monitor the use of the technology at any time.

This may be accomplished by writing a clear policy that (a) requires a signed statement acknowledging employees’ understanding of the company’s policies, (2) defining key terms such as “monitoring,” and (3) warning employees that deleted computer files may be searched.

The tort of invasion of privacy occurs when a party intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, if the intrusion would be highly offensive to a reasonable person. Courts aptly consider that “the judiciary risk error by elaborating too fully on the implications…of emerging technology before its role in society has become clear. Hogan v. East Shore School (quoting City of Ontario v. Quon, 560 U.S. 746 (2010) (noting that “rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepst as behavior” and that “many employers expect or at least tolerate personal use of such equipment because it often increases worker efficiency”).

For example, in Hogan v. East Shore School, a private school discharged a teacher after uncovering that he was using his employer-provided computer to gamble. There, the employee (the teacher) sued, claiming that the school had invaded his privacy. There, the court affirmed the trial court decision that, as a matter of law, the employee had no expectation of privacy.

(2) Avoid the risk of waiver by following the newly stated employee manual.

It is important to remember that if you’re going to talk the talk, you have to walk the walk. Precedent states that an employer may be assumed to have abandoned or changed even a clearly written company policy if it is not enforced or if, through custom and practice, it has been effectively changed to permit the conduct forbidden in writing but permitted in practice.

For example, in Hogan v. East Shore School, the court found that there was “no reason to believe that a waiver was created when [a school’s employee] handbook was re-issued annually with the same warning [which] reserved the right to monitor use of the computer equipment.” Id.

Employers should, thus, ensure that they follow their newly-instated employee manual closely—both administratively (updating annually) and procedurally (through custom and practice). The DOJ similarly inquires into this when investigating corporations.

In short, your boss (or at least your legal department/outside counsel) can and should read your emails in the face of litigation and perhaps to uphold general compliance that would pass muster under the DOJ’s guidelines for corporate investigations. You should consult legal counsel before altering your code of conduct – and you may just happen to know someone who can help with that already!

*The information provided on this post does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this blog are for general informational purposes only.  Information on this website may not constitute the most up-to-date legal or other information.  This post contains links to other third-party websites.  Such links are only for the convenience of the reader, user or browser; the author does not recommend or endorse the contents of the third-party sites.

**Readers of this post should contact their attorney to obtain advice with respect to any particular legal matter.  No reader, user, or browser of this site should act or refrain from acting on the basis of information on this site without first seeking legal advice from counsel in the relevant jurisdiction.


  1. rjperrault3BCCGSOM · ·

    So this is why I get pestered every year to complete my ethics and compliance training…. Jokes aside cool blog about a topic I really didn’t know much about. Thanks for helping to simplify this a bit for us non-legal folks. Still a lot that went over my head lol but I can def say I learned something from this blog and might be a bit more careful about what I put out in email and communicator while at work

    1. lexgetdigital · ·

      It absolutely is why you’re pestered about yearly ethics and compliance trainings – and hats off to your employer to being on it yearly!

  2. parkerrepko · ·

    I learned early in my career that every email can be forwarded. Made me make the decision to have an email exchange become an in-person conversation if I felt it was sensitive enough. On that topic, do you think this same legal principle will apply to conversations in the metaverse? How might the employee handbook adapt? Also, I assume any video recording of a meeting over zoom is admissible as evidence. (And…a shoutout to the law industry for keeping Latin alive! For former Latin enthusiasts – respondeat is a 2nd conjugation, jussive verb indicating a command.)

    1. lexgetdigital · ·

      Yes, emails can be forwarded, but even emails that are not forwarded (and even emails that are deleted) are discoverable and accessible by IT departments with proper retention policies. Video recordings of a meeting are absolutely discoverable – the question is whether (1) they are retained, (2) the attorney on the other sides knows that they can discover these and if their client is willing to spend legal fees as they review these recordings, and/or (3) the other side properly rebuts the request and the judge/arbitrator agrees with them. If I were advising an employer, I’d suggest not recording the meeting – and not adjusting the handbook to account for that because recording meetings would be outside the policy.

      Love the Latin shoutout!

  3. Carlos Montero · ·

    Great post! My old employer used to read all my emails, and you might ask how do I know this other than because it is in the policy is because they had suggested in the past how I should convey a different message. I didn’t mind that they read my email, but at the same time, I wasn’t breaking any rules, and their suggestions were more about their style own style of writing. Work email and computer monitoring are crucial for business continuity. Still, I believe this needs to be monitored and controlled to prevent situations where employees feel micromanaged and might limit their work performance.

