LOOSE CANNONS AND SMOKING GUNS

Membership Index Why Join AIF How to Join Membership Benefits Join Now

Governmental Affair Index AIF Lobbying Team Recent Victories Key Business Issues AIF Councils AIF Policy Committees Session Blog Issue Questions Voting Records

Political Operations Index AIF Political Council AIFPAC Prosperity Project

Action Central Index Locate Legislator Contact Legislator Contact Committee Links Issue Questions

Information Center Index Message from CEO Special Notices Press Releases Other Information Legislative Information (Public) Legislative Information (Members) Publications Archive Search Members Only Archive Sign Up for Publications

Council Index Home Hurricane Rating Coalition Education & Workforce Development Energy Financial Securities Governmental Outsourcing Hospitals Information Technology International Affairs Maritime Sign Up for Councils and Committees

AIF Members Log In Forgot Your Log In? Political Council Members Log In Join AIF

About Us Mission Statement AIF Staff Officers Member Benefits

Links

Message from CEO Special Notices Press Releases Other Information Legislative Information (Public) Legislative Information (Members) Publications Archive Search Members Only Archive Sign Up for Publications

by john edward alley
& jason l. gunter

LOOSE CANNONS AND SMOKING GUNS
Does Electronic Communications Surveillance Belong In Your Arsenal?

According to some estimates, there are currently 20 million users of e-mail transmitting 60
billion messages annually; usage is expected to double by the year 2000. E-mail and other electronic communications, such as voice mail, are useful--indeed, necessary--workplace tools. These technological advances, however, also bear negative consequences, namely a whole new species of lawsuits against employers.

E-mail is an easy and speedy method of communication, which is not necessarily a good thing. With the click of a mouse, an employee can e-mail every computer user in a company, or he can post a message on the Internet where hundreds of thousands of people can read it.

With that mouse click, a trusted employee could turn into a loose cannon, shooting off a blast that exposes the employer to a barrage of potential losses and liabilities. For example, the employee might leak trade secrets to competitors, engage in sexual harassment of a coworker or subordinate, disseminate racially offensive remarks, defame someone, or even infringe upon a trademark or copyright by reproducing and disseminating the protected intellectual property of another. An employer’s interest in protecting itself from the substantial--even disastrous--liability that could ensue is obviously significant.

And, because e-mail is virtually unerasable, it can be the kind of smoking gun plaintiffs’ attorneys try to sniff out during the discovery phase of litigation. Deleting an e-mail does not eradicate its existence because it can be retrieved from back-up files or hard drives virtually into perpetuity.

The Cost of E-mail

A case in point is the 1995 lawsuit, Strauss v. Microsoft. This case involved an allegation of sex discrimination against Microsoft. In support of her claim, the employee sought to admit into evidence sexually discriminatory statements made by her boss via the company’s e-mail system. Notwithstanding Microsoft’s objection, the federal court ruled the e-mail messages admissible under the Federal Rules of Evidence to the same extent as any paper document. Thus, in one fell swoop, e-mail transmissions made by Microsoft employees were both the instrument and the evidence of actionable sex discrimination.

Two other interesting e-mail cases are Curtis v. Citibank and Owens v. Morgan Stanley & Company, lawsuits that some speculate will unleash an avalanche of cases in which e-mail is used as critical evidence against an employer.

Curtis involved two black employees of Citibank who alleged that white supervisors disseminated "vulgar and racially vile messages that demeaned and ridiculed African-American people." The plaintiffs further alleged that these messages resulted in the creation of a "pervasively abusive, racially hostile work environment" in violation of Title VII of the Federal Civil Rights Act.

In Owens, the plaintiffs claimed that an e-mail message transmitted by an employee of the firm, purporting to be a homework assignment by a public school ninth-grader named Leroy who misuses words in an obscene manner, was intended to mock African-American street slang. In an effort to increase the potential liability of Morgan Stanley, the plaintiffs brought the lawsuit as a class action on behalf of all black employees of the huge investment firm.

