Skip to content Skip to footer

Table of contents

This Massachusetts Human Resources Manual is offered to you for free. Find state specific laws and regulations below.

Protecting electronic information — Massachusetts

Employers are currently impacted by both an increased governmental presence in the workplace and the existence of the Internet. Most employees now have access to a relatively unregulated digital domain on their computers in which they can access content that may be inappropriate for the work environment and that may easily distract them from their jobs. The ease of electronic mail can lead to harassment claims. Communications by e-mail have replaced memos, letters, telephone conversations and even in-person conversations. Blogs, if not managed properly, may disclose internal company business or inadvertently disclose confidential matters. Internet access presents the risk of copyright and trademark infringement litigation. With these issues in mind, this chapter will address some of the most serious and pressing aspects of operating a company in the Internet age.

Monitoring employee use of the Internet

Given the threat of employee disloyalty, espionage and theft, employers are increasingly using a variety of monitoring techniques to keep employees in line. Surveillance of employees raises a host of privacy concerns and potential liability for employers.

Many employers feel that surveillance of employees is not only an effective tool to combat such things as employee espionage and theft, but also can improve employee productivity and efficiency. Opponents, however, maintain that computer and electronic monitoring wrongfully intrudes into employee privacy. There is no question that electronic surveillance is more intrusive than personal monitoring because employees can be watched at all times, sometimes in complete secrecy.

This chapter will first address how employers monitor employees via computer and other electronic means and the legal issues that arise out of such monitoring.

Video display terminals and computers

Given the advances in technology, employers now have the ability to monitor display terminals. Technology is available that allows employers to monitor when an employee turns the monitor on or off, the number and sequence of keystrokes and so on. Many employers also review Internet “histories” of employees to determine whether sites visited are in the best interest of the company and are work related.

Computers can be used to track the number of sales made by employees. Some trucking companies use computers to monitor the drivers’ speed and duration of stops. Building access security cards now enable employers to determine when employees arrive and leave work.

Electronic communication

The Electronic Communications Privacy Act (ECPA) defines an electronic communication as any transfer of signs, signals, writings, images, sound, data or intelligence of any nature transmitted in whole or in part via wire, radio, electromagnetic, photo-electronic or photo optical system. This includes e-mail and text messages, among other things.

Electronic storage of information

The ECPA allows employers to retrieve electronically stored information. Not much litigation has arisen under this section because the employer’s legal right to retrieve information is fairly broad and clear. Some plaintiffs, however, have tried to be creative.


A plaintiff claimed an “interception” occurred where messages were retrieved from storage before they were sent. The court rejected the argument. Similarly, another court held that an employer’s search of e-mail messages was not illegal. The court found that no “interception” had occurred, and that the applicable statute was Title II (electronic storage) rather than Title I (interception).

Common e-mail

Courts have held that, even if an employer had repeatedly told its employees that its e-mail system would remain confidential, an employee does not have a reasonable expectation of privacy in sending a threatening e-mail to a supervisor over the company e-mail system. The company’s interest in preventing inappropriate and unprofessional comments (or even illegal activity) over its e-mail system outweighs any interest in employee privacy.

Computer and communication policies

The technological advances of today’s workplace have given employees access to many types of communication devices, including computers, computer networks, e-mails, pagers, the Internet, smart phones and phone systems with voicemail messaging capabilities. An employer may implement a “computer and communication policy” in order to protect itself from misuse of such systems. However, changes to the law in this area prohibit employers from barring all non-business use of electronic communication tools for employees already given access to such tools. An employer should have legal counsel review its computer and communication policy to ensure compliance with federal and state laws in this area.


Since 2000, the Electronic Signatures in Global and National Commerce Act (ESIGN) has allowed online documents, signed using digital signatures, to carry the same legal weight as written documents. ESIGN allowed the expansion of fully electronic e-commerce, unhindered by any requirement for a signed written document. This allows, as an example, real estate purchases to be carried out by parties across the world and completely online, without these parties having to attend closings or fax documents back and forth.

The key to ESIGN is authenticity and identity. This technology has been in place for several years and is already used in the transfer of certain files from online providers. The technology allows a signature to be permanently affixed to the online document, much like an ink signature and transferred with the document wherever it is sent.

Combatting disparagement on the Internet

Employers have sometimes been victimized by improper use of the Internet by current or former employees. Some people who are hostile to a company may operate or post unfavorable and disparaging information about the company on various websites or make disparaging comments in Internet chatrooms or blogs. Sometimes the information posted on the Internet may be confidential or proprietary company information which should not be disclosed outside the workplace. The identity of the person who discloses such information, however, may be difficult to determine because Internet users often use an alias or pseudonym when posting comments on Internet sites.

Taking legal action to protect the company

Employers who believe that the information or comments posted on an Internet site have violated their legal rights by disparaging them or revealing proprietary business information can, if they act swiftly, determine who has posted the improper comments or information in order to pursue claims against those persons. In order to learn their identity, it may be possible for the employer to file a lawsuit against an unknown person identified in the lawsuit as “John Doe.” Once the lawsuit is filed, the employer may seek information from the Internet host through a subpoena aimed at identifying the electronic address of the person who posted the offending comments. It may also be possible for the employer to issue a subpoena to the offender’s Internet service provider to learn the identity of the person who posted the data in question.

It is important for employers to act quickly to attempt to trace the origin of an offensive posting or improper e-mail because many of the website hosts and Internet service providers retain the identifying information for a very short period of time, sometimes as short as 30 or 60 days. If the subpoena is not served within that time frame, the information may be lost. Once the employer knows the identity of the person who has posted the improper comments, the employer can determine whether the employee violated an obligation to the employer to protect confidential data, breached a duty of loyalty or made false and disparaging statements about the employer.

Social networking policies

Employers may want to include a social networking policy under which the employer may monitor or restrict an employee’s online activities during working hours or on work computers and, more specifically, monitor or restrict an employee’s use of social networks including Facebook, Twitter and others. The use of social networking sites at work can cut both ways. For some employers, it provides employees an opportunity to expand their contact base and increase their public profile. If used appropriately, this can benefit the employer. However, the concern is that use of these sites during the workday hampers or reduces productivity. Social networking policies require individualized attention and should be specifically tailored to the needs of each individual employer. Importantly, an employer who decides to include a social networking policy in its employee manual should have legal counsel review such policy to ensure compliance with federal and state laws as this area of the law is constantly changing.