IABC - International Association of Business CommunicatorsBe Heard HomeJoin IABCSite MapContact Us


CW Bulletin

CW Bulletin is the e-newsletter supplement to CW magazine. Sent each month to all members, every issue of CW Bulletin presents articles, case studies and additional resources on timely topics in communication.

top.gif CW Bulletin

Legal Issues Involved in Monitoring Employees' Internet and E-mail Usage

By Douglas M. Towns

The Scope and Need for Workplace Monitoring

Technological advances such as e-mail and the Internet are designed to make the workplace more efficient. Of course, these tools also expose employers to new types of employment law claims, including e-harassment. Some employers may decide to monitor the use of e-mail and the Internet to limit their exposure to discrimination and/or harassment claims. In addition, employers also are concerned about employees sharing, intentionally or inadvertently, the company's trade secrets and other proprietary or confidential information with competitors. Employers may also seek to limit personal use of e-mail and the Internet because of the added strain on limited resources (e.g., server and hard drive storage space) and the potential loss of employee productivity.

Unfortunately, without a full understanding of the risks, employers may open themselves up to potential lawsuits. In addition, such techniques may result in low morale among employees who resent being told that they cannot use e-mail for personal messages and feel that their every move is being monitored.

Regardless of the risks, many employers have determined that there is a need to monitor employees' computer usage. According to a 2003 survey by the American Management Association (AMA), more than half of U.S. companies engage in some form of e-mail monitoring. Often, this is in addition to monitoring of other work-related communications and activities—including reviewing Internet usage, videotaping the work site, or recording employee telephone calls. And while most of this monitoring is done on a spot-check rather than on a continual basis, the fact remains that more and more employers are engaging in some form of monitoring.

Interestingly, the 2003 AMA survey concluded that approximately 40 percent of U.S. employers used software to control employees' written e-mail content. Indeed, employee surveillance software sales are estimated at U.S. $140 million a year. New technological advances also provide employers with a number of options in monitoring devices. For example:

  • SpectorSoft Corp., a Florida-based software company, released a monitoring program that takes surreptitious "screen shots" of employees' computers at selected intervals for employers to view at a later date.
  • Content Technologies launched software called Pornsweeper that examines images attached to e-mails and searches picture files for anything that appears to be human flesh.
  • There are also computer programs that monitor an employee's keystrokes and can determine what the employee has typed on his computer, even if the employee did not save the document.

Today, employees' privacy lawsuits often involve employer monitoring of e-mail and the Internet. According to a 2002 survey by Computer Business Review, 98 percent of employers now have e-mail at work and use it regularly. Employees have sued employers who have monitored their communications under either common-law state claims or federal and state statutory claims. Fortunately for employers, most cases have allowed employers to monitor employees' use of company e-mail and the Internet. However, the risk of litigation is always present.

Invasion of Privacy Claims

Most employees who have sued their employers for monitoring have done so under state invasion of privacy actions. In general, the employee must show that he or she had a reasonable expectation of privacy in the communication at issue. Because invasion of privacy is a state-law claim, the standards vary among jurisdictions.

In one case, Smyth v. Pillsbury Co., an employee was terminated for sending inappropriate and unprofessional messages over the company's e-mail system. The company had repeatedly assured its employees that e-mail was confidential, that it would not be intercepted and that it would not be used as a basis for discipline or discharge. From his home computer, Michael Smyth retrieved e-mail sent from his supervisor over Pillsbury's e-mail system. Smyth allegedly responded with several comments concerning the sales management staff, including a threat to "kill the backstabbing bastards" and a reference to an upcoming holiday party as "the Jim Jones Kool-aid affair." Pillsbury intercepted the e-mail and terminated Smyth, who then sued the company for wrongful discharge and invasion of privacy.

The court dismissed the case in 1996, finding that Smyth did not have a reasonable expectation of privacy in the contents of his e-mail messages, despite Pillsbury's assurances, because the messages had been voluntarily communicated over the company's computer system to a second person. The court went on to find that even if some reasonable expectation of privacy existed, that expectation was outweighed by Pillsbury's legitimate interest in preventing inappropriate or unprofessional communications over its e-mail system.

