A New Lawsuit Could Set Boundaries on Employers Accessing Your Devices

On day one of any new job, employees engage in a sort of Faustian bargain: In exchange for a shiny new computer, they sign away their digital rights. The thinking goes that as long as an employee is on a work device, the employer has the right to monitor what you type.

But what exactly constitutes a work device?

That’s the central question in a new court case brought by Paul Iacovacci against his former employer, Brevet Capital Management. As first reported in The Wall Street Journal, Iacovacci, a former managing director at Brevet, is suing the finance firm for accessing his home computer to read his personal information in an alleged violation of federal antihacking laws.

The case centers around a desktop computer which the company provided to Iacovacci so he could work from his home in Connecticut rather than commute to the company’s New York City office. Though the computer was purchased by the firm and is thus part of company property, Iacovacci had two personal hard drives plugged into the device. The night that Iacovacci quit the firm in 2016, Brevet allegedly logged in remotely to Iacovacci’s computer and accessed information on his hard drives as well as in his personal email, which he had left open on the screen.

The company used the information it gathered to sue Iacovacci for stealing confidential information that might be used to start a competing business. Last week, Iacovacci filed a countersuit against his former employer for invading his privacy.

Employee privacy rights have become more and more relevant as the line between personal and professional blur. Nearly two-thirds (64%) of employees use a personal device to do their work according to the business research firm Clutch. Bring your own device (“BYOD”) policies are becoming standard practice for businesses as more employees work from home and access work documents from their phones.

But according to Alex Granovsky, an employment lawyer at Granovsky & Sundaresh, the onus falls on employees to decouple their personal lives from their professional lives.

“Your expectation of privacy flows with property,” Granovsky told Quartz. “You should have a much lower expectation of privacy when work owns any part of the equation—from the device to the email address to the WiFi network.”

Granovsky believes employment law is set up to balance the employer’s need to run a company with the employee’s need for privacy, but that in general, it’s the company’s prerogative to monitor anything that travels through its systems. In Iacovacci’s case, using his work-issued computer for anything besides work may have been playing with fire.

“If you wouldn’t be comfortable with your boss reading what you type, it probably makes sense to keep it off your work computer,” says Granovsky. “Unfortunately for employees, that expectation isn’t always made clear.”