Employer monitoring of electronic communications is an active area of the law
that is clearly unsettled, even though 130 million workers send 2.8 billion e-mail
messages each day. Thus, privacy issues in
the workplace are becoming more complex.
“The $64,000 question is how much privacy
does an employee really have when he is sitting at a desk in an office provided by his
employer, particularly when he is using communication equipment or electronic systems
provided by his employer,” asks Steven I.
Farbman, Of Counsel to Jackson Lewis LLP.
“It’s an important question because new
technologies have been developing so rapidly, and people are becoming more and more
comfortable using these technologies outside of work. What are the limits to their use
while at work?”
Smart Business talked with Farbman
about how to protect your company from litigation involving employee privacy issues.
In what legal arenas can employee privacy
problems arise?
Privacy issues can be implicated in any
number of areas, from the obligation to protect Social Security numbers and private
health information to the monitoring of job
activity. Most people think of employee privacy issues in terms of the latter, which can
run the gamut from e-mail and Internet usage
to blogging, instant messaging, telephone use
and even video surveillance.
For public or government employees, there
is a clear right to privacy that comes directly
from the U.S. Constitution and the Bill of
Rights. However, that right does not apply to
employees of private, non-government
employers. Over the years, a number of federal and state laws have been enacted that
address privacy rights in all workplaces.
Among these are the federal Electronic
Communications Privacy Act of 1986
(ECPA), which generally prohibits the ‘interception’ of electronic communications, and
the Stored Communications Act, which prohibits unauthorized intrusions into stored
electronic information. A number of states
have enacted wiretapping statutes, which
generally prohibit the recording of conversations without consent. Beyond this, the common law right of privacy is being defined and
refined in the courts on a case-by-case basis.
Are there exceptions to these federal laws?
Employer monitoring of employee e-mails
and Web site access generally will not run
afoul of the ECPA for two reasons. First, such
employer monitoring likely does not meet
the ECPA’s definition of ‘intercept.’ Second,
the ECPA contains an ‘ordinary course of
business’ exception that gives an employer
the right to access an employee’s e-mail if the
messages are maintained on a system provided by the employer.
However, the employer’s interception must
be in the ordinary course of business, a standard that is not necessarily satisfied simply
by maintaining a general policy of monitoring. This ‘ordinary course of business’ exception also applies to the monitoring of employee telephone calls.
The Stored Communications Act has an
even broader exception. An employer may
access stored e-mails on electronic services it
provides. But, this exception is not universal.
For example, there is no protection for intrusion on systems hosted by third parties, such
as when an employee accesses his or her
own personal Web-based e-mail account
through the company system. For this reason, employers should be wary of accessing
information not contained on their internal
networks without the user’s authorization.
How can employers protect themselves from
litigation over employee privacy rights?
The touchstone in analyzing this type of litigation is whether an employee had a reasonable expectation of privacy in his or her
use of the company’s technology. Therefore,
employers should strive to appropriately
limit or reduce the employee’s expectation of
privacy without significantly and negatively
impacting employee morale. This can be
done with a detailed and clearly written electronic communications policy.
Such a policy not only should explain what
systems are available, but also should spell
out the employee’s obligations and put
employees on notice that, among other
things, the company equipment, including
telephones, computers and electronic systems, is designed primarily for business use
only; and the company has the right to access
and monitor those systems, including the e-mail system. Also, do not communicate to
employees that the systems are strictly for
business usage, because the National Labor
Relations Act protects certain communications between employees that may otherwise
be chilled by such a restriction.
Historically, how have courts balanced an
employee’s right to privacy against an
employer’s right to protect the company?
The courts try to balance the employer’s
right to information about its employees and
their job-related activities against the employee’s reasonable expectation of privacy in the
workplace, and they do this on a case-by-case basis. In one case, an employer committed to employees that all e-mail would remain
confidential and privileged, yet its IT department accessed e-mails and found evidence
that led to the termination of an employee.
The court still found that, on the particular
facts, there was no ‘reasonable expectation
of privacy’ in that case.
Many similar cases suggest that the rights
of employers in this area are not to be minimized. Broad judicial interpretations of
enacted privacy legislation favor legitimate
monitoring practices by employers, and
many elements of common law claims are
difficult for employees to prove.
STEVEN I. FARBMAN is Of Counsel to Jackson Lewis LLP. Reach him at (412) 232-0219 or [email protected].