Computer and telephone monitoring in the workplace

June 27, 2008

10 points you should consider when drafting an office policy

Technological advances in recent years have significantly enhanced an employer’s capability to monitor the behavior and actions of its employees, including e-mail and telephone communications, as well as Internet use. A recent survey revealed that approximately three out of four companies monitor employee use of the Internet and e-mail, and more than half monitor telephone calls. Such monitoring, when done legally and effectively, can be used as a proactive measure to head off problematic employee behavior before it gets to a point where the company’s business interests are threatened.

The Electronic Communications Pri-vacy Act (ECPA), passed in 1986 as an extension of the wiretap laws, permits employers to monitor electronic communications, such as e-mails, in two situations: where the employee has consented to the monitoring, and where the employer can show a legitimate business purpose for monitoring the employee e-mails. Not surprisingly, it is this second instance that garners the most legal attention.

There is currently a lack of unanimity in the courts regarding what the ECPA does and does not allow. In a Pennsylvania case, a disgruntled employee was terminated for disseminating an e-mail that referred to the office holiday party as the “Jim Jones Kool-Aid Affair,” and sending another e-mail threatening violence against certain colleagues. The employee brought suit against his employer for the e-mail monitoring that led to his termination. Although the employer did not have a written policy disclosing its e-mail monitoring, the court still found in favor of the company based upon the second application of the ECPA, holding that the company’s legitimate business interest in preventing inappropriate comments and possible criminal activity outweighed the employee’s privacy interest.

By contrast, a federal judge in California refused to dismiss the privacy claims of a group of public employees who filed a lawsuit after personal text messages they sent and received on city-owned pagers were read by their city government employer. The court noted that although the official city policy was that the pagers were for business use only, a manager had in-formed the employees that they could use the pagers for some personal use and that the city would not engage in monitoring the messages to determine if the use was business or personal.

Violation of the ECPA can result in both civil and criminal penalties, with a minimum fine of $10,000. Civil penalties can be as much as $100 for each day of improper monitoring, and an employee who successfully shows that his/her employer violated the ECPA can recover actual damages plus any profits made by the employer as a result of the violation.

Additionally, because the ECPA merely sets the minimum restrictions on employee monitoring, individual states are free to impose greater limitations. Though no states in the immediate Metro D.C. area have enacted their own electronic monitoring laws, states such as California, Florida, Louisiana and South Carolina have done so. In Connecticut, employers that monitor e-mails must provide advanced written notice to employees about the specific types or methods of monitoring that will be implemented.

Set a clear policy

In order to comply with the ECPA, employers should establish and disseminate to employees a clear written notice that their e-mails, Internet use and telephone calls are subject to monitoring, without any further warning. Employers should consider the following points when developing a computer and telephone policy:

1. Specify what information systems are governed by the monitoring policy – (i.e., e-mail, Internet, telephone calls and voice mail) – and that monitoring can occur without any further notice to the employee. The policy should expressly state that the company is not obligated to monitor employee communications. Otherwise, employees may claim that the company failed to protect them if harmful or offensive conduct occurs and the employer failed to catch it through monitoring;

2. Establish that the company’s computer and telephone systems are the property of the company, notwithstanding the fact that employees may have their own passwords for accessing the systems;

3. Specify that employees should not maintain any expectation of privacy while using the company’s computer or telephone. The federal Wiretapping Act prohibits the interception of live telephone calls and stored voice-mail messages, but employers may engage in legal surveillance of oral telephone communications if they do it in the ordinary course of business. However, the ECPA provides that when an employer realizes a telephone conversation is personal in nature, the employer must stop listening. Several states, including Maryland, require the consent of all parties to the interception of a telephone conversation;

4. Specify that the company’s computers and telephones are generally intended for business-related use, and make clear to the employees that any monitoring is done as part of the company’s efforts to protect legitimate business interests. The employer should communicate those business interests to the employees so they understand that the monitoring is being done for the good of the company as a whole and the general protection of the workforce;

5. Prohibit the transmittal or downloading of material that is offensive, pornographic, obscene, profane, discriminatory, harassing, insulting, derogatory, or otherwise unlawful. Company monitoring for these types of communications helps to prevent employee abuse of company information systems that may subject the employer to liability under the doctrine of respondeat superior, by which an employer is legally responsible for employees’ wrongful acts done within the scope of their employment, even if the employer is unaware of the misdeeds. Companies should also incorporate prohibited Internet use into their sexual harassment and equal employment opportunity policies;

6. Prohibit the unauthorized transmittal or dissemination of the company’s confidential information or trade secrets to any outside source. This has become a hot topic for litigation in recent years as companies try to protect their business interests against possible wrongdoing on the part of a departing employee;

7. Explain to employees that all communications and files are subject to employer monitoring, and that the employer has access to all such files, even those files which the employee has deleted or attempted to delete from the system. Several courts have held that monitoring electronic communications held in storage is not prohibited by the ECPA;

8. Inform employees that any unauthorized use of the company’s information systems can result in discipline up to and including termination;

9. Implement any disciplinary action taken pursuant to this policy fairly and consistently to avoid claims of discrimination; and

10. Require all employees to sign a written acknowledgment that they have read and understand the policy, and agree to abide by its terms as a condition of employment with the company.

Declan C. Leonard practices employment law with Albo & Oblon LLP, in Arlington. He can be reached at dcl@albo-oblon.com. Stephanie D. Wilson is an associate at the firm, where she practices in the civil litigation division, with a focus on business and government contracts litigation. She can be reached at sdw@albo-oblon.com.

Written by Declan C. Leonard  |  Filed Under Employment 

Comments

Got something to say?