By Alan Gahtan - - January 1997
Most organizations with internal e-mail systems have installed gateways to allow the exchange of e-mail between users on their internal network and other entities on the Internet. Many are also at various stages of implementing secure firewalls to be used for providing desktop Internet access to their employees. Both these developments provide opportunities for employees to add new value to their employers business.
However, some employers are concerned that these facilities may also be used for inappropriate or non-business purposes and are uncertain of their legal rights to monitor employee usage of such facilities. In some cases, employers' fears of inappropriate use are justified. There have been instances of employees sending confidential information or corporate trade secrets through an employer's e-mail systems and employees using an employer's Internet facilities to start or operate their own businesses (in at least one case, an illegal business).
Employers may also find that they could be held liable for e-mail or Internet-related activities of their employees. In most cases, employee e-mail or Usenet postings carry the employer's name or trade mark as part of the employee's e-mail address. Defamatory, political or religious statements sent outside the company by employees may therefore be attributed to the employer.
Employers also have an obligation to provide a work environment free of discrimination and harassment. Inappropriate material circulated internally can create a problem. A subsidiary of Chevron Corporation settled a sexual harassment lawsuit for $2.2 million after a list called "Why Beer is Better Than Women" was circulated through its E-mail system.
Another concern is the potential liability for sexually explicit messages sent to other employees. Such e-mail messages can be used to support a harassment or discrimination case.
Pornographic images downloaded by employees is another big problem. In December 1996, a physicist working for Canada's Department of National Defence was arrested and charged with possessing and distributing child pornography. If pornographic images are downloaded and displayed on an employee's monitor then that can also contribute to a finding that the employer had allowed the creation of a hostile work environment for other employees.
Finally, much of the content accessible on the Internet is protectable by copyright or other property rights and needs to be used appropriately. The ease with which such content may be reproduced and an employee's belief that their actions are for the benefit of their employers may easily result in infringing behaviour in respect of such content.
Keeping tabs on employee productivity is another rationale given by some employers for their desire to monitor employee communications. In some industries, such as banking, insurance, telecommunications and travel, employee monitoring has been common place for some time. As many as 80% of employees in such industries may be subject to some level of telephone or computer-based monitoring. Also, with the advent of the Web, many other businesses are now interested in exploring ways of ensuring that company equipment and company time is not wasted on personal "surfing".
However, employers must take care not to infringe an employee's privacy rights. or violate laws prohibiting the interception of private communications. The later is an offense under the Criminal Code in Canada as well as the Electronic Communications Privacy Act and various wiretapping statutes in the US. Certain exceptions are usually available including the consent of the sender or recipient.
In some cases, statutory or common law rights of privacy may also limit the right to monitor someone without their consent. However, the applicability of particular laws or privacy rights to e-mail communications is often still not clear. Many of the cases decided to date have been in the US and in most cases they have tended to side with the employer.
A case in California brought by an e-mail administrator who was fired by Epson for complaining that her e-mail had been read was dismissed, notwithstanding that Epson had told its employees that their e-mail was confidential.
A similar lawsuit filed against Nissan Motor Company alleging tortious interception of employee e-mail messages was also unsuccessful. In the Nissan case, the California Court of Appeal affirmed a trial court's decision that found the employees did not have a reasonable expectation of privacy because they had signed a waiver form which provided that it was "company policy that employees ... restrict their use of company-owned computer hardware and software to company business."
More recently, a US District Court in Pennsylvania held that an expectation of privacy did not arise even though the employer, Pillsbury, had repeatedly promised not to intercept e-mail on its system. In that case, Pillsbury had advised its employees that all e-mail communications would remain confidential and that e-mail communications could not be used against its employees as grounds for termination. An employee who was fired for sending what the company deemed to be inappropriate and unprofessional comments to his supervisor using the e-mail system sued the company. The court dismissed the employee's claim before it even reached trial stating that it did not find a reasonable expectation of privacy in the communication notwithstanding the assurance by management.
However, courts have generally been progressively protecting employee's rights of privacy in the office. The recent e-mail related cases may simply be a situation of the law lagging behind technology. Also, in a particular case, an employer may affirm an employees' privacy rights either explicitly, such as through statements in manuals or corporate policies, or implicitly through a course of conduct.
There is a therefore a risk that the use or disclosure of either the contents of messages sent by employees or other information logged by the employer's computer system (such as the identify of the sender and recipient, etc.) may in a future case be found to constitute an unjustified invasion of privacy giving rise to civil damages even if such activity is not prohibited under criminal legislation. The risk of liability of an employer may also be substantially higher if messages are intercepted for purposes unrelated to the protection of an employer's business interests.
The important issue in determining whether an employer's monitoring activities violates the law or an employee's privacy rights may depend on whether the users of the system had a reasonable expectation that their messages will not be intercepted by any person other than the intended recipient. The use of passwords to gain access to the system, references to e-mail messages and mail boxes as being private and corporate policies are factors to be considered in determining the reasonable expectation of users.
The expectation of privacy may however be negated if users are advised as to the circumstances in which a message sent through the system may be subject to interception. Companies wary of lawsuits involving e-mail are encouraged to put in place explicit written policies dealing with e-mail and electronic monitoring. This topic will be covered in a future column.
Even though employees have not enjoyed much success to date in the courtroom regarding this issues, it should not be assumed that employers have an unlimited right to monitor e-mail or unlimited authority to act on whatever is discovered. Advice from counsel should be obtained before acting on information obtained from the interception of employee e-mail.
Related Sources: Canadian Legal Resources | Cyberlaw Encyclopedia | Entrepreneur Resources | Canadian Technology | Precedents | Alan Gahtan
© 2005 Alan M. Gahtan. All Rights
Reserved | Use is subject to these Legal
Disclaimer: Not all materials may be applicable in your jurisdiction. Not intended to be a substitute for professional advice. No implied endorsement of, or affiliation with, any linked sites. Path to individual pages may change - please link to home page only. Linking Info