Many other cases have been filed against employers by third parties based on e-mail messages sent by employees, exposing their employers to potential liabilities on many different premises. Although some cases have been settled out of court, the costs of settlement and related litigation run into the millions.

Is surveillance of e-mail the solution? Obviously many believe so. Statistics indicate that at least 20 million U.S. employees may be subject to electronic monitoring in the
workplace. However, surveillance is a far-from-perfect solution, and may, in and of itself, give rise to a different panoply of legal problems and concerns that can’t be ignored.

I Need My Cyberspace

Even with electronic monitoring, by the time an employer finds the offending message the damage may already have been done. Even if the employer disciplines the employee or curtails further wrongful acts, once the loose cannon has fired its missile, litigation may be unavoidable. Surveillance may also foster an atmosphere of distrust, lowering employee morale and breeding poor employee relations, that may lead to union campaigns or the loss of key employees. Some employees are bound to perceive monitoring as Orwellian, a case of Big Brother watching.

Legitimate attempts by employers to monitor their employees’ workplace communications have spawned expensive and time-consuming litigation against the employer by the employees themselves. Most of these lawsuits, which are growing in number, are based on claims that the employer has invaded the privacy of the employee in violation of state and/or federal law.

For instance, monitoring lawsuits may be predicated on the federal Electronic Communications Privacy Act (ECPA) that, generally speaking, forbids the interception of oral, wire, or electronic communications. Violation of ECPA is a federal crime; it can also result in civil liability to the aggrieved party. While our research has not revealed a single case involving e-mail privacy brought under ECPA, there is no question that the law not only applies to tape recording of statements and monitoring of live phone conversations, but also to the monitoring of voice mail
and e-mail.

There are exceptions to ECPA under which an employer may legally intercept the communications of its employees and even disclose those communications to others. For example, if an employer obtains the prior consent of its employees, the employer may monitor its employees’ communications without fear of criminal or civil liability under ECPA. This consent may either be express (an employee signs a consent form) or implied (the employer clearly notifies its employees that communications will be monitored).

A second important exception recognized by ECPA is monitoring of employee communications for legitimate business purposes, such as quality assurance, employee evaluation, or to ensure productivity. Moreover, since the employer has provided computers, e-mail, voice mail, and the like to further its business purposes, it should be able to monitor them to ensure employees are not misusing these communications media. Certainly no employer wants employees lost deep in the world of cyber-porn or other diversions when they should be furthering the business purposes of the employer.

However caution must be exercised. There have been instances where courts have found that employers have exceeded the bounds of legitimate monitoring and violated ECPA. In an Arkansas telephone monitoring case, Deal v. Spears, the court found that the employer unlawfully monitored the content of over 22 hours of personal calls while attempting to confirm a suspected conspiracy to commit theft of employer property. The calls, many of which related to an extramarital affair, were made by the suspected employee from a phone in his mobile home which was linked by an extension to the phone in the employer’s business.

If confined to business calls, telephone monitoring should present few problems, as long as some guidelines are followed (see next paragraph). As a rule of thumb, however, most courts hold that monitoring of personal calls, even at work, is not within an employer’s legitimate

business purposes. Because an employer will not know beforehand whether a given call is related to personal or business affairs, it is allowed to monitor personal calls for the limited purpose of making a determination of the nature of the call. Clearly, employers have a bona fide business interest in making sure employees do not spend an inordinate amount of time on personal calls while at work, and courts have found monitoring to reduce per-sonal use to be permissible under ECPA.

In a case involving a potential violation of ECPA, the courts will consider the following:

Did the employer have a reasonable business purpose for the intrusion?

Were the employees provided notice of the possibility of monitoring?

Did the employer act consistently with respect to the extent of the notice of monitoring given to the employees?

