One of the most interesting new legal resources is the website RightsInfo, founded and directed by up-and-coming human rights barrister Adam Wagner. It is not just that the subject is important, nor that it impinges on almost everything else, but the website itself is bright and enticing, laying out its wares in an attractive and user-friendly format. It is an area of law which news outlets, and not just the low-rent ones like the Express and Mail, frequently get wrong, deliberately or otherwise, and RightsInfo is the best source of corrective and accurate information.
RightsInfo has just published an article of interest to those concerned with eDiscovery called Here’s why your boss can’t just spy on your emails. It tells the story of Mrs Coupland who received compensation after calls and emails were monitored. The closing paragraph reads:
Her case reinforces the fact that the right to privacy extends into the workplace. As a result, employee communications monitoring policies must be fairly applied. So, if your boss wants to read your emails, they’d better have a clear justification for it.
This is one of those areas where a difference emerges between the US and the rest of the world. Save for certain very specific information, US lawyers consider that anything created by an employee in office time and/or on office equipment is the property of the company which makes it potentially discoverable at the hands of the employer. Outside the US, and specifically in the EU, the position is rather different.
I do not propose here to examine those differences but to point to one specific area of misunderstanding which appears in a US article which I came across on the same day as the RightsInfo article and which included the following paragraph:
For example, while in the United States employee information created on the job is considered owned by the company, and therefore subject to the discovery process, European employees technically own any information they’ve created. This means their authorization is required when collecting information that could be relevant to an investigation.
There is a fundamental confusion here between data protection and privacy on the one hand and copyright and other IP rights on the other. It is not the case that an employee acquires any proprietary right in what they create while at work – that may be the case in certain specific circumstances, but it is not the general rule. What they may acquire, depending on a document’s contents, is rights over any personally identifiable information about them which is contained in the document whether they created or not.
Most corporate output of any significance does not contain PII. The problem for employers is being able to find it and treat it properly in the middle of a rushed eDiscovery exercise, particularly where the demand emanates from the US.
Some documents may, of course, raise both IP and PII issues. We would do well, however, to distinguish between these concepts.