or most employers,
allowing employees to have mobile access to e-mail and Internet servers through
their own phones, BlackBerrys or other devices is an attractive proposition. Every
organization wants more efficiency and productivity, and the ability to remotely
access data systems with a mobile device lets employees instantly communicate with
one another and respond to the business’s clients and customers. With the popularity
of Apple’s iPhone and the competing devices now either on the market or being rushed
to it, prices will continue to drop and technological capabilities will rise. In
a world where work and personal life seem to merge more every day, it’s increasingly
difficult for organizations to limit employees to Internet or e-mail access only
through company-owned devices. That’s just not how business works anymore.
While the technology has tremendous advantages for employers,
there is a flip side to this development. The systems that allow employees to communicate
instantly with customers are also the ones employees use to communicate with friends,
family and, quite literally, everyone else connected to the Internet. From pre-teens
to seniors, mobile devices are increasingly the preferred device for how we communicate,
whether it’s e-mailing, talking or filming and posting video to YouTube.
Employers need to think carefully about giving employees
access to company data systems through these devices. And employers have to decide
if, when and how they will monitor the use of their systems. However much employers
want to provide access to their technology systems for business convenience or necessity,
they also have legitimate interests in preventing their misuse. Employers will also
have to do some education with employees about what happens when personal devices
are used to access company systems. Employees may mistakenly believe that by using
their own devices, they have bought themselves a measure of privacy and are beyond
the reach of their employer.
Once employers make decisions about the boundaries of
system access and about monitoring, employers should put employees on notice, telling
them what the boundaries are. They should inform employees about potential monitoring
and possible access to information transmitted, conveyed or stored on their personal
devices. Employers should provide these notices prior to giving employees access
to the systems and, ideally, require that employees agree to the terms as a requirement
of access. Employers must keep a record of the notice they have provided to employees
or have a record of the employee’s agreement to the terms of use for company-provided
technology systems.
If an employer fails to provide clear notice to employees
of the employer’s right and ability to monitor usage, employees may claim that they
had an expectation of privacy in their communications via the employer’s data systems.
If an employer creates an expectation of privacy, or fails to dispel that expectation,
the monitoring of these systems may violate employee rights.
Many employers are used to addressing these issues when
they provide laptop computers to employees, but they fail to realize that the issues
that arise are less about the hardware used than the access to data systems.
Employers should carefully review existing policies to ensure that they are keeping
pace with technology.
The stakes are high for employers that fail to keep
tabs on their data systems. In a recent state court case in New Jersey, litigation
was allowed to proceed over the objections of an employer in a lawsuit for damages
stemming from an employee’s misuse of employer-provided Internet access.
The plaintiff was the mother of a 12-year-old girl.
The girl’s stepfather, a company employee, circulated pictures of the child on a
child pornography Web site, using the employer’s Internet access. The mother alleged
that the employer had a duty to monitor its systems and prevent their improper use.
The court found that there was potentially a duty for the employer to guard against
misuse of Internet access and to prevent damage to others from such misuse. While
it was only a ruling on a preliminary motion, the theory that the plaintiff was
using to seek damages from the employer could be used in other cases in which employers
failed to monitor and prevent misuse of their systems.
Compliance with employer policies and, potentially,
an affirmative duty to monitor system use may also arise in disputes over the improper
use of confidential company information. Employers must act to protect proprietary
and confidential information, or they could lose the ability to protect against
its public use. It may turn out to be a significant issue if an employer allows
employees to access documents on its servers through a personal device and fails
to monitor such traffic to ensure that the device is not being used to download
large amounts what could be confidential data. Monitoring the access and use of
such information may be a necessary step in proving that such information was indeed
confidential.
There is countervailing pressure here for employers.
While they may, with proper notice, monitor or gain access to e-mails that violate
non-compete or confidentiality restrictions, they should avoid accessing e-mails
that communicate personal matters that are not violations of company policies. The
technology exists to review the content of messages, and there is software that
can look for key words and phrases in e-mails in order to sift through the volume
of e-mails to get to the specific issues that cause the employer concern.
Workforce Management Online, March 2008 --
Register Now!
= Member Only
