Keeping an eye on employee use of work computers

June 13, 2008

New York Mayor Michael Bloomberg was visiting the city’s legislative office in Albany last year when he saw a game of solitaire on a city worker’s computer screen.

“The workplace is not an appropriate place for games,” Bloomberg told the Associated Press. “It’s a place where you’ve got to do the job that you’re getting paid for.”

He promptly fired the employee and generated a national conversation about employee use of the company computers at work.

Although lost productivity caused by employee Web-surfing at work is a significant concern to employers, the bigger concern should be preventing misuse of corporate technology that could subject the company to negative publicity and significant legal liability.

Imagine an employee is accessing hate sites at work, circulating racist jokes to his friends and your customers through his or her work e-mail account. Or imagine that employee is viewing/downloading pornographic files to a work computer. Or imagine an employee downloads a funny video and unwittingly downloads a malicious virus that takes down the company’s website and e-mail for a week. Or the download contains a virus that allows a hacker to hijack the company’s computer.

Policy basics

While most offices allow limited or incidental personal uses of the company’s Internet and e-mail so long as it does not interfere with an employee’s job performance, companies are advised to adopt and implement technology usage policies, and to monitor employee use of company technology.

Many employees feel that monitoring violates their privacy rights, but more often than not it is allowed under the law. Typically, employers have fairly broad rights to monitor employees to supervise performance, investigate misconduct, protect sensitive business information and prevent harassment.

Employers are wise to have a clearly articulated (and followed) policy on monitoring employee communications for legitimate business purposes. These policies should be integrated with the company’s harassment policy as well.

The policy should tell employees how, when and where they will be monitored. Employers should get employee consents for such monitoring, and should stay within the limits the consent provides. Employers should limit monitoring to necessary performance measures, or to where reasonable suspicion exists to believe that monitoring is warranted.

At a minimum, such policies should state that the company computers and e-mail systems are the property of the company, and employee use can be monitored at any time. Employees should be prohibited from using company computers to send or forward e-mail containing offensive, profane, derogatory, pornographic or sexually explicit content.

Employees also should be prohibited from viewing, downloading or transmitting material over the Internet containing offensive (e.g., racial or sexual slurs), profane, derogatory, pornographic or sexually explicit content. And employees should be required to adhere to copyright and licensing laws that pertain to Internet materials.

A final caution: Just having technology policies or warning employees they will be monitored is not enough. The policies must have teeth and be enforced equally across the board.

Extreme case

In a case with extreme facts, a New Jersey company is facing liability for not thoroughly investigating complaints of an employee downloading pornography at work. After receiving complaints from several workers that an employee was visiting pornographic Web sites, the employer conducted an apparently cursory internal investigation.

After finding some abuse of the company’s Internet policy, the supervisor merely warned the employee to stop violating the company policy. A more thorough investigation would have revealed that the employee viewed such sites as “Young First Nude 13 to 17 years old” and “Incest Taboo.”

It turned out the employee was taking pornographic photographs of his 10-year-old stepdaughter at home, and uploading them to Web sites from his work computer. The stepdaughter’s mother filed a negligence suit against the employer, alleging that if the employer had conducted a meaningful investigation, it would have discovered illegal activity that is required to be reported to law enforcement, and the molestation and exploitation of her daughter would have ended sooner.

The New Jersey appellate court agreed.

The court stated: “We agree with plaintiff that defendant [the employer] had a duty to report employee’s activities to the proper authorities and to take effective internal action to stop those activities, whether by termination or some less drastic remedy.”
To reiterate, employers can be subject to considerable legal liability for their employees’ use of company computers and e-mail.

Employers are encouraged to (1) develop technology policies, (2) monitor employee computer usage, and (3) investigate improper uses of work computers. This will help prevent employee misuse of company technologies and to limit liability from this misuse.

Donna Ray Chmura practices employment law in the Research Triangle Park, N.C., office of Sands Anderson Marks & Miller PC.

Written by Donna Ray Chmura  |  Filed Under Office Practices 

Comments

Got something to say?