If a disgruntled employee tampers with your company’s computer system, can you hold the person accountable? Read the facts of this real-life case and decide: Who won?

The facts:

Someone in the company discovered that all the shipping addresses for its suppliers had been changed, as was the password to get into the database. The company had a good hunch who was to blame — the day before, the only employee who knew the password left the office angrily after a dispute with her boss.

The employer said:

The IT department captured the IP address of the user who made the changes and contacted the Internet Service Provider (ISP) to verify the employee did it. But the ISP said it couldn’t give out that information. The company took the ISP to court.

Who won the case?

Answer: The ISP.

Why: The case reached the New Jersey Supreme Court, which ruled the state constitution gives Internet users a “reasonable expectation of privacy” regarding the information they give to ISPs. Therefore the ISP was correct in withholding the info. (In cases with a criminal charge, the court said, the answer would be different.)

It’s not clear if courts in other states will start following the same privacy standards, but it could signal a new trend that means bad news for employers.

Cite: State of New Jersey v. Reid

Tags: disgruntled employee, Internet Service Provider, ISP, New Jersey Supreme Court, privacy