|
| |
Monitoring
Employee Communications On the Internet;
Big Brother or Responsible Business?
With the onslaught of electronic communications -- E-mail, Internet access,
chatrooms, intranets and web sites -- employers and employees are being faced
with new legal and ethical issues of privacy. Balancing the employees' privacy
rights with the responsibilities of the employer for certain actions of its
employees is bound to be one of the hottest issues of the next decade.
Statistics differ, but most studies agree that the number of people on the
Internet ranges from 600 to 700 million. These numbers have increased
exponentially, often estimated at 1 million people each month, until recent
slowdowns in Western countries. It is also
estimated that approximately half of the people on the Internet access it in
connection with their work.
These statistics demonstrate the magnitude of this growing nightmare for
employers. What are their rights and responsibilities?
Employers are confronted with legal issues ranging from defamation, copyright
infringement, trade secret protection and confidentiality, harassment (including
hostile work environment issues), to criminal accountability and loss of
attorney-client privilege. How do employers weigh these potential liabilities
against their employees' rights and expectations of privacy?
Many U.S. managers, raised in the '60s, find the communications monitoring process
abhorrent on an ethical basis. But the failure to monitor, and actually police
the communications consistently, is something that cannot be ignored without
serious consequences.
This article examines the laws which permit employers to monitor employees'
electronic communications, especially their E-mail.
E-mail is a very informal medium. It is far closer to speech than a written
communication, and typically lacks the care given to a written communication. It
has evolved into a hybrid of speech and writing by the use of emoticons, those
shorthand signs which explain the tone of the E-mail.
Humor is usually connoted by the use of <g> or smileys, to take any potential
sting out of the words when seen in an E-mail vacuum. Many others are used
frequently by experienced E-mail correspondents and persons frequenting on-line
discussion groups and chatrooms.
In addition, for some reason, people "say" things in E-mail and on-line which
they might not otherwise feel comfortable communicating to others. A combination
of the informality with the lack of inhibitions often demonstrated in on-line
communications creates a dangerous situation for employees and their employers,
to which the statements may be attributed. These statements, casually made, can
give rise to defamation actions or harassment charges, typically being
attributed to the employer for "allowing" such remarks.
The prime statutory law in this area is the Electronic Communications Privacy
Act of 1986 (ECPA), an amendment to Title III of the Omnibus Crime Control and
Safe Streets Act of 1968, commonly known as the "wiretap law." The ECPA was
adopted initially to govern third-party interceptions of electronic
communications, not to govern employers' rights to monitor their workers.
The ECPA provides civil and criminal penalties for any person who intentionally
intercepts, uses or discloses "any wire, oral, or electronic communication."
"Electronic communication" is defined as "any transfer of signs, signals,
writing, images, sounds, data, or intelligence of any nature transmitted in
whole or in part by a wire, radio, electromagnetic, photo-electronic or photo
optical system that affects interstate or foreign commerce . . . ." The ECPA
also affords recourse for the use or recitations of information obtained from an
intercepted electronic communication.
Exceptions
The two prime exceptions to the ECPA afford employers broad rights to monitor
their employees: An employer may monitor employee conversations if the
monitoring occurs in the ordinary course of business or with the employees'
implied consent.
Most of the cases developed under the ECPA involve criminal justice and
investigatory wiretaps of telephone and E-mail communications. In the civil
application of the ECPA, most of the case law until recently involved telephone
communication monitoring.
In addition to permitting interception and monitoring under the above
exceptions, the ECPA contains a "business exclusion exemption" which excepts
interceptions which are made by equipment "furnished to the subscriber or user
by [a communications carrier] in the ordinary course of its business [and being
used by the subscriber or user] in the ordinary course of its business."
Under this exception, an employer may monitor phone calls in an
employer-supplied telephone system by attaching a device supplied by the
employer. The courts look to whether a reasonable business justification exists
for the monitoring, whether the employee was informed about the employer's right
to monitor and whether the employer acted consistently in connection therewith.
