Skip to content Skip to footer

Table of contents

This Illinois Human Resources Manual is offered to you for free. Find state specific laws and regulations below.

Protecting electronic information — Illinois

Electronic communication, like the Internet itself, has become a central productivity tool in almost all workplaces.

Most employees now have a relatively unregulated digital domain on their computers in which they can access content that may be inappropriate for the work environment and may easily distract them from their jobs. The ease and seeming sterility of electronic mail can lead to harassment claims. Communications by e-mail have replaced memos, letters, telephone conversations, and even in-person conversations. Blogs and other social media may disclose internal company business or confidential matters. Internet access presents the risk of copyright and trademark infringement litigation. With these issues in mind, this chapter will address some of the most serious and pressing aspects of being an employer in the Internet age.

The ease and seeming sterility of electronic mail can also lead to misstatements and miscommunications that may be very disruptive to employment relations. People will write statements in an e-mail that they would never state face to face, often causing hurt feelings and anger that probably would not have happened had the meeting been in person. Employers should discourage supervisors and human resource managers from electronic communications that relate to any aspect of job performance. It is far more preferable to prepare notes in advance of the meeting to guide the discussion, have the discussion in person, and then follow-up with an e-mail or memorandum. The in-person meeting tempers the harshness of potential communications and is much more likely to yield constructive communications.

Computer and communication policies

The technological advances of today’s workplace have given employees access to many types of communication devices, including computers, computer networks, e-mails, pagers, the Internet, and smart phones and phone systems with text and voicemail messaging capabilities. It is imperative that an employer implement a computer and communication policy stating that the purpose of such communication devices is to “facilitate company business.” The existence of a written policy serves to inform employees clearly what is appropriate and inappropriate use of company equipment, but it also makes enforcement of any violations easier and safer for the employer. Some other suggestions for inclusion into the policy are as follows:

  • The policy may state that the company’s communication systems are not to be used for any business other than the company’s business. However, such policies are often difficult to enforce in an evenhanded manner. Alternatively, the policy may provide that incidental and limited non-business use of communications systems is acceptable in moderation, but that this privilege should not be abused. Due to security and confidentiality concerns, third parties should always be prohibited from using a company’s communication systems.
  • The policy should address acceptable and appropriate uploading and downloading of information and software onto a computer/network to prevent virus infiltration. The policy should address the use of passwords and restrictions associated with passwords.
  • The policy should address employees’ use of e-mail, including what steps an employee should take if an e-mail message is inadvertently sent to a third party. A discussion of the appropriate tone and content used in e-mails is advisable. A strong statement should be included that warns against the use of e-mail or any other form of communication for purposes of sending, accessing, or storing any material of an insensitive, discriminatory, obscene or harassing nature. The policy may include a prohibition against chain letters or e-mails with illegal purposes.
  • The policy should also address copyright laws, including a statement that employees should not transmit or download copies of documents in violation of copyright laws or copy or use any software in violation of copyright laws.
  • Most importantly, the policy should inform employees that the company has a right to inspect, review, and monitor use of its computers, phones, and other communication systems. Employees should not expect the company’s computer network and telephone systems are private. Though courts have usually held that employees have no reasonable expectation of privacy in workplace systems, a written policy helps reinforce it.

Monitoring employee use of technology

Employers are legally entitled to monitor the computer, Internet, and telephone usage of their employees. Many employers do so out of a concern for:

  • lost productivity
  • excessive use of bandwidth
  • viruses
  • dissemination of property information

Although the Electronic Communications Privacy Act (ECPA) prohibits the interception of electronic transmissions by unauthorized persons, case law suggests that employers are authorized to monitor their own equipment. Courts have held that an employer-provided computer system is the property of the employer, and the employer is therefore entitled to monitor almost everything an employee does with the computer and on the Internet while at work, so long as the information is stored on equipment owned by the employer.

If an employee is using his or her own equipment, such as a smartphone, the employer may need authorization from the employee to access or inspect the device or equipment. It is always a good idea (though not required in Illinois) to state specifically in a written policy that there is no expectation of privacy and that all aspects of usage may be monitored.

Use of software

Many employers use software to electronically monitor Internet use, software, and e-mails. Software may also be used to prevent access to certain websites or intercept e-mails containing certain key words. It is important for an employer’s written policy to describe exactly what means the employer may use to monitor computer and telephone use because some courts have used the written policy as the basis of their determination that the employee has no expectation of privacy.

Limitations on monitoring personal email

It does appear, however, that there may be limits to how far an employer may go to monitor an employee’s use of e-mail and the Internet. Although the courts are far from uniform on this point, an employee may have a significant level of privacy in a password protected personal e-mail account such that merely accessing it on a workplace computer does not provide a basis for monitoring by an employer (or a waiver of attorney-client privilege where such e-mails were from the employee to his or her attorney).

