Corporate Law Winter 2010 Newsletter: Employee Monitoring in an Electronic Age

Internet and e-mail in the workplace, now used by nearly 40 million Americans, have become valuable assets to business enterprises. Unfortunately, the way these tools are used — or abused — can become a disaster waiting to happen. A survey of 1,000 American workers revealed that 64 percent of those with Internet access at work use it for personal interests during working hours. A majority of employers now think they must (and do) monitor their employees’ Internet and e-mail usage to enhance productivity and avoid potential workplace liability (although, not surprisingly, a substantial percentage of employees disagree). But can monitoring employee Internet and e-mail be a problem for employers?

A Reasonable Expectation Of Privacy
The balance between an employee’s right to privacy and a corporate employer’s right to monitor often favors employers. Indeed, courts set a high standard for employees to prove that a company violated an employee’s reasonable expectation of privacy. This seemingly provides wide latitude for employers to monitor employees’ electronic workplace communications. However, there are no absolutes with regard to the question of privacy in the workplace. While there appears to be great latitude, whether an employer can monitor employees is, in actuality, a fact-specific inquiry dependent upon an analysis of specific company practices.

In three past cases, courts have found that employees have no reasonable expectation of privacy where employers’ policies clearly outlined impermissible e-mail content, identified that a violation could result in disciplinary action (including termination), and reserved the Company’s right to access e-mail messages and track websites visited by the employees. In Garrity v. John Hancock Mutual Life Insurance Co. 2002 U.S. Dist. LEXIS 8343 (D. Mass. 2002), employees who used the employer’s e-mail system to share sexual jokes were terminated. Since the employees in question knew of the employer’s electronic communications policy and also knew that recipients of their e-mails could forward them to third parties, no valid reasonable expectation of privacy existed.

Similarly, in TBG Insurance Services Corp. v. Superior Court, 96 Cal. App. 4th 443 (Cal. App. 2d Dist. 2002), an employee terminated for accessing pornographic websites consented to having his employer-provided home computer monitored by authorized company personnel. The court determined that because he had consented to company monitoring, he had no reasonable expectation of privacy in such computer. And in Muick v. Glenayre Electronics, 280 F.3d 741 (7th Cir. Ill. 2002), an employee receiving and possessing child pornography on a company laptop intended for office use had no reasonable expectation of privacy because the employer informed the employee that it could inspect the computer.

The key common element to each of these cases is that the employer had a pre-existing policy that it communicated to its employees, so that employees understood the scope of their employer’s intentions.

While most legal disputes regarding employer monitoring of Internet and e-mail use have upheld the company’s right to monitor finding no general reasonable expectation of privacy, there are cases holding for the employee. In State v. Young, 974 So. 2d 601 (Fla. Dist. Ct. App. 1st Dist. 2008), a pastor employee who stored child pornography on his church-provided computer had a reasonable expectation of privacy. In this instance, the employee was successful because the employer failed to have a policy advising employees that computer usage would be monitored nor was there any indication that company personnel had routine access to employee computers. Again, this case hinged on the existence and communication of a company policy.

The Conflict Of Employee Monitoring
The cost and disruption of litigation by disaffected employees (or former employees) is just one downside to not having and communicating an effective Internet and e-mail policy. Even if a company is lucky enough to avoid litigation, employee monitoring may be damaging to employee productivity if it is not implemented effectively. While monitoring might deter company provided Internet and e-mail abuse, it may also cause resentment in employees if they do not see the justification of monitoring. In a recent survey, 35 percent of employees indicated that they resented employer monitoring and felt it hurt their productivity. Knowledge of Internet and e-mail use policies is essential for companies and employees alike. If a company approaches the situation from a realistic and business perspective and explains the reasons why it imposes monitoring policies, then it becomes less personal and more work oriented and employees are more apt to accept this reason. Moreover, since employees often spend the better part of their waking hours in the office, conducting some personal business via e-mail or the Internet (such as online banking) may be a convenience that employees’ cannot do without. Company policies must consider the practical detriment of an overly restrictive policy.

Another issue arises with regard to what an employer can do with information that it gathers through employee monitoring. While employees might come to accept monitoring of work by a corporate employer, the thought that employers might have access to their private information via monitoring e-mail and Internet use might not be accepted as easily. Does an employer assume any responsibility to safeguard confidential employee information not of a public nature? There is a growing body of case law and state statutes requiring employers to do just that. Among other things, employers must take reasonable steps to protect the confidential information of their employees and disclose when that information has been accessed without authorization. Consequently, employers must decide in advance the scope of information it will access, what information will kept confidential, who in the company hierarchy must have access to it, and who must be able to make changes to it. If a business develops a method to protect confidential information and implements those methods by ensuring employees understand new procedures, it could go a long way to easing employees’ fears and avoiding costly litigation.

What’s A Corporation To Do? Drafting An Effective Policy
In order to avoid litigation and better maintain employer/employee harmony, more companies are not waiting for law suits to deal with Internet and e-mail abuse. They are implementing and enforcing Internet and e-mail use policies prior to the threat of litigation. The key to an effective policy is consistently enforcing a realistic plan that takes into account the realities of the workplace. A good policy should take into account the following components:

Step 1
Place Restrictions On Internet and E-mail Use
Policies should include specific restrictions pertaining to the content of electronic messages, prohibiting messages that are defamatory, abusive, profane, obscene, sexually oriented, threatening, racially offensive, tortuous, or wrongful. A successful e-mail and Internet policy should also contain procedures encouraging early reporting by employees of offensive conduct.

Step 2
Communicate The Policy To Employees
The company should employ internal procedures to perform a prompt investigation of complaints regarding the misuse of Internet and e-mail communications, informing employees that inappropriate conduct will lead to disciplinary action, up to and including termination.

Step 3
Reserve the Right To Monitor
Most importantly, a corporate employer should reserve the right to monitor, have employees consent to monitoring, and state that a failure to monitor in particular situations is not a waiver of the company’s right to monitor. A good corporate policy should warn employees that company computers and e-mails stored on the company server are company property and that employees have no reasonable expectation of privacy in same. Corporate employers should also be sure to periodically review e-mail and Internet policies to ensure compliance with current law, update them in light of changed circumstances, and continue to inform employees about the policy and their rights.

Louise Ann Fernandez, whose practice has spanned more than 25 years, is chairperson of the Labor & Employment Group. For more information, contact Louise Ann at 310.201.3522 or LFernandez@JMBM.com. Maryam Maleki contributed to this article.

To view the complete Corporate Law Winter 2010 Newsletter, click here.
To download a PDF of this article, click here.