Additional legislation has been introduced in both the federal and state schemes
to afford employees more rights and weapons in the battle for more privacy.
So far, there is no Federal law that requires employers to notify employees that
their communications are being monitored.
Legislation was introduced in Congress in 1991 by Senator Paul Simon, D-Ill.,
which would have required advance notification to both employees and customers
of electronic monitoring. The bill, known as "The Privacy for Consumers and
Workers Act," prohibited undisclosed monitoring of rest room, dressing room and
locker room facilities, except when the employer suspected illegal conduct. The
bill, which was never passed, would have provided for fines for violations, and
permitted injured employees to sue for compensatory and punitive damages and
attorney's fees.
Without Federal protection, plaintiffs sought state court protection. This was
similarly unsuccessful in overruling the employer's right to monitor the
workplace, including intercepting communications. Many states have adopted their
own version of the ECPA, and in some states require the consent of both
parties for non-exempt interceptions (as opposed to the one-consent ECPA rule).
In addition to the state versions of the ECPA, state laws include state
constitutional provisions, statutes and common law (law that has been developed
through case-by-case review and, in the U.S. and under the UK judicial systems,
is as much part of the law as a statute).
Common Law -
Invasion of Privacy
Given the lack of protection afforded by the ECPA against employee monitoring,
the few state-adopted privacy statutes in effect and the failure of states to
adopt any legislation protecting employee privacy rights, many employees are
seeking recourse under common law rights of action. Typically, they seek relief
under the common law tort of invasion of privacy.
Invasion of privacy laws do not exist in all states, and in some cases
statutes labeled as "privacy invasion" laws do not deal with privacy matters at
all. (In New York, for example, the privacy statute deals with protection of
celebrity's and other's rights against the commercial exploitation of their
images.)
In the states which recognize the tort of invasion of privacy, it generally requires an intentional
intrusion, "physical or otherwise, upon the solitude or seclusion of another
upon his private affairs, or concerns . . . if the intrusion would be highly
offensive to a reasonable person."
One of the key conditions to successfully prosecuting an action for invasion of
privacy is whether or not the person has a "reasonable expectation of privacy."
The courts across the country are finding with more and more frequency that no
reasonable expectation of privacy exists with E-mail or employee online
communications.
One of the most talked about E-mail invasion of privacy cases,
Smith v. The Pillsbury Company, No. 95-5712 (E.D. Pa. 1996), demonstrates
the lack of patience of the judiciary with the claim of common law privacy
torts. In ruling against the plaintiff/employee, the Pillsbury court held
that there was no reasonable expectation of privacy in E-mail communications.
(Pennsylvania recognizes a common law right of privacy.)
The courts are also holding regularly that when the system provider is the
employer, no restrictions exist on interception of information on the system.
Under current circumstances, there is little recourse available to employees who
feel their privacy has been invaded by their employers.
Conclusion
Whether they have a right to privacy under employment circumstances or not, many
employees find the intrusion offensive. This makes it a practical problem, not a
legal one.
Many employers are choosing to notify employees in advance that their activities
may be monitored. These notices may be contained in a written E-mail policy or
within the employee handbook. Under any circumstances, they should be
acknowledged in writing by the employer.
An employer cannot simply allow employees to communicate on an E-mail system
unmonitored. Too many litigants will seek to hold the employer responsible for
what is said and done. Employers should monitor, but do it wisely and
consistently, and adopt a policy that works for them. They should also find a
lawyer who can craft one, just for their business, rather than using one "off
the shelf." It is smart employee relations, and smart preventive law practice.
|
Parry
Aftab, Esq., 
Marvel and
all character names and the distinctive likenesses thereof are trademarks of
Marvel Characters, Inc., and are used with permission. TM & © 2004 Marvel
Characters, Inc. All rights reserved. “Super Heroes” is a Co-owned registered
Trademark.