Van Wyk said being reprimanded or even fired is a far more likely punishment than having your employer call in law enforcement. But that largely depends on how often you snooped, what you did with the information and how you accessed the e-mails or instant messages.
"When you do it once, it is criminal, but the question is whether that warrants prosecution by the government," said Mauro Wolfe, a partner at the Dickstein Shapiro law firm. "I can't even imagine a case where a local prosecutor would want to take that on. The Mendte case shows that when you do it 537 times and in a public way and when you try to destroy someone, you're going to be prosecuted. When you try to harm someone and humiliate them publicly, that takes it to another level."
Employers, however, mostly have the legal right to read workers' e-mail and IMs. If it's the employer's system, equipment and time, then the communications are under their domain as well. "They inform employees that only professional use is permitted and they have the right to monitor what goes on with e-mail traffic and web surfing," said Christie, who leads the information technology group at the McCarter & English law firm, where he is a partner. "There's no reasonable expectation of privacy."
And when it comes to co-workers taking their curiosity or bad intentions too far, Christie said it comes down to intentional access.
He explained that if an e-mail is on someone's computer screen and you walk by and see it, you have not intentionally accessed that e-mail. However, if you are looking at a blank screen or screen saver and you press keys or move a mouse to access e-mail, then you have intentionally accessed it. Doing something affirmative is the dividing line between a possible slap on the wrist from your boss or dismissal and possible criminal charges.
"The totality of the conduct makes it a more serious offense," said Christie. "If someone is actually breaking in, by bypassing a password, if it was done in an effort to commit another crime, like identity theft, that would certainly make it a felony and something law enforcement would certainly take much more seriously."
Both Christie and van Wyk said it would be more tempting for someone in IT to break into a co-worker's e-mail because their level of access would make it so much easier. And while Christie said he'd expect IT workers to be under greater scrutiny, van Wyk said that's largely not the case at all.
"Watching the watcher is a classic problem that is not trivially solved," said van Wyk. "I think IT needs to have policies that speak to abuse of power. Too often those policies are left unarticulated. Like, you may use admin privileges to run the system but not to read users' data. You may back the data up in your job function, but you may not read it without express permission from its owner. That sort of thing."
Christie said companies need to be more vigilant about keeping an eye on employees' communications and who might be accessing areas they shouldn't be. IT should be tightening security, making sure there are set policies and that employees are well educated about what's allowed and what is not. And, he added, companies need to step up and investigate when it's warranted.