|
Vol.
72, No. 3, March 1999
Coping With the Legal Perils of Employee
Email
Email communication between a company's
employees, or with its clients and the public, is fast, easy
- and potentially dangerous. Learn what steps companies are taking
to protect themselves by regulating employee use of email and
the Internet.
Editor's Note: To view Wisconsin Statutes and Acts referenced in this article
you must
have and/or install Adobe Acrobat
Reader 3.0 on your computer.
By Michael McChrystal, William Gleisner & Michael KubornToday, email
can be created easily and transmitted with virtually no difficulty,
either within a company or over the Internet. Email encourages
an informality and directness of communication that is hard to
achieve, even in person or over the telephone. It allows for
the rapid dissemination of ideas, plans, documents, and images
throughout a company or throughout the world literally at the
touch of a (mouse) button. In short, this miracle of the information
age appears to be just what business in our fast-paced world
needs to compete and thrive.1
Even lawyers are becoming convinced that email is the answer
to communicating with counsel, the courts, and clients.2
However, consider for a moment the potential problems that
email can create for a business or law firm,3
and then ask yourself how does a business protect itself from
those problems? For example, is a company liable when an employee
sends harassing email, or downloads pornographic material from
a Web site and distributes it to fellow employees? Can a company
be held responsible if an employee sends libelous email over
the Internet? What if an employee is angry or malicious enough
to send confidential information to competitors or anonymously
post such information on the Internet? What if an employee decides
to leave a job, but only after he or she emails confidential
customer or client information or trade secrets outside the firm
for improper postemployment use? In dealing with such problems,
how does a business balance its needs against the privacy rights
of its employees?
The difficulties of email communication are magnified a thousandfold
because it is, in a very real sense, becoming ubiquitous. Email4 is very rapidly becoming
"the" way to communicate, within a business or over
the Internet. According to an article by attorneys Mark S. Dichter
and Michael S. Burkhardt, Electronic Interaction in the
Workplace: Monitoring, Retrieving and Storing Employee Communications,5 published in early October
1996, 90 percent of all large companies, 64 percent of mid-size
companies, and 42 percent of small businesses used internal email,
and more than 40 million workers were corresponding via email.
Within the span of two years, email use has increased dramatically.
It's estimated that Internet users sent more than 6 billion email
messages last year,6
and it is estimated that worldwide there has been an explosion
of business users on the Internet.7
Internet email will grow exponentially as the worldwide use of
email increases.8 Moreover,
the distinction between internal company email and Internet email
is blurring, especially as more companies make Internet access
available from desktop systems or via an Internet server using
routers or similar technology.
Ease of use or abuse
The problems posed by email are very real and have resulted
in very real liability for several companies. The very ease with
which email can be created and disseminated appears to reduce
a user's inhibitions.
An employer
can be held liable for sexual or racial harassment perpetrated
or furthered by email.9
There is some suggestion that prompt action to remedy a hostile
atmosphere thus created may exculpate the employer.10
It would be dangerous for an employer to hope that it will escape
liability merely because it does not know such harassment is
ongoing, especially if the probability of such harassment is
foreseeable.11 Of course,
email is just one of many vehicles by which offensive conduct
may be communicated in the workplace. However, unlike other forms
of misconduct, the average employer may have more difficulty
detecting or preventing email harassment. Nevertheless, "a
company will be liable if management-level employees knew, or
in the exercise of reasonable care should have known, about a
barrage of offensive conduct."12
Some courts have held employers subject to liability if an
employee with apparent authority libels a third party or inflicts
trade disparagement in the furtherance of his or her employer's
business.13 The problem
for an employer who permits a large number of employees to send
out email over the Internet from a company Internet server or
from a company computer, lies not just in the fact that employees
may be viewed as clothed with apparent authority. Especially
if an employer also maintains a Web page, Internet email that
travels across state and international boundaries may potentially
subject an employer to the jurisdiction of foreign courts, with
all of the difficulties and costs that inevitably attend the
defense of an action far from the employer's home jurisdiction.14
If an angry employee publishes confidential information anonymously
over the Internet, or sends it to a competitor, the information
loses its confidential protection and becomes part of the public
domain.15 Obviously,
given the sophistication of today's Internet email systems, confidential
information and trade secrets can be easily shared with unauthorized
third parties.
Protecting against the misuse of email
Certainly, email abuse can and will occur. Unfortunately,
guarding against such abuse is not easy. There will be a growing
interrelationship between internal, or "intranet,"
email systems and Internet email systems in the years ahead,
especially if companies such as Microsoft have their way.16 The potential will
soon exist for an uncomfortable transparency between an office
environment and the Internet. Therefore, regardless of how companies
police the email activities of employees, they must exercise
considerable caution in implementing new technological solutions
that permit employees extensive access to the Internet.
While the need for employer policing or monitoring of employee
email activity will become more important in the years ahead,
such activity will have to be undertaken with extreme care. Although
the Fourth Amendment and other constitutional proscriptions do
not as a rule apply to private businesses,17
there are both state18
and federal19 statutes
that could be construed as prohibiting such monitoring on the
grounds that it invades the privacy or protected labor law rights
of employees.20 There
always have been limitations on the extent to which an employer
can search or otherwise monitor employee activities at work,21 and these cases often
have been resolved on the grounds that an employer unreasonably
invaded the employee's privacy.22
Courts have carved out exceptions to the monitoring of employee
activity where a legitimate business purpose can be demonstrated,23 and that includes the
monitoring of email communications.24
However, Congress has evinced a serious concern with the privacy
of email,25 including
email generated in the workplace. The Electronic Communications
Privacy Act of 1986 (ECPA) defines electronic communication in
such a way that it can be construed as applying to email. According
to the Act, electronic communication:
"[includes] any transfer or signs, signals, writing,
images, sounds, data or intelligence of any nature transmitted
in whole or in part by a wire, radio, electromagnetic, photoelectric
or photo-optical system that affects interstate commerce."26
The ECPA makes it illegal to intentionally intercept, use,
or disclose oral, wire, or electronic communications,27
and it provides for criminal, civil, and injunctive relief, as
well as attorney fees and other equitable relief.28
It could be argued that the ECPA's definition does not apply
to internal email systems, but the growing interrelationship
between intranet and Internet email systems undoubtedly will
render such a distinction virtually meaningless in the years
ahead. There are several relevant exceptions to the application
of the ECPA proscriptions. The most important exceptions are
predicated on business necessity and consent.
The business exception to the ECPA
To the extent employees are using email at work via company
computers, an employer may be justified in monitoring that email.
While unlimited and indiscriminate monitoring is very hard to
justify,29 the courts
will tolerate some monitoring. However, to the extent that "monitoring"
involves the surreptitious interception or surveillance of employee
email, monitoring activities will very probably find disfavor
in the courts. By analogy to telephone wiretap cases, while occasionally
permitted,30 surreptitious
interception or surveillance of employee telephone calls has
not been received well by the courts.31The
authors submit that any email monitoring should be done only
after notifying employees that their email will be monitored.32 While there may be
a justifiable business reason for undisclosed monitoring, a business
that does so runs a considerable risk.33
Next Page
|