Electronic communication, like the Internet itself, has become a central productivity tool in almost all workplaces.
The technological advances of today’s workplace have given employees access to many types of communication devices, including computers, computer networks, emails, pagers, the Internet and smartphones and phone systems with text and voicemail messaging capabilities.
Most employees now have a relatively unregulated digital domain on their computers in which they can access content that may be inappropriate for the work environment and may easily distract them from their jobs. The ease and seeming sterility of electronic mail can lead to harassment claims. Communications by email have replaced memos, letters, telephone conversations, and even in-person conversations. Internet access presents the risk of copyright and trademark infringement litigation. With these issues in mind, this chapter will address some of the most serious and pressing aspects of being an employer in the Internet age.
Monitoring an employee's use of technology
Employers are legally entitled to monitor the computer, Internet, and telephone usage of their employees. Many employers do so out of a concern for:
- excessive use of bandwidth
- dissemination of proprietary information.
Although the Electronic Communications Privacy Act (ECPA prohibits the interception of electronic transmissions by unauthorized persons, case law suggests that employers are authorized to monitor their own equipment. Courts have held that an employer-provided computer system is the property of the employer, and the employer is therefore entitled to monitor almost everything an employee does with the computer and on the Internet while at work. It is always a good idea (though not required in Colorado) to state specifically in a written policy that there is no expectation of privacy and that all aspects of usage may be monitored.
Use of software
Many employers use software to electronically monitor Internet use, software, and emails. Software may also be used to prevent access to certain websites or intercept emails containing certain key words. It is important for an employer’s written policy to describe exactly what means the employer may use to monitor computer and telephone use because some courts have used the written policy as the basis of their determination that the employee has no expectation of privacy.
Limitations on monitoring personal email
It does appear, however, that there may be limits to how far an employer can go to monitor an employee’s use of email and the Internet. Although the courts are far from uniform on this point, an employee may have a significant level of privacy in a password protected personal email account such that merely accessing it on a workplace computer does not provide a basis for monitoring by an employer (or a waiver of attorney-client privilege where such emails were from the employee to his or her attorney).
Additionally, Colorado prohibits employers from requesting or requiring an employee or applicant to provide any user name, password, or other means for accessing the individual’s personal account or service. The law contains exclusions for employers seeking access to non-personal accounts within the employer’s information systems and for employer’s investigating possible regulatory violations or unauthorized downloading of proprietary information.
Employers should be mindful that while an employee may have no expectation of privacy with information written or received on a company computer, the content of the information might serve as a basis for protection for an employee. The National Labor Relations Act (NLRA) protects “concerted activity,” that is, discussion of the terms and conditions of employment. What an employer perceives as wasteful and negative griping about hours, pay, or supervisors in company email could be protected communications under the NLRA. Before taking any employment action because of the use of email, blogging, social networking post, or the like, the employer should consider whether the NLRA protection of “concerted activity” might be implicated.
Employers' duty not to access electronic information without authorization
In addition to privacy interests of employees, employers should limit any searches to publicly available sites to avoid violation of federal law. The Stored Communications Act (SCA) prohibits third parties from intentionally accessing electronically stored communications, including emails or entries on private websites, without proper authorization. There are reported cases of employers facing liability for intentionally accessing employees’ private social networking accounts without authorization.
Disparagement on the Internet
Employers have sometimes been victimized by improper use of the Internet by current or former employees. Some people who are hostile to a company may operate or post unfavorable and disparaging information about the company on various websites or make disparaging comments in Internet chatrooms or blogs. Sometimes the information posted on the Internet may be confidential and proprietary company information that should not be disclosed outside the workplace. The identity of the person who discloses such information, however, may be difficult to determine because Internet users often use an alias or pseudonym when posting comments on Internet sites.
Taking legal action to protect the company
Employers who believe that the information or comments posted on an Internet site have violated their legal rights by disparaging them or revealing proprietary business information can, if they act swiftly, determine who has posted the improper comments or information in order to pursue claims against those persons. In order to learn his or her identity, it may be possible for the employer to file a lawsuit against an unknown person identified in the lawsuit as “John Doe.” Once the lawsuit is filed, the employer may seek information from the Internet host through a subpoena aimed at identifying the electronic address of the person who posted the offending comments. It may also be possible for the employer to issue a subpoena to the offender’s Internet service provider to learn the identity of the person who posted the data in question.
It is important for employers to act quickly to attempt to trace the origin of an offensive posting or improper email because many of the website hosts and Internet service providers retain the identifying information for a very short period of time, sometimes as brief as 30 or 60 days. If the subpoena is not served within that time frame, the information may be lost. Once the employer knows the identity of the person who has posted the improper comments, the employer can determine whether the employee violated an obligation to the employer to protect confidential data, breached a duty of loyalty, or made false and disparaging statements about the employer.
