The thought of monitoring, tracking and reading emails might make both employers and employees a little squeamish. Does it cross the line from keeping tabs on the business to invading personal privacy?

Employee email monitoring is certainly not illegal, but there are rules and laws that outline how you can go about it, and those vary based on where you’re located. There are also some common ethical standards that, while not mandated, are wise to follow.

Here’s what you need to know about the U.S. and European laws surrounding email monitoring, the types of policies and practices that should be implemented by HR, and how to choose the right technology.

Email Monitoring Laws in the United States

There are no broad U.S. laws that govern workplace privacy issues, though some specific regulations prohibit disclosure of communication where there is a “reasonable” expectation of privacy.

It is well established by United States courts that any email an employee sends or receives on the company’s email account is the property of the employer and can be monitored without notification. However, two states — Connecticut and Delaware — have laws requiring companies to notify employees if they are going to monitor emails and Internet use.

The legality of monitoring personal email accounts that are accessed on work devices is a little murkier. While it’s legal under certain circumstances, courts have sometimes sided with employees who sue their employer for invasion of privacy.

It’s important to note that, in some cases, U.S. employers may actually be required to monitor email communication to comply with government requests for information, compliance audits and regulations, state laws governing disclosure of illegal activity and more.

Email Monitoring Regulations in Europe

The landscape is a little more complex in Europe, where privacy rights have traditionally been highly protected. However, some of the current regulations are confusing and contradictory.

The UK Regulation of Investigatory Powers (RIP) Act of 2000 gives employers the right to monitor and record communications, including emails, when necessary to establish facts, ensure compliance, detect and prevent crimes, and more. However, monitoring employee emails without notifying them could be a violation of the Human Rights Act or the Data Protection Act, both passed in 1998.

Generally, legal experts tell their corporate clients that email and internet monitoring is OK as long as there is a legitimate business reason and they can prove their actions are reasonable in proportion to risk.

Email Monitoring Best Practices

Regardless of laws and regulations, there are some standard practices all companies should adopt to maintain their integrity, follow good ethics and respect the privacy of their employees.

Your human resources department should create a clear policy that outlines acceptable use of email and explains your email monitoring policies and procedures. If you choose to monitor email, this should be disclosed to all employees in writing. Better yet, all employees should be asked to sign a release acknowledging that they are aware of email monitoring and agree to abide by company rules of use. It’s also important to limit who has access to monitored emails. Only key managers and executives need this information.

When you’re evaluating employee monitoring software, look for products that allow you to set automatic rules and alerts. Rather than having to manually weed through data, you can direct the software to automatically flag or stop any communication that is suspicious or violates company policy. You’ll want a tool that is compatible with a wide variety of email platforms, and one that scans email attachments, not just text in the body or subject line. Visual playback and real-time monitoring features are also desirable for ease of use. Click below to learn more about Teramind.

Insider Threat Detection