Employee use of electronic mail and the Internet is increasing at an extraordinary pace.
According to one source, U.S. workers currently send more than one billion e-mail messages every day. One can only guess just how many of those messages are professional and how many are personal.
That’s because the majority of companies don’t monitor their employees’ electronic communications use. Negative connotations of Big Brother and a hesitancy to promote an atmosphere of mistrust hold many back. But several legitimate reasons exist for you to consider monitoring your workers’ e-mail and Internet usage.
Companies have a real need to maintain their professional reputation and image. They have a right to oversee employee productivity and workplace efficiency. They have an obligation to prevent and discourage sexual and other illegal workplace harassment. You can even be held accountable for failing to prevent an employee from cyberstalking — threatening, harassing or annoying someone through multiple e-mails.
Companies may choose to monitor employee e-mail and Internet use to prevent possible defamation liability or employee disclosure of trade secrets and other confidential information. They may even do it to avoid copyright and other intellectual property infringement liability from employees illegally downloading software and other resources.
There are many reasons you may want to keep an eye on what goes out of your workers’ computers, but can you? To date, federal and state laws regarding the right of private employers to monitor employee use of e-mail and the Internet remains undeveloped.
What the law says
The Electronic Communications Privacy Act of 1986 (ECPA) is a federal statute that regulates the ability of both government and private employers to monitor the oral, wire or electronic communications of their employees. The ECPA imposes liability on any person who intentionally intercepts, uses or discloses any electronic, wire or oral communications.
The ECPA does provide two exceptions under which employers may avoid liability under the statute:
1. A consent exception, in which the employee consents to being monitored after being informed of the company’s intention to monitor; and
2. A business extension exception, such as monitoring done in the ordinary course of business for quality control purposes. It’s still unclear, however, whether monitoring employee e-mail falls under either of these ECPA exceptions.
In lieu of clear federal guidelines, some states offer statutes that make the monitoring of e-mail even more difficult. The Pennsylvania Wiretapping and Electronic Surveillance Control Act, for example, regulates the monitoring of oral, wire and electronic communications similar to the ECPA, but provides a stricter consent communication consent to monitoring. Similar to the ECPA, case law regarding this statute remains undeveloped.
The right to privacy
Common law in many states recognizes the right of privacy for individuals under certain circumstances. The privacy tort of intrusion upon seclusion maintains that one who intentionally intrudes upon the solitude or seclusion of another is subject to liability for invasion of privacy if the intrusion is deemed highly offensive to a reasonable person.
One federal court applying Pennsylvania law recently held that a discharged employee, terminated for sending inappropriate e-mail messages, did not have a reasonable expectation of privacy in the communications he sent using the company’s e-mail system, even if the employer promised that e-mail would be considered confidential and not subject to monitoring.
The court ultimately held that the discharged employee could not state a claim for wrongful discharge under Pennsylvania law.
Avoiding liability
Based on the limited case law in this area, how do employers monitor electronic communications without exposing themselves to liability? Start by setting ground rules and making sure your workers understand them. Let employees know up front that their use of company e-mail and Internet systems will be monitored, and put it in writing.
Draft and distribute a well-defined, written electronic communications policy before monitoring begins. That way, any expectation of privacy on the part of employees is eliminated.
The policy should inform employees of several things, including, but not limited to, the absence of any privacy right by employees while using the company’s e-mail and Internet systems, as well as the employer’s ability and right to monitor, intercept, record and review all communications sent by employees over the company’s e-mail and Internet systems.
Taking the time to explain the reasons for monitoring will go a long way in retaining morale. Terrence M. Lewis is an attorney with Pittsburgh-based law firm Thorp Reed & Armstrong LLP.
