October 27, 2018

Employee privacy and expectations of privacy in the electronic age


Employee privacy and expectations of privacy in the electronic age

Does your organization have a policy concerning the use of its computer equipment? Has it addressed the use of E-mail by employees for personal communications?  Has it distributed copies of these policies to the staff?

The expectations of employees concerning E-mail privacy and the privacy of other material stored or sent on an employer's computer equipment for personal reasons is becoming a significant issue. The topic has been placed on the table in the course of collective bargaining while elsewhere employers have unilaterally adopted policies.

It would seem prudent for an employer to have a policy in place limiting or prohibiting the use of employer E-mail programs by a staff member for personal business. Some have suggested that without such a policy in place an employer could be exposed to claims of invasion of privacy if it reads E-mail records or the employee's "personal files" stored in the employer's computer.

On the other hand, complaints could arise alleging libel or unlawful discrimination resulting from an individual's using the employer's computer equipment. Some have observer that sending out an E-mail with a return address like  from "JSmith[at symbol]XYZagency.gov" is much like sending out a letter on government letterhead. 

What should be set out in such a  policy?

At a minimum the employees should be told that the use of  the "employer's E-mail program is limited to "department or agency business" and that they should not expect any "privacy" with respect to any information, personal or private business related, received, transmitted or stored electronically on the employer's computers.

The Society for Human Resource Management has recommended that employees be required to acknowledge in writing that they have been advised of the employer's computer/E-mail policies.

The following is adopted from the Society's model statement concerning the use of company equipment and the employer's E-mail capability by employees for personal purposes:

I, [name of employee], am aware and agree that, regardless of its source, [name of the employer] has, and may exercise, its rights to review, intercept, access, record, use and disclose all E-mail correspondence as well as all files and records in its computer system at any time, with or without any notice to employees, or the consent of any employee. I also understand that I have no right to expect any privacy with respect to any material I send, receive, place or retain in or through the [name of employer]'s computer system, including, but not limited to, E-mail sent to or received by me from a coworker or from an another individual or organization. I also understand and agree that the use of any office equipment, including any E-mail capability, in violation of this policy may  result in disciplinary action being taken against me.

A number of law suits have been filed against employers alleging that offensive, discriminatory or libelous communications concerning an individual, was created, transmitted or circulated by employees using the employer's electronic data processing equipment. For example, in Strauss v Microsoft Corporation [USDC SDNY, 91 Civ 5928], a federal district court allowed a former Microsoft employee,  Karen  Strauss, to introduce E-mail messages between Microsoft workers as evidence of sexual harassment.

Other means of communicating the employer's policy to staff include having a copy of the statement printed in the employer's "employee handbook"; posting a copy of the policy on all employee bulletin boards; and having a "reminder" greet the computer user each time he or she activates a computer terminal or desktop computer. It may also be advisable to periodically circulate a copy of the policy to all staff members or from time to time attach a copy of the policy to the employees' paycheck.

Once a policy is established, the employer should adopt procedures, and designate the individuals, to implement it and, in addition, periodically review it in order to "keep it current."

On a related issue, does your organization have a policy prohibiting employees from "electronically sabotaging" the work of another staff member or the company's database? This may become an increasing important concern as more and more work is performed electronically.

The New York State Department of Education's State Archives and Records Administration has published a booklet Managing Records in E-Mail Systems. The booklet includes a sample E-mail policy as well as suggestions concerning "E-mail etiquette." For a free copy of the booklet, write to the State Records Advisory Services, 9C71 Cultural Center, Albany, New York, 12230 [518-474-6771].

Employers also should be familiar with the provisions of the Electronic Communications Protection Act of 1986 and the federal Wiretap Act which set out a number of standards dealing with employee privacy in the workplace.