Employers should be mindful that while an employee may have no expectation of privacy with information written or received on a company computer, the content of the information may serve as a basis for protection for an employee. The National Labor Relations Act (NLRA) protects “concerted activity,” that is, discussion of the terms and conditions of employment. What an employer perceives as wasteful and negative griping about hours, pay, or supervisors in a company e-mail could be protected communications under the NLRA. Before taking any employment action because of the use of e-mail, blogging, social networking post, or the like, the employer should consider whether the NLRA protection of “concerted activity” might be implicated.

Combating disparagement on the internet

Employers have been victimized by improper use of the Internet by current or former employees. Some people who are hostile to a company may operate or post unfavorable and disparaging information about the company on various websites or make disparaging comments in Internet chat rooms or blogs. Sometimes the information posted on the Internet may be confidential and proprietary company information that should not be disclosed outside the workplace. The identity of the person who discloses such information, however, may be difficult to determine because Internet users often use an alias or pseudonym when posting comments on Internet sites.

Taking legal action to protect the company

Employers who believe that the information or comments posted on an Internet site have violated their legal rights by disparaging them or revealing proprietary business information may, if they act swiftly, determine who has posted the improper comments or information in order to pursue claims against those persons. In order to learn his or her identity, it may be possible for the employer to file a lawsuit against an unknown person identified in the lawsuit as “John Doe.” Once the lawsuit is filed, the employer may seek information from the Internet host through a subpoena aimed at identifying the electronic address of the person who posted the offending comments. It may also be possible for the employer to issue a subpoena to the offender’s Internet service provider to learn the identity of the person who posted the data in question.

It is important for employers to act quickly to attempt to trace the origin of an offensive posting or improper e-mail because many of the website hosts and Internet service providers retain the identifying information for a very short period of time, sometimes as brief as 30 or 60 days. If the subpoena is not served within that time frame, the information may be lost. Once the employer knows the identity of the person who has posted the improper comments, the employer can determine whether the employee violated an obligation to the employer to protect confidential data, breached a duty of loyalty, or made false and disparaging statements about the employer.

Anti-blogging policies

Employers should adopt policies in employee manuals that prohibit employees from hosting or contributing content to Internet blogs or chat rooms if doing so discloses confidential information about the employer or reflects adversely on the employer.

Telecommuting

Telecommuting is a workplace option that permits employees to work at an alternative worksite, such as the home, for one or more days per week. Modern technology, whether it involves using PDAs (personal digital assistants), such as the popular Blackberry, or remotely logging in to the company’s computer system via a virtual private network (VPN), has made an employee’s daily commute to work virtually unnecessary. Although the term was coined in 1973 and initially faced slow acceptance, the concept is, in today’s world, being adopted by a majority of large and small companies alike, with great advantage to both employer and employee.

The telecommuting “virtual office” might consist of a smart phone or PDA, notebook computer, facsimile and voicemail capabilities. Since all of these items are now available in portable sizes, employees can work virtually anywhere. Employers that offer telecommuting as an option for employees generally report the following benefits:

  • increased productivity
  • increased job satisfaction
  • reduced absenteeism
  • lower employee turnover
  • potential savings in fixed expenses such as office rental, utilities and employee parking
  • improved customer service
  • improved employee morale
  • reduced employee stress and related medical expenses.

Telecommuting is also a method of providing accommodation to individuals with disabilities, but will not necessarily replace the need for physical workplace modifications. However, a qualified employee or potential employee with a disability who is offered the option of working at home may become a valued and productive employee through telecommuting.

Social networking in the workplace

The booming use of social networking sites has created many new challenges for employers in the workplace. The amount of time that American employees spend on social networking websites (such as Facebook, Twitter, LinkedIn, personal blogs, etc.) is massive. Although the use of such social networking sites is beneficial in many ways, a number of employment law issues arise from employees utilizing and employers accessing these networking sites and databases. In fact, widespread use of social networking media raises questions for employers and employees at every stage of the employment process, including pre-employment, during employment, and post-employment.

It is important to include a comprehensive social networking policy in an employee procedures manual and to conduct meaningful training for management and decision makers regarding what use of social networking, if any, is appropriate in the workplace. Such a policy should also clearly describe what uses of social networking sites are consistent with federal and state anti-discrimination laws, with the EEOC’s guidance on pre-employment inquires, and with other laws and regulations governing employee background checks.

Employees are often misinformed about their rights and responsibilities with regard to employers’ computer systems and other technology, often blurring the line between appropriate home versus appropriate work uses of new media. A social networking policy should include a clear disclaimer that employees should have no reasonable expectation of privacy in their workplace computers or other technology, that employers maintain all rights to access employees’ computers and technology equipment, and that routine monitoring to assess the use of such networking sites may occur with regularity. It is recommended that employees be informed in writing of the methods by which such monitoring will occur. Employees should be cautioned that marking files or communications private or protecting files with passwords does not create a legitimate expectation of privacy in employee material created at work. Most importantly, employees need to be on clear notice of what types of use the employer deems unacceptable.