Communicating with employees via email
The ease and seeming sterility of email can lead to misstatements and miscommunications that can be very disruptive to employment relations. People will write statements in an email that they would never state face to face, often causing hurt feelings and anger that probably would not have happened had the meeting been in person. Employers should discourage supervisors and human resource managers from electronic communications that relate to aspects of job performance as a sole means of communication. It is far more preferable to prepare notes in advance of the meeting to guide the discussion, have the discussion in person, and then follow-up with an email or memorandum. The in-person meeting tempers the harshness of potential communications and is much more likely to yield constructive communications.
Computer and communication policies
- It is imperative that an employer implements a computer and communication policy stating that the purpose of such communication devices is to “facilitate company business.” The existence of a written policy serves to inform employees clearly what is appropriate and inappropriate use of company equipment, but it also makes enforcement of any violations easier and safer for the employer.
- The policy may state that the company’s communication systems are not to be used for any business other than the company’s business. Alternatively, the policy may provide that incidental and limited non-business use of communications systems is acceptable in moderation, but that this privilege should not be abused. Due to security and confidentiality concerns, third parties should always be prohibited from using a company’s communication systems.
- The policy should address acceptable and appropriate uploading and downloading of information and software onto a computer and/or network to prevent virus infiltration. The policy should also address the use of passwords and any restrictions associated with passwords.
- The policy should address employees’ use of email, including what steps an employee should take if an email message is inadvertently sent to a third party. A discussion of the appropriate tone and content used in emails is advisable. A strong statement should be included that warns against the use of email or any other form of communication for purposes of sending, accessing, or storing any material of an insensitive, discriminatory, obscene or harassing nature. The policy can include a prohibition against chain letters or emails with illegal purposes.
- The policy should also address copyright laws, including a statement that employees should not transmit or download copies of documents in violation of copyright laws or copy or use any software in violation of copyright laws.
- Finally, and most importantly, the policy ought to inform employees that the company has a right to inspect, review, and monitor use of its computers, smartphones, and other communication systems. Employees should not expect that the company’s computer network and telephone systems are private. Although courts have usually held that employees have no reasonable expectation of privacy in workplace systems, a written policy helps reinforce it.
Employers should adopt policies in employment procedures manual that prohibit employees from hosting or contributing content to Internet blogs or chat rooms if doing so discloses confidential information about the employer or includes defamatory statements about an employer or its employees. The policy should explicitly state that it is not intended to curtail an employee’s protected concerted activities.
Social media policies
While it is advisable for employees to adopt social media guidelines for employees, such guidelines should only be adopted after careful consultation with legal counsel, as this is a rapidly changing area of the law.
Telecommuting is a workplace option that permits employees to work at an alternative worksite, such as the home, for one or more days per week. Modern technology, whether it involves using personal digital assistants (PDAs) such as the popular Blackberry, or remotely logging in to the company’s computer system via a virtual private network (VPN), has made an employee’s daily commute to work virtually unnecessary. Although the term was coined in 1973 and initially faced slow acceptance, the concept is, in today’s world, being adopted by a majority of large and small companies alike, with great advantage to both employer and employee.
The telecommuting “virtual office” might consist of a smart phone or PDA, notebook computer, facsimile, and voicemail capabilities. Since all of these items are now available in portable sizes, employees can work virtually anywhere. Employers that offer telecommuting as an option for employees generally report the following benefits:
- increased job satisfaction
- potential savings in fixed expenses such as office rental, utilities, and employee parking
- improved customer service
- reduced employee stress and related medical expenses.
Telecommuting is also a method of providing accommodation to individuals with disabilities, but will not necessarily replace the need for physical workplace modifications. However, a qualified employee or potential employee with a disability who is offered the option of working at home may become a valued and productive employee through telecommuting.
The booming use of social networking sites has created many new challenges for employers in the workplace. The amount of time that American employees spend on social networking websites (such as, Facebook, Twitter, LinkedIn, personal blogs, etc.) is massive. Although the use of such social networking sites is beneficial in many ways, a number of employment law issues arise from employees utilizing and employers accessing these networking sites and databases. In fact, widespread use of social networking media raises questions for employers and employees at every stage of the employment process, including pre-employment, during employment, and post-employment.
It is important to include a comprehensive social networking policy in an employee procedures manual and to conduct meaningful training for management and decision makers regarding what use of social networking, if any, is appropriate in the workplace. Such a policy should also clearly describe what uses of social networking sites are consistent with federal and state anti-discrimination laws, with the EEOC’s guidance on pre-employment inquiries (discussed in Recruiting and hiring), and with other laws and regulations governing employee background checks.
Employees are often misinformed about their rights and responsibilities with regard to employers’ computer systems and other technology, often blurring the line between appropriate home use versus appropriate work uses of new media. A social networking policy should include a clear disclaimer that employees should have no reasonable expectation of privacy in their workplace computers or other technology, that employers maintain all rights to access employees’ computers and technology equipment, and that routine monitoring to assess the use of such networking sites may occur with regularity. It is recommended that employees be informed in writing of the methods by which such monitoring will occur. Employees should be cautioned that marking files or communications private or protecting files with passwords does not create a legitimate expectation of privacy in employee material created at work. Most importantly, employees need to be on clear notice of what types of use the employer deems unacceptable.
How social media effects the workplace is discussed in more detail in Social media.