Employee Use of Technology in the Workplace: Privacy Rights, Sexual Harassment and Legal Issues
This is the first of a two-part blog on employee use of technology in the workplace. Today’s blog discusses employee rights when using technology in the workplace and employer obligations. The next blog will address the ‘new’ sexual harassment’ that can occur through text messages and corporate liability for sexual harassment claims.
The debate continues whether employers have the right to monitor what employees say and do using company computers for email, Internet searches, and other postings. As an employee you may have more privacy rights than you think when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically.
Driving the change in how these cases are treated is a growing national concern about privacy issues in the age of the Internet, where acquiring someone else's personal and financial information is easier than ever. Courts are more inclined to rule based on arguments presented to them that privacy issues need to be “carefully considered.” In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers and anything on them as company property. Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees.
In a 2009 case in New Jersey, Stengart v. Loving Care Agency, Inc., a worker on the brink of resigning from her job at the Loving Care Agency Inc. used a personal, password-protected Yahoo account on a work laptop to email her lawyer to discuss the details of a workplace discrimination suit she was planning to file against the agency. After the employee, Marina Stengart, left her job and filed suit, her employer extracted the emails from the hard drive of her computer laptop. A lower court found that the emails from Ms. Stengart were company property, because the company's internal policies had put her on sufficient notice that her emails would be viewed. But a New Jersey appellate court disagreed, ruling in her favor and ordering the company to turn over the emails to Ms. Stengart and delete them from their hard drives.
In 2010 the New Jersey Supreme Court affirmed the appellate court’s decision by overturning the previous ruling made by the trial court that a company-created policy provided sufficient warning to employees that all communications and activities performed on company-owned computers were subject to review by the employer and that there should be no expectation of privacy because of such policies. This case provides guidance to employees as to what extent they may expect privacy and confidentiality in personal e-mails composed on company-owned computers. Through its decision, the court ruled on two key issues which concluded that there should be a "reasonable" expectation of privacy in personal e-mails on company computers, and that attorney-client communication privileges and privacy should not be violated
Lawyers for corporations argue that employers are entitled to claim ownership of personal communication that occurs on work property. Employers fear productivity drops when workers spend too much time crafting personal email messages. Moreover, employers argue they have a right to expect their employees to be doing actual work when they are paid for working. From an ethical perspective it is hard to argue with this position. An employee has a personal responsibility to use company computers only for company-related business. An exception might be if an emergency arose at home, say a child became very ill and the employee felt compelled to text a message to another party in charge of the child’s well-being.
A common occurrence is for an employee to log in to personal email accounts from the office. In a 2009 study by the Ponemon Institute, a Traverse City, Mich.-based data-security research firm, 52% of employees surveyed said they access their personal email accounts from their work computer. Of those individuals, 60% said they send work documents or spreadsheets to their personal email addresses. Data security experts say such actions could invite viruses or security leaks.
More corporations are monitoring employees' email traffic. In a recent survey of 220 large U.S. firms commissioned by Proofpoint Inc., a provider of email security and data loss prevention services, 38% of companies said they employ staff to read or otherwise analyze the content of outgoing email. More companies also say they are worried about information leaks: Thirty-four percent of respondents said their businesses had been affected by the exposure of sensitive or embarrassing information.
In another case, Bonnie Van Alstyne, a former vice president of sales and marketing at Electronic Scriptorium Ltd., a data-management company, was in the thick of a testy legal battle in Virginia state court with the company over employment issues when it came to light that her former boss had been accessing and reading her personal AOL email account. The monitoring went on for more than a year, continuing after Ms. Van Alstyne left the company. Ms. Van Alstyne sometimes used her personal email account for business purposes, and her supervisor said he was concerned that she was sharing trade secrets.
The supervisor, Edward Leonard, had accessed her account "from home and Internet cafes, and from locales as diverse as London, Paris, and Hong Kong," according to legal filings in the case. Ms. Van Alstyne sued Mr. Leonard and the company for accessing her email without authorization. A jury sided with her, and the case eventually settled. Nicholas Hantzes, a lawyer for the company and Mr. Leonard, said employers could learn from the case that to avoid legal tangles they "should do everything they can to discourage employees from using personal email for business purposes."
The bottom line is a company should establish an internal policy about employee communications and make it clear that an employee would not retain an expectation of privacy when using company computers for personal e-mails.
Blog posted by Steven Mintz, aka Ethics Sage, on August 29, 2011