Managing: Computer Abuse Prevention VS Personal Privacy
Companies are responsible for the use of electronic equipment in a way that does not harm the business whilst protecting its employees, customers, and investors. On the other hand, employees have certain privacy expectations that can result in invasion of privacy claims when management does not take steps to ensure responsible use and privacy policies. This article addresses the rights of both businesses and employees, and makes recommendations to help keep managers out of civil court.
The legal environment
Abuse of the Internet and email tops the list of employee activities that might result in worker claims that a hostile work environment exists. This is particularly true in organizations where access to pornographic sites is not restricted.
In Adamson v. Minneapolis Public Library, the library paid $435,000 to settle a sexual harassment claim. The claim was made by 12 librarians who asserted that a hostile work environment was created by patrons accessing pornographic or sexually explicit material. In a related case, Chevron Corporation paid over $2 million to settle litigation brought by four women who claimed they received Internet pornography from coworkers on Chevron computers.
Another valid reason to monitor employee use of electronic devices is to ensure each person is actually working while in the office. Employees are paid to provide a certain level of productivity. The courts have ruled that it is not unreasonable for employers to check to ensure that personal Internet browsing or personal email use is not interfering with business processes.
Monitoring of email and other forms of electronic communication might also be necessary to ensure proper handling of information that could potentially fall under discovery during current or future litigation. The new Federal discovery rules, which took effect on December 1, 2006, are reason enough to begin controlling how electronic communication is managed. The new rules, part of a change to the Federal Rules of Civil Procedure, put additional emphasis on corporate responsibility for producing information requested during litigation.
Finally, employers are allowed to monitor electronic communication for the purpose of preventing intellectual property theft.
The basis for an employer's right to monitor electronic information is The Electronic Communications Act of 1986 (18 U.S.C. Section 2510, etseq). The ECPA provides for employer monitoring of electronic communication if the device monitored is used in the normal course of business. The device should be owned by the employer and be part of the business network.
However, there is a limit on the information that an employer can access. Managers are not allowed to eavesdrop on their employees or browse through electronic media for reasons unrelated to abuse prevention. Judicial impatience is growing with employers who violate what is seen as a reasonable expectation of privacy. In other words, if you are reading through material that you know does not constitute abuse you might be on very shaky legal or moral ground.
In an article entitled "Employers' Rights to Monitor Employee Email under United States Law", Pavlina B. Dirom wrote that courts tend to consider two issues when looking at privacy cases.
An employer must show the context of intrusion. In other words, the intent of monitoring must be related to protecting the business.
The court will look at the content of the information in question. Companies are only allowed to intrude into electronic communications -- including phone and email -- to the point at which it is clear that the content:
- Is personal
- Does not violate any laws
- Does not put the company, its employees, or its customers at risk
Examples of rulings on these issues include Watkins v. L. M. Berry & Company and Smyth v. Pillsbury Co.It is important to note that workplace privacy laws can vary across local and state boundaries. An employer must understand the legal environment in which her organization operates before writing policy or monitoring employee activities.
The right way to monitor
There is a widely accepted principle that is easily applied to employee expectation of privacy -- as employee awareness of monitoring policies and practices increases, employee expectation of privacy decreases. So the first step in implementing monitoring processes is employee education.
Technology Policy / Employee manual -- which every employee should read and sign -- should contain information describing proper use of company information assets. It should further stipulate that neither Internet access nor email may be used in a way that is illegal or causes harm to the organization or its employees. Management's intent to monitor for compliance AND employee right to privacy must be included.
This communication of management's assertion of its right to search or monitor computer storage, voice mail, email, and other relevant areas of an employee's workspace is typically interpreted as enough to sufficiently lower employee expectation of privacy.
FindLaw has posted a list of DOs and DON'Ts for employers who want to protect themselves from potential liability from employee abuse of information assets while providing reasonable and appropriate privacy for their employees. The URL is: http://smallbusiness.findlaw.com/employment-employer/employment-employer-other/employment-employer-other-privacy-do-dont.html
Summarizing that list:
- Provide all employees with training about the best and most efficient use of email and Internet searching
- Make rules about Internet and email use
- Prohibit access to pornography
- Prohibit access to Internet sites or the use of email in a way that might create a hostile work environment
- Prohibit or limit personal use of email
- Create a clear policy and make all employees aware of its content and the possible sanctions if the policy is violated -- include clear statements about the organization's position on privacy and it's right to search employee work areas when abuse or illegal activity is suspected
- Don't spy on your employees -- monitor for abuse only
- Make sure your employees know why they have Internet access -- it is a business tool
The final word
Employers have the right to protect their businesses by monitoring employee use of electronic devices. However, this right is not absolute. There is still a line between looking for abuse and browsing communications containing information considered personal and private.
Companies should establish monitoring policies that are clearly communicated to the workforce.
Companies must establish a technology that explicitly spells our employee right to privacy
Active Technologies, LLC is pleased to provide technology policy templates.
This helps reduce expectation of privacy as well as the probability of invasion of privacy litigation.