Computers are as common as telephones in the business world these days, yet their potential for abuse is astronomically higher, they are 50 times more expensive, and-because of legislation such as the Patriot Act-they can be commandeered at the slightest whim by investigating authorities.
Because computer-privacy law is still in the early stages, no one knows what the future will bring, and navigating the legal intricacies can be like navigating a minefield with nothing but a pointy stick and a pair of oven mitts. There are three central liability issues an employer should pay careful attention to in the coming years: rights regarding the monitoring and confiscation of employee e-mail, the rise of instant messaging, and the proliferation of cell phones and handheld wireless devices.
Knowing the lay of the land can certainly prepare you for developments ahead of time. A better plan, however, is to overprepare, and be ready for problems you may never expect. The key is drafting company policy that explicitly and fairly tells your employees exactly what rights they have, making sure everybody knows and understands this policy, and then consistently enforcing it.
Not much is private
In deciding claims of wrongful termination arising from surveillance on the part of employers, courts typically have held that employees have no reasonable expectation of privacy in employer-provided technology, period. When your employees are using equipment you have provided expressly for work, it is always within your rights to monitor their activity and discipline them for goofing off. This makes perfect sense. What if they are doing something illegal and somebody gets hurt? You will get sued. What if they are stealing information or selling company secrets? You could lose your business.
Even organizations representing the recording industry and the motion-picture industry have made it clear that they expect employers to keep their employees from pirating music and movies at work, and will slap civil lawsuits on those that don't.
Therefore, courts have consistently upheld your right to monitor your employees, and there is no reason they won't continue to do so. However, most companies don't even want to get involved in this sort of mess. If one of your employees is using his or her work computer to download child pornography, you want to be absolutely certain you have not helped by not enforcing your policies.
The best way to prevent these situations is to warn your employees that their activity is being monitored at all times and they should expect no privacy from workplace computers. Checking personal e-mail accounts should be limited, and sites that feature pornography, hate groups or pirating should be banned outright. Also, beware of downloading copyrighted materials, as depending on how they are used, the company may be liable for inappropriate downloads.
The only time that courts have wavered is when companies have provided "private" space to employees and been wishy-washy about what this means. Be harsh and explicit: the company's computers are for company use only, and may be monitored to enforce this. Lower your employees' expectation of privacy and you will lower the chances of friction or litigation. The way to do this is to inform your employees as to how little privacy they can expect.
Also, companies should make sure they have a provision about cooperating with criminal investigations. It should say that if illegal activity is discovered, the employer will cooperate with authorities in order to secure a conviction, turning over any evidence it might have. This ensures that employees will not be able to have evidence dismissed by claiming their Fourth Amendment rights.
Instant messaging is another tricky area that should be looked into. The 2004 Workplace E-Mail and IM Survey (by the American Management Association and the ePolicy Institute) found that nearly 80 percent of the companies surveyed had promulgated an e-mail policy but only about 20 percent had issued a policy addressing the content and use of instant messaging. Instant messaging, while potentially beneficial as a communication tool, exposes an employer to all sorts of risks.
The 2004 Workplace E-Mail and IM Survey found that 31 percent of employees use instant messaging at work. Survey respondents admitted sending jokes, gossip, rumors or disparaging remarks (16 percent); confidential information about the company, a coworker or client (9 percent); and sexual, romantic or pornographic content (6 percent). Also, hackers can more easily exploit instant messaging than e-mail systems, in part because IM is not susceptible to the software currently used by most corporations for virus identification and containment.
It is unclear whether employers will enjoy the unfettered right to monitor instant-messaging exchanges when they have permitted-or failed to prohibit-employees to install IM software themselves, or failed to reserve this right in their policies. If employers decide to use this technology at all-which they should seriously consider not doing-then they ought to draft policy regarding their right to monitor its use.
Again, the way for companies to protect themselves is to lower the employees' expectation of privacy by having a clearly stated policy that such communications, on company equipment, are subject to monitoring.
Consider a camera ban
Finally, there is the matter of company-issued phones, laptops and wireless devices. The same warnings apply, with one important addition. One should seriously consider the impact of their recording ability and mobility on secure company information.
As the resolution and picture quality of phones and webcams further improve, hostile employees will be even more easily able to capture document text and the intricate details of manufactured items, processes and prototypes. Employers should definitely reserve the right to monitor such devices, and consider banning personal camera phones, laptops and wireless devices altogether.
To recap, here are seven rules for avoiding exposure:
- Publish policies regarding employee use of e-mail, the Internet, instant messaging and any employer-issued hardware or software. Include restrictions on personalization of business e-mail, screen savers and wallpaper. Be sure to remind employees that installing their own software is strictly forbidden.
- Secure employee acknowledgment of each of these policies in writing-or electronically-at hire, and preferably bring them to employees' attention on a regular basis.
- Inform all employees of the employer's explicit intention to monitor e-mail, Internet use and any other use of employer-issued computers and electronic devices as deemed necessary for business purposes. Include the right to inspect any hardware issued to employees. Be sure to update the list of hardware items that you reserve the right to inspect as you issue new technology such as Palm Pilots, BlackBerries and two-way text-messagers.
- Inform all employees of your intention to turn over any evidence of possible legal wrongdoing to the authorities. Also stress that you will cooperate with law-enforcement officials seeking evidence of illegal activity, including evidence of terrorist-related activities.
- Be sure to enforce all policies. Do so in an even-handed manner that treats employees of all levels similarly. Note any exceptions to the policy.
- Keep current on new technology in the marketplace. Assess how new software, hardware or innovations in devices issued to, or owned by, employees may be affecting the workplace.
- Re-evaluate all technology-related policies annually, adjust them as necessary, and inform employees of any changes. Secure their affirmative consent to any important ones.
With these rules in mind, maintaining a safe, secure, non-hostile work environment will be much easier. If you know your rights, and your employees know theirs, there's no reason that the workplace can't continue to be a productive place without secrets, and without conflicting ideas of where the private ends and the public begins.
The information contained in this article is intended to provide useful information on the topic covered, but should not be construed as legal advice or a legal opinion. Also remember that state laws may differ from the federal law.