The recent boom in the use of such electronic communications media as e-mail and the Internet has given rise to significant workplace privacy issues. Employers are providing large numbers of their employees with e-mail and Internet access, through employer-owned or leased hardware and software, to enable the employees to more effectively perform their work. A predictable result of this access has been that some, in fact, more likely many, employees have not confined their use of e-mail and the Internet to business-related activities. Some personal uses of employer computer-communications systems by employees are in themselves relatively harmless, such as occasional short e-mails to family members, friends, and co-workers to coordinate off-work activities or share important news.Employers have legitimate rights to be concerned, however, when employees spend hours of work time online pursuing personal interests such as shopping for home goods or dropping in on their favorite chat rooms. In addition, if employees use their work computers to do such things as downloading pornography or transmitting sexually explicit jokes over e-mail to co-workers, their employers may be subjected to sexual-harassment or similar types of liability. Finally, employers must be concerned about potential liability under copyright laws when employees download program files without any compensation being paid to the creator. Thus, it is critically important for employers to be aware of employee misuse of electronic communications so that appropriate action can be taken to end the misuse.Ownership of computers and electronic communications media, however, does not in itself allow an employer to monitor how its employees are using the media or what they are communicating over it. Title III of the Omnibus Crime Control and Safe Streets Act of 1968, the primary federal statute prohibiting most wiretapping, prohibits employers from monitoring employee telephone calls without consent or a court order. In 1986, Title III was amended by another federal statute, the Electronic Communications Privacy Act of 1986. This statute extended the prohibition against monitoring telephone calls to include all forms of digital communications. In addition, the ECPA prohibits employers from accessing, without consent, messages to or from an individual stored in a computer.Apart from liability under federal statutes, unwary employers can be subjected to common-law liability for invasions of privacy if they attempt to monitor employee e-mail and Internet use. This is particularly the case if the employer engages in “secret monitoring,” that is, monitoring employees without their knowledge or consent. Employees have been successful in challenging employer monitoring of e-mail and Internet use based on state common-law privacy claims where they have convinced courts that they have a reasonable expectation of privacy in their use of e-mail and the Internet.The chief tool available to employers to curb unauthorized personal use of computers and electronic communications without violating employee-privacy protections is to develop, implement, and consistently follow a written policy concerning e-mail and Internet use. An effective policy should ordinarily contain at least the following types of provisions:
- A provision informing employees that that they should not expect privacy in their use of e-mail or the Internet because their computers and software are company property.
- A provision informing employees that e-mail and Internet access are intended only for business use.
- A provision informing employees that their e-mail and Internet use may be monitored by the employer.
- A provision prohibiting employees from sending false, unlawful, harassing, or abusive messages to others.
- A provision specifying that if employees receive threatening, intimidating, or harassing communications, they should report such receipt to management.
- A provision informing employees that they can be subjected to discipline or discharge for any violations of this policy.
Once an electronic-communications policy is developed, it must be communicated and explained to employees. It is best if each employee is required to sign and date a form on a regular basis, such as annually, indicating that he or she has received the policy, has read it and understands what it means.
Employer policies regarding electronic communications by employees, no matter how well drafted, are not a guarantee that an employer will be able to effectively police e-mail and Internet use by employees without incurring liability for violating the employees’ privacy. However, these policies can provide employers with solid defenses to privacy claims that depend on an employee establishing that she had a valid expectation of privacy in her use of company electronic communications. Moreover, to the extent that such a policy is communicated to an employee at the time he is hired, it provides evidence that the employee–by accepting his job offer–has consented to employer monitoring of his e-mail and Internet use. This is essential to an employer in dealing with claims that its monitoring of employee e-mail and Internet use violate the Electronic Communications Privacy Act, since consent to such monitoring is a complete defense to an ECPA claim.
The USA PATRIOT ACT of 2001 allows for the expansion of surveillance and gathering of information, including workplace surveillance. Among other things the Act allows for interception of wire, oral, and electronic communications, seizure of voice mail messages in the workplace. A request made pursuant to the PATRIOT ACT gives an employer three options: cooperate with law enforcement by providing the requested information; not cooperate and seek permission from the employee to release the requested information; and request for a subpoena, search warrant or court order before disclosing an employee’s confidential information.