This last factor suggests that employers must be careful to exercise their monitoring policies in an even-handed, nondiscriminatory fashion. For example, the employer will want to avoid being lenient or overlooking the use of communications devices for some non-business purposes, while clamping down on other, less favored uses, such as employees using e-mail or the telephone for unionizing activities.

In a 1992 case, a company that allegedly used hidden bugging devices and telephone wiretaps to thwart a unionization drive agreed to pay $50,000 to individual plaintiffs, $125,000 for attorney fees, and $200,000 toward a class claim by workers whose conversations were allegedly recorded secretly by the company. Believe it or not the company "got off easy." Yes, it settled for a huge sum of money, but if found guilty under ECPA each individual violator could have received up to five years in prison and up to $250,000 in fines.

The State of State Privacy Laws

In addition to federal law, there are state laws that govern employee privacy. If the state law is more stringent it will supersede federal law in court. This is the case with the Florida Security in Communications Act (FSCA), which for the most part echoes the provisions of ECPA. Under the state law, however, an employee’s prior consent to monitoring may not be enough to relieve an employer of liability.

Under FSCA, both parties to the communication must consent to monitoring. In other words, if an employer monitors the telephone or e-mail communication between an employee and a non-employee, the employer could still be liable for the interception if the non-employee has not consented to the monitoring. Like ECPA, however, Florida’s law provides a separate legitimate business purpose exception. A Florida employer can also help itself by making sure that it monitors only business-related communications for legitimate business purposes and by clearly notifying employees beforehand that it is going to do so.

Employees subjected to monitoring have sometimes sued employers for invasion of privacy under state common law tort principles. Virtually every state, including Florida, has several species of privacy torts under which a plaintiff can potentially recover money damages. The most germane to our purposes is the so-called "unreasonable intrusion" tort. Briefly put, an employer is liable for this tort when it unreasonably intrudes upon an employee’s private life or activities in a manner that would be considered substantial and highly offensive to a reasonable person.

Smyth v. Pillsbury Corporation is the seminal case involving e-mail monitoring in the workplace. The case involved Smyth, one of Pillsbury’s regional operations managers who, while working at his home, transmitted "inappropriate and unprofessional" e-mail messages
from his home computer to his supervisor at work. The messages were highly critical of the company’s sales managers and contained threats to "kill the back-stabbing bastards." Smyth also referred to a planned company party as the "Jim Jones Kool-Aid affair."

After intercepting the messages, Pillsbury terminated Smyth, who then sued for common law invasion of privacy and wrongful termination under Pennsylvania state law. However, the court ruled that Smyth had no valid claim against Pillsbury, mainly because he had no reasonable expectation of privacy in his workplace e-mail. Pillsbury had a written policy informing employees that their e-mail could be monitored and the court found this, coupled with the fact that the messages were voluntarily sent over a system provided by the company for work-related purposes, overshadowed the fact that Pillsbury had allegedly orally assured Smyth that his e-mails would be confidential and private.

Furthermore, the court ruled that the company’s interest in preventing inappropriate and unprofessional comments or illegal activity over its e-mail system outweighed any privacy interest Smyth might have had or expected in his comments. The main thrust of the Pillsbury case is that if an employee does not have a reasonable expectation of privacy in the content of the communication, an employer cannot be liable for the tort of invasion of privacy for intercepting or accessing electronic communications transmitted by the employee via systems and equipment provided by the employer.

Balancing Competing Interests

Both electronic communications and the monitoring of it have become practical business necessities in the age of cyberspace. So, how does one maintain state of the art communication systems while at the same time minimizing liability and maximizing employee satisfaction and morale?

The answer lies in implementation and maintenance of an intelligent monitoring policy under the guidance of experienced labor and employment law counsel. Such a policy should be constructed within the contours of applicable state and federal laws and tailored to fit the needs and style of the particular business to optimize protection from liability.

