Newspaper Articles

This collection of articles was published in the Detroit Legal News from 1995-1997. All were written in the infancy of the modern Internet, before the landscape surrounding Internet legal and business issues began to develop. Access to the Internet largely consisted of dial-up connections on a 14.4 kbs modem or slower. Both the technology and state of the law have evolved considerably since these were first published.

Employers Need Policies for Monitoring E-mail

Originally published January 11, 1996

E-mail is an increasingly common communications tool, both internally and outside of organizations whose computer systems are used for receiving and transmitting e-mail. An issue of particular concern to employers and employees alike is the extent to which employee email is private.

Unfortunately, like many issues arising as a result of the explosion computer-driven communications, the answer is largely unsettled.

Numerous articles in the popular media have suggested that employer review of employee e-mail is permissible - a conclusion that would undoubtedly come as a surprise to scores of employees who transmit what they perceive to be personal (and private) communications to friends, co-workers and business associates.

While the conclusion may be true in some circumstances, it is not necessarily the case in others. Moreover, what is done with the information gleaned from e-mail screening can create independent legal liability for the employer.

In 1986, Congress enacted the Electronic Communication Privacy Act (ECPA), legislation intended to expand the scope of wiretap laws to include most electronic communications, including email. The law is intended to protect individual privacy by restricting the interception and disclosure of real-time communications and unauthorized access of stored communications.

There are no reported cases addressing the extent to which certain exceptions in the ECPA grant employers the unfettered right to review and monitor employee communications. While some commentators have suggested that the employer has such a right as owner of the system, the conclusion is premature at best.

The underlying purpose of the ECPA was to protect individual privacy. Numerous situations can be imagined where employer actions in screening or acting on information obtained from employee e-mail would be highly offensive to individual privacy. Moreover, use of passwords, private accounts and tacit or overt encouragement (or tolerance) of personal usage can create certain privacy expectations. In this regard, e-mail can be analogized to a personal telephone call made by an employee.

State statutes also can apply in litigation revolving around e-mail usage. A number of states have right to privacy statutes. In California, for instance, a class action was brought under the state privacy statute by employees who discovered that the employer circumvented passwords and read email messages. The plaintiffs contended that the employer's practices were such that they were led to believe their e-mail was private.

Likewise, there is the potential for e-mail litigation under the common law torts of intrusion, misappropriation of name or likeness, public disclosure of private facts, false light, and intentional infliction of emotional distress, among others.

For employers that feel e security or business need to access employee e-mail, adoption of a clearly written and communicated employee email policy is a must. Failure to adopt and communicate the policy to employees may result inadvertent violations of the ECPA and state laws governing individual privacy.

Even if the employer does not have a practice of reviewing employee e-mail on a regular or random basis, a written e-mail policy which is communicated to employees is advisable. ECPA and state privacy law violations may be avoided if the employee consents to the interception and access of an e-mail based communication. An employer should reserve the right to monitor e-mail and diminish privacy expectations.

Many large corporations that have been using e-mail for years have already adopted comprehensive policies regarding employee e-mail usage. However, less sophisticated employers and those that have only recently implemented e-mail systems may be unaware of the possible legal liability associated with e-mail.

Adoption of a comprehensive e-mail policy should be considered in the context of the employer's objectives with respect to the e-mail system. An e-mail policy should:

• Be in writing, and communicated to employees (preferably accompanied by the employee's signed agreement to abide by the policy).
• Limit or prohibit personal or non-business usage of email (note: some employers are allowing employees to have separate private e-mail addresses for personal usage - moreover, personal usage of e-mail is common even in those organizations which purportedly prohibit personal e-mail use).
• Prohibit disclosure of confidential company information via e-mail.
• Advise employees that the employer may monitor and access messages at any time and may in appropriate circumstances act on such information.
• Prohibit employees from using or improperly accessing accounts of co-workers.
• Limit e-mail disclosure of particular transmissions or documents only to authorized recipients.

Aside from written e-mail policies, employers should be advised to exercise caution in monitoring e-mail communications. Particular usage of information obtained from employee e-mail can create greater legal exposure than the act of monitoring itself.

In many of the early unreported e-mail cases brought by employees on privacy or other grounds, the employer has prevailed. However, this is little consolation to the party incurring defense costs. Communication of the employer's policy regarding email usage is critical in diminishing privacy expectations. And when recommending e-mail policies to your clients, don't forget to examine your own e-mail policies and practices.