The blurring of use, however, can lead to disputes between employers and employees. Despite employee objections, employers have legitimate reasons for monitoring all employee communications — even ones that an employee would consider private.

First is productivity. While on the job, employees are supposed to be working, and monitoring is one way to ensure that employees are using work technology appropriately.

A second concern is data security. Many employees are provided access to confidential information, which can easily be improperly transferred or disclosed using today’s technology.

A third issue is liability/litigation. Informal e-mails and text messages often can come back to haunt employers years later in a lawsuit against the company. For example, workplace harassment lawsuits have become prevalent, and one way to prevent any harassment in the first place is the monitoring of employee communications. One court has cautioned that “the abuse of access to workplace computers is so common (workers being prone to use them as media of gossip, titillation, and other entertainment and distraction) that reserving a right of inspection is so far from being unreasonable that the failure to do so might well be thought irresponsible.”

Informal e-mails and text messages often can
come back to haunt employers years later in a lawsuit against the company.

Privacy Disputes

Disputes over privacy of communication on employer-provided technology are becoming more common. Lawsuits by employees have been brought under Federal laws, such as the Electronic Communications Privacy Act of 1986 (“ECPA”), which generally prohibits the intentional interception or disclosure of electronic communications, state laws, like the Illinois Eavesdropping Statute, or the common law on invasion of privacy.

Generally, the deciding issue in these types of cases is whether the employee expressly or impliedly consented to monitoring of the alleged private communications. In determining whether consent has been given, the courts examine whether:

1) the company has a clearly articulated policy;

2) the company enforces the policy and generally monitors the use of its technologies;

3) the company has access to all communications; and

4) the company notified the employee about this policy.

Two cases decided in 2010 address the complexity of the issue. In the first, the New Jersey Supreme Court ruled that attorneys for an employer violated the privacy rights of a former employee and the rules of professional conduct by reading e-mails the employee had sent on a company laptop through her personal, password-protected e-mail account. While the employer had a written policy which stated that the employer reserved the right to review and access “all matters on the company’s media systems and services at any time,” the court determined that it was not entirely clear whether “media systems and services” covered the use of personal, password-protected, web-based e-mail accounts via company equipment.

Conversely, in a 2010 decision by a federal court in Illinois, the court determined that the president of a company had consented to interception and monitoring of his e-mails and text messages under the ECPA, the Illinois Eavesdropping Statute, and other laws. The court found that because the company had a clearly articulated policy which stated that “electronic mail messages sent and received on Company equipment are not private and are subject to viewing, downloading … and archiving by Company officials at all times,” and also defined “electronic mail messages” as including “personal/private/instant messaging systems,” the plaintiff had consented to the logging of his e-mails and text messages.

To avoid disputes and litigation, an employer should adopt a written, clearly defined policy, which should:

• Notify employees that all employer equipment may be monitored.  Employees should be told that monitoring may include employer provided technology — computers, laptops, PDAs, cellular phones, and voice mail, whether used on company property, at a home office, or at another remote location.

• Clearly describe the type of media covered. The policy should specifically address anything an employee might reasonably consider to be private, such as personal e-mail accounts, social networking sites, chat services, text messages, blogs or other websites. The policy should be open-ended and applicable to future technology.

• Alert employees that deleted information may be recovered.  Explain that information the employee may believe has been deleted may, in fact, be retained by the company and can continue to be accessed.

• Advise employees that all information is company property. State unequivocally that the employee has no reasonable expectation of privacy over any information or communications that he or she accesses using company-based resources, including the items discussed above, and that these items may be monitored or retained by the company indefinitely and accessed at any time, without notice.

• Advise employees of the reason for the policy. Explain that such information may be disclosed for purposes of investigation, litigation, internal dispute resolution, or the like (regardless of whether that particular employee is directly involved), in addition to other legitimate business purposes, as defined by the company as the issues arise.

• Provide for no exceptions. Explicitly state that the policy can only be changed in writing by a specific high-level employee (name the employee or position), and that any modifications to the policy from other employees or managers of the company will have no effect.