Employers that want to monitor their employees’ electronic communications, regardless of whether the workers are on the clock or using company equipment, must proceed with caution, lawyers say.
They point out that case law is still developing in this area as courts struggle to adapt longstanding law to new technology with regard to employees’ expectation of privacy.
But precisely worded policies covering workers’ use of e-mail while on the job, respecting employees’ First Amendment rights and avoiding any effort to inappropriately access nonpublic forums can significantly mitigate employers’ liability risk, observers say.
Observers note that in most cases, state laws, which vary, apply to privacy issues. Federal laws that may apply include the Stored Communications Act, which imposes penalties for clandestinely accessing information held in electronic storage; the Electronic Communications Privacy Act, which makes it illegal to intercept or retrieve electronic communications in certain instances; the federal Wiretap Act, which governs the privacy of oral and wire communications; and the National Labor Relations Act, which covers collective bargaining and other employer and employee rights.
Recent court cases that may provide guidance to employers include two apparently conflicting rulings in New Jersey and California on the issue of attorney-client communications. In addition, a federal appeals court last year ruled that surreptitiously automatically forwarding someone else’s e-mails to a third party can violate the Wiretap Act.
Observers say a 2009 case, in which an employer inappropriately accessed a private chat room, also is instructive.
Other litigation includes a November lawsuit by the National Labor Relations Board, which sued medical transportation firm American Medical Response of Connecticut Inc., alleging it illegally terminated and illegally denied union representation to an employee it fired for criticizing her supervisor on Facebook.
In addition, the U.S. Supreme Court held last year in City of Ontario, Calif., et al. v. Jeff Quon et al. that public employers can search an employee’s text messages on city-provided equipment when a legitimate reason for that search exists, although it did not rule on whether Quon had a reasonable expectation of privacy.
Observers say another area of concern for employers are guidelines that the Federal Trade Commission issued last year that could leave employers liable if their employees endorse a firm’s products on the Internet without identifying themselves as company employees.
Employers are worried about the public image that may be conveyed in employees’ e-mail and social media activities and the disclosure of confidential company information, observers say
The issue of monitoring can arise on or off the job.
“Generally, if employees are using company equipment and their communications are passing over the corporate server ... the information is fair game as long as employers provide clear notice to employees about the fact that they may be monitoring,” says Philip Gordon, a shareholder with law firm Littler Mendelson in Denver.
Observers say it is important that employers develop a policy that delineates employees’ expectations of privacy while on the job.
“The courts are definitely trending in the direction of recognizing that employees have privacy expectations in some situations,” says Robert Sherman, an associate with law firm Covington & Burling in Washington. But if the employer “clearly discloses that communications using the company’s equipment may be monitored,” those expectations can be avoided, he says.
Also, employers need to regularly re-emphasize policies, “because it is problematic to potentially put employees on notice in a 20-page policy” that they never see again, says Michael Overly, a partner with the law firm Foley & Lardner in Los Angeles.
Mark Wiletsky, who is of counsel at law firm Holland & Hart in Boulder, Colorado, says, “Where employers get into trouble” is when they go into a MySpace, Facebook or personal e-mail account they are not entitled to access, but believe they are because employees “are using a company resource,” its computer. That is where the courts “have really started drawing the line, and saying, “No,” employers are not entitled to such access, Wiletsky .
Gordon pointed to the New Jersey decision in which the court ruled against an employer that retrieved attorney-client communications from an employee's personal password-protected e-mail account that were sent on company equipment. He says he believes employees who have been put on notice should not expect privacy “in any communication stored on company equipment.” Still, employers “have to tread with care, because the law's evolving and no one knows exactly where courts are going to end up and what courts outside of New Jersey are going to do,” he says.
Robert D. Brownstone, Mountain View, California-based technology and e-discovery counsel at law firm Fenwick & West, says one gray area is equipment that may have been purchased by the employee but reimbursed by the employer. Because of concern about company secrets being exposed, “a lot of employers do go as far as they can and reserve their right to inspect” such equipment in their policies, he says.
Randy Gainer, a partner with law firm Davis Wright Tremaine in Seattle, says, “Some employers would like to regulate what employers say on their own time on their own computers about the employers and—perhaps even further than preventing them from revealing confidential information—would prefer that their employees not say anything derogatory about the employer or any employer official.”
However, assuming that the information is not defamatory, it is not clear employers can do so, Gainer says.
“I could only see very few instances” where whatever an employee does in his free time is the business of the employer, says Scott Vernick, a partner with law firm Fox Rothschild in Philadelphia. “I would tend to doubt that as a condition of employment you have to give someone full access to all of your Internet behavior and blog behavior and social media behavior.”
However, “there are things that are said about employers that can be very harmful on these sites by employees,” says Alexander Nemiroff, a partner with law firm Jackson Lewis in Philadelphia. While rash measures should not be taken, “employers should take those types of comments seriously” and review them to see they do not violate company policy.
Wiletsky says that if a co-worker uses social media to harass another worker, “the employer may be obligated to look into that to see what’s happening, and whether it has a legal duty to take action.”
Observers say employers also should be aware that by monitoring even public sites, they may learn more than they want to know, such as personal information about an employee’s sexual orientation or medical condition.
Another concern is the risk of violating an employee’s free speech rights if adverse action is taken in response to a blog posting, Overly says.
Workforce Management Online, February 2011 -- Register Now!