A recent ruling imposed liability on an employer in a suit filed by the victim of an employee who used company computers for criminal activities. To avoid such liability, employers should carefully monitor their employees’ computer use and report criminal activity to authorities. Monitoring, however, could result in a violation of the Electronic Communications Privacy Act (“Act”) which prohibits the interception, disclosure, and intentional use of wire, oral, and electronic communications, including those of employees. Thus, how do employers monitor employees’ computer use to ensure it is not being used for criminal (or other non-permissible employer) activity without violating the Act?
The Act provides an employer may monitor computer use if the employee consents to the monitoring. The most efficient manner in which to obtain a consent is for the employer to institute a written computer privacy policy which does the following:
● Advises all employees that company computer use is not private and e-mail will be monitored without prior notice.
● States computer and Internet access and use are for business purposes only and not for personal use.
● States inappropriate communications, such as sexist, racist, or obscene material, will not be tolerated, and will lead to disciplinary action up to and including termination.
● Advises employees how company confidential information must be transmitted by e-mail, including advising the recipient that all information is confidential and should be treated the same by the recipient.
● Acknowledges the employee’s consent to be monitored and requires the signed privacy policy be returned to the employer or the employee will be terminated.
Once a written privacy policy is implemented by an employer, the employer should routinely monitor e-mails so that its employees are aware that the monitoring policy is being enforced. If a violation of the privacy policy is discovered, the employer should uniformly and consistently exercise discipline for violations of the policy. Courts have held that an employer’s failure to enforce its own computer usage or email communication policy may inadvertently lull employees into a “false sense of security,” thereby vitiating the effectiveness of the policy, especially if there is a court proceeding and the employee asserts his or her reasonable expectation of privacy right. Even the best written policy is ineffective if the policy is rarely enforced.
If you have a question about a privacy policy or would like to add a privacy policy to your company’s employment manual, please telephone a member of the firm.