For ordinary Americans, don’t count on any sensitive emails suddenly disappearing in a Houdini-like fashion like they did for former Internal Revenue Service executive Lois Lerner. Security experts say most Americans should be more concerned with their company’s IT department reading their emails — not losing them.

The IRS said this week that Lerner’s computer crashed in 2011, which made it extremely difficult for the agency to piece together the chain of events surrounding the IRS treatment of conservative groups. Experts say this is highly unusual, especially for American workers. “As a forensics investigator, if there’s one thing that I can count on it’s finding email,” says Darren Hayes, director of cyber security and assistant professor at Pace University. “If a computer has crashed we can typically clone a hard drive and retrieve whatever files we need to.” And because email is so pervasive with copies available from the sender, recipient, they reside on smart devices, email servers and a plethora of other storage devices, he adds.

There is one exception: “There can be challenges accessing a hard disk drive if a number of years have passed since a computer was last booted up,” Hayes says. “We are sometimes at the mercy of IT department and the retention policy for their email server.”

The situation at the IRS also runs counter to revelations last year that the government runs a widespread surveillance program monitoring call logs and electronic communications and, according to privacy experts, the way office computers work. And while the IRS may have lost emails, he says it’s highly unlikely to happen for anyone else. “Assume that your life will be an open book to your employer,” says Adam Levin, co-founder of online-security company Identity Theft 911.

Mary Barra talks about changes to be made at GM

Email-scanning programs like Websense and Spector Pro that scan for spam can also search for expletives or other keywords, experts say. In 2012, trader Greg Smith resigned publicly from Goldman Sachs and alleged that five different managing directors referred to their own clients as “muppets,” sometimes over internal email. In 2012 the company began scanning employee emails for terms like “muppets,” CEO Lloyd Blankfein reportedly said during a conference call shortly after Smith’s public resignation. “We are required by law to maintain records of communication inside the firm in a searchable format,” a spokeswoman for Goldman Sachs says. Media company Bloomberg has said it has monitored emails for profanity for more than a decade; when profanity is found, employees get a pop-up message highlighting the offending word, or the email may be blocked from being sent.

“The U.S. Constitution protects individuals against abuses by the government,” Hayes says. “But there’s not a lot of protection of data collected on individuals.” Most U.S. privacy regulation is based on self-regulation, he says, where companies dictate their own policies on handling employee and customer privacy. In Europe, there are stricter government rules about collecting and using personal data; individuals must give their unambiguous consent, he says.

There has been some resistance to employers snooping into their staff’s digital life. U.S. Reps. Ed Perlmutter (D., Colo.) and Peter Welch (D., Vt.) introduced the Password Protection Act of 2013 last year, which is intended to prevent employers from gaining access to online passwords. And in one incident in 2012, Kimberly Hester, a teacher’s aide at an elementary school in Cassopolis, Mich., refused to show the school superintendent her Facebook page and was reportedly suspended as a result.

And it’s not just email. Some companies routinely check phone records of employees, monitor what websites they visit, and read emails and instant messages. All texts, emails and correspondence on a work phone or via social media are subject to surveillance by employers, experts say.

Private email and social networking are not protected either, although laws differ from state to state. In 2012, Maryland became one of the first states to stop employers from accessing staffers’ Facebook accounts, after Maryland corrections officer Robert Collins approached the American Civil Liberties Union of Maryland in 2010, disturbed that he was required to provide his Facebook login and password to the Maryland Division of Corrections during a recertification interview. At that time, the department had a policy to screen for gang affiliations. California introduced a similar privacy bill earlier this year.

Of course, employers sometimes have reason to worry about what their employees might say about them, although there may be little they can do to prevent it. Last April, Mozilla’s CEO and founder resigned after an uprising on Twitter, complaining about his support of California’s Proposition 8 donation in 2008, which was a ballot proposition to ban gay marriage. And in January 2013, staff at the U.K. entertainment retailer HMV live blogged from a meeting where staff was being fired. One tweet: “Just overheard our Marketing Director (he’s staying, folks) ask, ‘How do I shut down Twitter?’

The bottom line, however: Monitoring of staff email and social media is the norm, says Diane Rodgers, senior human resources operations manager at CBIZ Human Capital Service, a national accounting and professional services provider in St. Louis. And in many cases, the monitoring starts even before the employee’s first day: Some 37% of employers check an applicant’s Facebook, Twitter, Google+ and LinkedIn profile before hiring, a 2012 survey by jobs listing site Careerbuilder.com found. And there’s little need to hire security experts. “Most employers have their own internal IT resources,” she says, “and it doesn’t take a lot of outside expertise to search.”

This story was updated from an earlier version.

Other articles by Quentin Fottrell:

Job interviews are getting weirder

Christie’s staff should have used Snapchat

Why hackers want your phone number