Some employees have attempted to argue that their expectation of privacy was reasonable because their e-mail was protected by a personal password. However, of the courts that have addressed this issue, this argument has been unsuccessful. For example, in Bourke v. Nissan Motor Corp., while training new employees on the e-mail system, a message sent by Bonita Bourke was randomly selected and reviewed by the company. The message turned out to be a personal e-mail of a sexual nature. Once Bourke's e-mail was discovered, the company decided to review the e-mails of the rest of Bourke's workgroup. As a result of this investigation, several other personal e-mails were discovered. Nissan gave the employees who had sent the personal messages written warnings for violating the company's e-mail policy.

The disciplined employees sued Nissan for invasion of privacy. The employees argued that although they signed a form acknowledging the company's policy that company-owned hardware and software was restricted for company business use only, their expectation of privacy was reasonable because the company gave the plaintiffs passwords to access the computer system and told them to guard their passwords. However, a California court in 1993 held that this was not an objectively reasonable expectation of privacy because the plaintiffs knew that e-mail messages "were read from time to time by individuals other than the intended recipient."

Similarly, in McLaren v. Microsoft Corp., the Texas Court of Appeals in 1999 dismissed an employee's claim that his employer's review and dissemination of e-mail stored in his personal folder on his computer constituted an invasion of privacy. The employee argued that he had a reasonable expectation of privacy because the e-mail was kept in a personal computer folder protected by a password. The court found this argument unconvincing because the e-mail was transmitted over his employer's network.

However, according to a news account of one case, a court held that an employer's use of a supervisor's password to review an employee's e-mail may have violated a Massachusetts state statute against interference with privacy. In that case, Burk Technology allowed employees to use the company's e-mail system to send personal messages, but prohibited "excessive chatting." To use the e-mail system, each employee used a password. The employer never informed employees that their messages would or could be monitored by supervisors or the company president. The president of the company reviewed the e-mails of two employees who had referred to him by various nicknames and discussed his extra marital affair. The two employees were fired by the company president, who claimed the terminations were for their excessive e-mail use and not because of the messages' content. The court denied the company's attempt to dismiss the suit and allowed the matter to be set for trial on the merits. The court focused on the fact that the employees were never informed that their e-mail could be monitored.

This case illustrates the importance of informing employees that their use of company equipment to send e-mail and to surf the Internet is subject to being monitored to prevent subsequent confusion and a possible future defense on the part of employees.

Practical Steps Companies Can Take To Protect Themselves

Although there is no way to completely insulate a company from these suits, employers may consider one or more of the following suggestions:

  • Integrate e-mail and other policies. An employer's e-mail policy can be integrated with the company's harassment and non-discrimination policies. If so, the policy should make clear that e-mail communications will be treated as any other business communication and that use of the e-mail systems to engage in communications that are in violation of company policy—including transmitting defamatory, offensive or harassing messages—is explicitly prohibited.
  • Limit use of technology to business purposes only. Electronic communications could be referenced expressly in any lists of "company property." Employees should be notified that all technology, including e-mail and access to the Internet, is provided by the company to assist employees in carrying out the company's business purposes. Explicitly state that employees who use company property—including e-mail, telephones and Internet access—for personal use are in violation of company policy and are subject to disciplinary action.
  • Reserve the right to review and monitor. To advance the argument that monitoring is appropriate, employees should be notified that the employer will treat all messages sent, received or stored in the e-mail system as business messages, which the company is entitled to review, monitor and disclose. The company should warn employees that if they make incidental use of the e-mail system to transmit personal messages, such messages will be treated no differently from other messages; that is, the company reserves the right to access, review, monitor or disclose such messages. The policy should state explicitly that employees should not use company e-mail to send or to receive any messages that they wish to remain private. In addition, employers should notify employees that even though their files may be protected by passwords, such passwords do not prevent system administrators and other authorized employees from accessing messages for business purposes.
  • Include notice and consent language. Include in the policy language stating that by using the company's electronic communications systems, the employee is, in effect, aware of and will be covered by the policy. In addition, by using the e-mail system, the employee expressly consents to the company's review and monitoring of e-mail messages as outlined in the policy.

Douglas M. Towns practices labor and employment law as a partner at Jones, Day, Reavis & Pogue in Atlanta. His experience includes representation of high-tech and other companies in Title VII, ADA and other employment matters, and he has written and lectured on issues relating to technology and the workplace. He is licensed to practice law in the state of Georgia. He can be reached at douglas_towns@jonesday.com.

This article originally appeared at Gigalaw.com. It can be found at http://www.gigalaw.com/articles/2002-all/towns-2002-01-all.html.

Discuss this topic with other IABC members at: www.iabc.com/memberspeak.