With the advent of computer technologies and their widespread use in the workplace, employers are finding themselves in yet another position of liability: In many cases they're held responsible for employees' criminal conduct on these systems. Unfortunately, even proactive steps, such as monitoring employee use of electronic communications systems, can be mired in difficulties or can be unlawful in and of themselves. What's an employer to do? Wayne E. Barlow explores the risks employers face in dealing with employee misuse of electronic communications systems, and the steps employers should consider to help combat the problem.
Why should employers be concerned with monitoring employees' electronic communications?
There is a concern whether an employer may be held responsible for criminal, tortious or unlawful conduct of employees who use electronic communications technologies for improper purposes. For example, claims of defamation, copyright or trademark infringement, misappropriation of trade secrets, harassment and related actions have been brought or threatened. Common-law doctrines of respondeat superior and negligent supervision have been applied to hold an employer liable to third parties or other employees for the tortious acts of employees. Since the employer usually has the means to control its employees' electronic transmissions, employers will continue to be the target of such litigation. Additionally, an employer has the interest to ensure its communications and computer systems are not used for improper purposes, such as misappropriation of trade secrets.
When might employers be legally liable for employees' improper use of computer communications technology?
Employers should be concerned about claims brought by employees for harassment, defamation or discrimination arising out of computer technology. Typical are claims of sexual harassment in which the alleged harasser has used voicemail or E-mail to harass employees since such facts can be forceful evidence to a jury.
What can an employer do to minimize the risks of such liability?
Many employers have instituted policies and procedures governing the use of electronic communication systems including computers. Such policies typically provide that such systems may only be used for authorized purposes. Employers have also adopted procedures to monitor such communication to ensure that improper activities do not occur, as well as to protect company information from disclosure. An employer should inform its employees that such transmissions are company property and that the company may inspect such files without prior notice to the employees.
What risks do employers face when they monitor electronic communications in this fashion?
There are numerous statutory, constitutional and common-law privacy protections that employers should be familiar with before adopting policies regulating the use and monitoring of electronic communications. For example, the Electronic Communications Privacy Act, 18 U.S.C.2510-2720 (ECPA), prohibits private individuals and organizations from intercepting wire, oral or electronic communications of others. The statute defines electronic communication as any "transfer of signs, signals, writings, images, sounds, data or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photo-electronic or photo-optical system that affects interstate or foreign commerce..."
There is, however, no violation of the ECPA if the person intercepting the communication is either a party to the communication, or if one of the parties has given prior consent to such interception. Another significant exception is the business use exception, which includes the interception by a switchboard operator or service provider in the normal course of employment while engaged in any activity that is a necessary incident to the rendition of service, or to the protection of the rights or protection of the provider of that service.
Have employers ever been held liable for interception of such wire communications under the ECPA?
Yes. Intercepting such conversations on another extension isn't prohibited when an employer reasonably suspects an employee has discussed business matters with a competitor or the employer suspects an employee of making personal calls. But in one case, an employee was held to have a cause of action under the ECPA because an employer didn't hang up the telephone once it realized the conversation was private and personal. Watkins v. L.M. Berry 7 Co., 704 F.2d 577 (11th Cir. 1983).
In another case, the owners of a liquor store secretly installed a telephone recording device in order to discover whether an employee had stolen money. A number of personal calls were recorded, some involving sexually explicit discussions between an employee and a lover. The employee was terminated when the employer discovered he had sold beer at a reduced price to a customer with whom he was having an extra-marital affair. The court held that the employer had violated the Act by recording personal calls without a legitimate purpose and awarded the employee and his lover $10,000 each in statutory damages.
What other statutes should employers be concerned about?
Many jurisdictions have laws more protective of employee privacy rights than the federal law. California law prohibits eavesdropping, intercepting or recording confidential communications without consent of all parties to the communications. Under this statute, eavesdropping on another extension isn't permissible unless both parties to the communication have given consent. Anyone whose rights are violated by the interception or recording of confidential communications may bring a civil action.
In one case, a disgruntled employee secretly recorded face-to-face and phone conversations with co-workers and supervisors. The employees and the employer sued him for invasion of privacy and the jury awarded the plaintiffs $132,000 in damages, which was upheld on appeal. Coulter v. Bank of America Nat. Trust & Sav. Ass'n., 28 Cal.App. 4th 923 (1994).
Under what circumstances will an employer be in the most defensible position in monitoring such communications?
An employer should only monitor communications when a legitimate purpose, such as the protection of company property, trade secrets and proprietary financial information, exists, and when the employee has been told an employer may monitor communications under these circumstances.
What specific policies or procedures should employers develop?
Consider the following:
- Develop a written policy telling employees computers, E-mail, voicemail, etc. are company property subject to monitoring. Employees should acknowledge receiving the policies and agree, in writing, that such electronic systems aren't for private or personal use, and that the employer has the right to review, audit, intercept or disclose all matters sent over its electronic systems
- Specify that use of the system for unlawful, defamatory, obscene or other inappropriate communications is prohibited
- Refrain from reviewing personnel's messages if it can be avoided
- Strictly limit disclosure of information obtained through such monitoring.
Personnel Journal, October 1995, Vol. 74, No. 10, pp. 135-138.
Wayne E. Barlow is an attorney at the Los Angeles-based law firm of Barlow & Kobata.