Electronic Communications Privacy Act
The Electronic Communications Privacy Act of 1986 (ECPA) is a federal law governing the access, use, disclosure and interception rights associated with electronic communications, and the privacy rights of senders and recipients of such communications. Except for employers and internet service providers (ISPs), the ECPA prohibits the intentional interception of electronic communications such as email in transit. The ECPA initially did not establish any right to privacy in stored communications, such as email in an inbox, but it was later amended by the Stored Communications Act to prohibit the intentional unauthorized access to stored mail (except by ISPs and employers).
The ECPA has several exceptions for internet service providers (ISPs) and others. One exemption is that email may be intercepted in the ordinary course of business. Another exemption allows monitoring or interception when there is an express or implied consent by at least one party to the communication.
Employers typically qualify as ISPs in order to be exempt from the ECPA, because the employer acts as the service provider for the employee. Accordingly, federal law allows employers to monitor employee email.
The ECPA was amended by the USA PATRIOT Act, in order to facilitate government investigation of possible terrorist activity.
Lisa J. Sotto and Elisabeth M. McCarthy, 24 "An Employer's Guide to US Workplace Privacy Issues" No. 1, at p. 1 (Jan. 2007).