Commentary
6/16/2004
04:28 PM
Commentary
Commentary
Commentary

The Privacy Lawyer: Monitoring Employees' Internet Communications: Big Brother Or Responsible Business?

Balancing employees' privacy rights with the responsibilities of the employer is becoming increasingly tricky for both sides Parry Aftab says.



With the onslaught of electronic communications--E-mail, instant messaging, peer-to-peer, blogs, broad Internet access, chat rooms, intranets, and interactive Web sites--employers and employees are faced with new legal and ethical issues of privacy. Balancing employees' privacy rights with the responsibilities of the employer for certain actions of its employees is bound to be one of the hottest issues of this decade.

It's estimated that approximately half of the people on the Internet access it in connection with their work. This statistic demonstrates the magnitude of this growing nightmare for employers. What are their rights and responsibilities?

Employers face legal issues ranging from defamation, copyright infringement, trade-secret protection and confidentiality, harassment (including hostile work-environment issues), to criminal accountability and loss of attorney-client privilege. How do employers weigh these potential liabilities against their employees' rights and expectations of privacy?

Many U.S. managers, raised in the 1960s, find the process of monitoring communications to be abhorrent on an ethical basis. But the failure to monitor and police the communications consistently is something that can't be ignored without serious consequences.

This article examines the laws that permit employers to monitor employees' electronic communications, especially their E-mail.

E-mail is a very informal medium. It's far closer to speech than a written communication and typically lacks the care given to a written communication. It has evolved into a hybrid of speech and writing by the use of emoticons, those shorthand signs that explain the tone of the E-mail.

Humor is usually connoted by the use of smiley faces, to take any potential sting out of the words when seen in an E-mail vacuum. Other symbols are used frequently by experienced E-mail correspondents and persons frequenting online discussion groups and chat rooms.

In addition, for some reason, people "say" things in E-mail and online that they might not otherwise feel comfortable communicating to others. A combination of informality with the lack of inhibitions often demonstrated in online communications creates a dangerous situation for employees and their employers, to which the statements may be attributed. These statements, casually made, can give rise to defamation actions or harassment charges--which typically lodged against the employer for "allowing" such remarks.

The prime law in this area is the Electronic Communications Privacy Act of 1986, an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, commonly known as the "wiretap law." The ECPA was adopted initially to govern third-party interceptions of electronic communications, not to govern employers' rights to monitor their workers.

The ECPA provides civil and criminal penalties for any person who intentionally intercepts, uses, or discloses "any wire, oral, or electronic communication." The term "electronic communication" is defined as "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo-electronic or photo optical system that affects interstate or foreign commerce." The ECPA also affords recourse for the use or recitations of information obtained from an intercepted electronic communication.

Exceptions
The two prime exceptions to the ECPA afford employers broad rights to monitor their employees: An employer may monitor an employee's conversations if the monitoring occurs in the ordinary course of business or with the employee's implied consent.

Most of the cases developed under the ECPA involve criminal justice and investigatory wiretaps of telephone and E-mail communications. Until recently, most of the case law in the civil application of the ECPA involved monitoring telephone communication.

The ECPA also contains a "business exclusion exemption" that exempts interceptions made by equipment "furnished to the subscriber or user by [a communications carrier] in the ordinary course of its business [and being used by the subscriber or user] in the ordinary course of its business." Under this exception, an employer may monitor phone calls made on an employer-supplied telephone system by attaching a device supplied by the employer. The courts look to whether a reasonable business justification exists for the monitoring, whether the employee was informed about the employer's right to monitor, and whether the employer acted consistently in connection therewith.

Additional federal and state legislation has been introduced to afford employees more rights and weapons in the battle for more privacy.

So far, there's no federal law that requires employers to notify employees that their communications are being monitored. Legislation was introduced in Congress in 1991 by Sen. Paul Simon, D-Ill., that would have required advance notification to both employees and customers of electronic monitoring. The bill, known as The Privacy for Consumers and Workers Act, prohibited undisclosed monitoring of rest rooms and dressing-room and locker-room facilities, except when the employer suspected illegal conduct. The bill, which was never passed, would have provided for fines for violations and permitted injured employees to sue for compensatory and punitive damages and attorneys' fees.

Without federal protection, plaintiffs sought protection in state courts. This was similarly unsuccessful in overruling the employer's right to monitor the workplace, including intercepting communications. Many states have adopted their own version of the ECPA, and some require the consent of both parties for non-exempt interceptions (as opposed to the one-consent ECPA rule). In addition to the state versions of the ECPA, state laws include constitutional provisions, statutes and common law (law that has been developed through case-by-case review and, in the United States and under the United Kingdom's judicial systems, is as much part of the law as a statute).

Common Law And Invasion Of Privacy
Given the lack of protection afforded by the ECPA against employee monitoring, the few state-adopted privacy statutes, and the failure of states to adopt legislation protecting employee privacy rights, many employees are seeking recourse under common-law rights of action. Typically, they seek relief under the common-law tort of invasion of privacy. Invasion of privacy laws don't exist in all states, and in some cases, statutes labeled as "privacy invasion" laws don't deal with privacy matters at all. In New York, for example, the privacy statute deals with protection of celebrities and others rights against the commercial exploitation of their images.

In the states that recognize the tort of invasion of privacy, a violation generally requires an intentional intrusion, "physical or otherwise, upon the solitude or seclusion of another upon his private affairs, or concerns if the intrusion would be highly offensive to a reasonable person."

One of the key conditions to successfully prosecuting an action for invasion of privacy is whether the person has a "reasonable expectation of privacy." Courts across the country are finding with more and more frequency that no reasonable expectation of privacy exists with E-mail or employee online communications.

One of the most talked about E-mail invasion of privacy cases--Smith v. The Pillsbury Company, No. 95-5712 (E.D. Pa. 1996)--demonstrates the lack of patience of the judiciary with the claim of common-law privacy torts. In ruling against the plaintiff/employee, a Pennsylvania court held that there was no reasonable expectation of privacy in E-mail communications, even though Pennsylvania recognizes a common-law right of privacy.

The courts are also holding regularly that when the employer is also the system provider, no restrictions exist on interception of information on the system. Under current circumstances, there's little recourse available to employees who feel their privacy has been invaded by their employers.

Conclusion
Whether they have a right to privacy under employment circumstances or not, many employees find the intrusion offensive. This makes it a practical problem, not a legal one.

Many employers are choosing to notify employees in advance that their activities may be monitored. These notices can be contained in a written E-mail policy or within an employee handbook. Under any circumstances, the employee should acknowledge them in writing.

An employer simply can't let employees communicate on an E-mail system unmonitored--too many litigants will seek to hold the employer responsible for what is said and done. Employers should monitor, but do it wisely and consistently, and adopt a policy that works for them. They should also find a lawyer who can craft one, just for their business, rather than using one off the shelf. A smartly written, well-enforced policy is smart employee relations--and smart preventive law practice.


To discuss this column with other readers, please visit the Talk Shop.

To find out more about Parry Aftab, please visit her page on the Listening Post.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2022 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service