The implementation strategy should also include educating employees as to why the policy is necessary, as well as in their best interest. Treating employees as adults who are capable of understanding that workplace monitoring is done for sound business reasons will help. After all, what good will it do the employees if a business is forced to close its doors because of a disastrous money judgment rendered against it?

Employees are far more likely to accept the monitoring practices of their employers if the employer notifies them beforehand. They should be made aware of the necessity for a monitoring policy. Explain to them the many ways in which an employer can be exposed to liability in this litigious society and that it is to the best advantage of all concerned to be sensitive to these issues. The employer should also explain that monitoring will enable it to further the crucial goals of quality, efficiency, productivity and good customer relations that, in turn, will inure to the benefit of the entire team.

To avoid legal problems, every employer should have an electronic communications policy and practice that is clear and unambiguous. The articulation and dissemination of such a policy and practice, coupled with training sessions to educate managers and employees about the law and the rationale for monitoring, should provide ample protection to employers against any claim that an employee’s reasonable expectation of privacy was violated. At the same time, it will foster good employee relations.

Electronic communications in the workplace and the technology facilitating it are bound to increase. Concomitantly, the law will continue to evolve. Therefore, the resourceful, enlightened, and prudent employer will stay abreast of the technological innovations--and accompanying legal changes--while maintaining policies and practices that will protect, and even foster its business interests, while creating a climate of loyalty and high morale among employees.

John-Edward Alley and Jason L. Gunter are with the law firm of Alley and Alley/Ford & Harrison, LLP, where Alley is a partner.

The following are the main considerations in developing a
comprehensive and effective electronic communications policy:

The policy should be disseminated in as many ways as practicable. Employees should be given a written copy of the policy and, in turn, should acknowledge in writing that they have received and understood it. The policy should be included in employee handbooks, on company bulletin boards, and perhaps in periodical written reminders to employees. Having the notification appear on computer screens each and every time an employee logs onto the network would also be wise.

All notifications, regardless of format, should clearly inform employees that the computers,
e-mail and voice mail systems, and similar equipment are the property of the employer, are subject to monitoring by the employer, and are not for personal use.

Employees should be specifically advised that they should not expect privacy in the content of their e-mail or other messages and that the employer unequivocally reserves the right, without prior notice, to monitor, access, and disclose anything sent over its electronic systems.

Make it clear that the employer may override passwords and codes for legitimate business purposes and that all passwords and codes must be promptly disclosed to facilitate the employer’s access.

Specify in the written policy that the use of computers, telephones, voice mail, and e-mail for unlawful, threatening, harassing, defamatory, obscene, or any other inappropriate communications, or one that violates the policy of the employer in any way, is strictly prohibited and that violators of the policy are subject to disciplinary measures up to and including termination.

Explain to employees in the written policy that comments that may be intended simply as jokes or merely to "let off steam" can be, and often are, misconstrued, leading to costly legal problems for the business on which they all rely for a paycheck.

Employees should be made acutely aware that the delete function on the e-mail system simply stores messages differently, it does not delete them.

Emphasize to managers and employees that in composing e-mail messages, they should be as careful as they would in preparing any written document and that each document they author should be written as if it were going to be read in public, or to their parents, spouse, or children.

Employees should be reminded that any transmission goes out, in essence, with the company’s letterhead over it, meaning that, however informal the communication, it is still undertaken on behalf of the company.

Nov/Dec 1998 -- Florida Business Insight, PO Box 784, Tallahassee, Fl 32302
(850)224-7173, insight@aif.com

516 North Adams Street ● Post Office Box 784 ● Tallahassee, Florida 32302-0784 ● Phone: (850) 224-7173 ● Fax: (850) 224-6532 ● www.aif.com

Contact Us | Search | Site Map
Associated Industries of Florida Service Corporation ● 516 North Adams St. Tallahassee, FL 32301
Copyright 2008 All Rights Reserved Reproduction in Whole or in Part is Prohibited without prior written permission