    1. lexgetdigital · ·

      Jeeze! Well, to be clear, I don’t support bosses reading employees’ emails, except when there is an obvious need (like litigation, which would require the legal department, not boss (although, the CLO is MY boss haha) to read the emails). The micromanagement is a fair concern. The big takeaway is, however, what you understand: communications on work devices are the property of your employer, not you.

  4. Kanal Patel · ·

    Well…I am paranoid about my messages and emails now after reading this post hahaha Great Post, did not know this was a thing. I wonder, if without realizing, I signed something that allows employers to do this…I also wonder where the line in drawn on what is considered “bad” enough for an action to be taken against such data collection.

    1. lexgetdigital · ·

      I wouldn’t worry too much. Like I said below, nobody really is reading these for fun. So unless you’re working on a project that ends up in litigation or you get accused of harassment or something, you’re generally going to be ok (that’s the “bad” enough situation). However, you’ll never really know whether litigation comes up, so it’s best to treat emails like company property – because they are. If you’re inclined to say something like “wow we really messed up, hopefully the client doesn’t notice,” fix the problem/bring it to the attention of someone who can fix the problem instead of messaging about it.

  5. DownEastDigital · ·

    Really appreciate your legal perspective here so thanks for always sharing that with us. While I do think every boss shouldn’t have the right to read his subordinate’s emails, certain individuals in each company absolutely should. I’ve always worked with the understanding that anyone could read my emails and messages on official chat services and think it’s pretty funny how different people approach that. Some people don’t care at all and let it fly on company chat lines, disparaging coworkers and complaining about the company. But then there are many people I’ve worked with who will transition to texting when communicating any sort of controversial feelings. This post also made me think of former Raiders Head Coach John Gruden, who was recently terminated after emails containing disrespectful communications surfaced. I’d like to think someone in his position wouldn’t be saying the things he did…especially using corporate communication channels.

    1. lexgetdigital · ·

      Thanks! As long as you’re texting on your personal phone and that those texts are about coworkers and not work, then that’s ok! But talking about work on your personal phone is another issue. I think the rule of thumb would be: how bad would this look if it was printed out and blown u on a big ‘chalk’ at trial? Dissing your coworkers, unless it’s the Legal Department (!!!) (and maybe IT!), I’d actually say is generally ok. To be clear, most companies aren’t reading these communications for fun – they’re reading them because an issue has been raised (litigation, claims of racism, etc.).

  6. Great post. I knew some, but certainly not all, of that! Love it when I learn things from blog posts!

    1. lexgetdigital · ·

      Thank you! And glad to hear it.

  7. yanamorar · ·

    I enjoyed reading this post, and I now better understand why employers could and should monitor internet use at work and on work laptops. I also enjoyed the notions of legal cases and the outcomes, particularly Fines v. Heartland, Inc., and Hogan v. East Shore School. Very informative, thank you!

    1. lexgetdigital · ·

      Thanks, Yana!

  8. greenmonsterbc · ·

    Very applicable topic and a well written post. I saw some comments regarding the X-Raiders coach and the investigation the NFL has recently conducted on the Washington Football Organization. Hard to believe they had a single scape-goat (or is it easy to believe?), and there won’t be more legal consequences / public shaming for others. Mostly this reminded me of my undergraduate fraternity warning which was very simple: The “E” in “E-mail” stands for “Evidence”. As a young person its hard to imagine there could be consequences for personal discussions, but in reality none of that information is private.

  9. albertsalgueda · ·

    Nice post! I really enjoyed the legal part of it, especially the outcome Fines v. Heartland, Inc.
    I had no knowledge about this topic and found it very interesting and useful for my future, thank you!

  10. kaylacyrs · ·

    Such an interesting topic! This really makes it easier to understand legal ramifications and precedents regarding employee and employer’s rights. This made me wonder what type of changes might be made as we move an even more digital world and video calls become more common place. It will be interested to see what legal changes must be made to include new mediums of communication are rolled out.

  11. Lexie- intriguing case sites! You demonstrate a profound knowledge of the law and should not be giving out such exemplary legal advice at no cost!! A key tenant of corporate finance is “there is no such thing as a free lunch”. Your many examples remind me of a past work experience at a large insurance company where another employee was using his work laptop to moonlight for another large insurance company not thinking that all of his data was recoverable on his employers computer. Anyway, thank you for the insightful and humorous reminder to stay vigilant and abide by the Globe rule (would your email look good centerfold on the Boston Globe).

%d bloggers like this: