Coping With the Legal Perils of Employee Email

Email communication between a company's employees, or with its clients and the public, is fast, easy - and potentially dangerous. Learn what steps companies are taking to protect themselves by regulating employee use of email and the Internet.

Editor's Note: To view Wisconsin Statutes and Acts referenced in this article you must
have and/or install Adobe Acrobat Reader 3.0 on your computer.

Today, email can be created easily and transmitted with virtually no difficulty, either within a company or over the Internet. Email encourages an informality and directness of communication that is hard to achieve, even in person or over the telephone. It allows for the rapid dissemination of ideas, plans, documents, and images throughout a company or throughout the world literally at the touch of a (mouse) button. In short, this miracle of the information age appears to be just what business in our fast-paced world needs to compete and thrive.¹ Even lawyers are becoming convinced that email is the answer to communicating with counsel, the courts, and clients.²

However, consider for a moment the potential problems that email can create for a business or law firm,³ and then ask yourself how does a business protect itself from those problems? For example, is a company liable when an employee sends harassing email, or downloads pornographic material from a Web site and distributes it to fellow employees? Can a company be held responsible if an employee sends libelous email over the Internet? What if an employee is angry or malicious enough to send confidential information to competitors or anonymously post such information on the Internet? What if an employee decides to leave a job, but only after he or she emails confidential customer or client information or trade secrets outside the firm for improper postemployment use? In dealing with such problems, how does a business balance its needs against the privacy rights of its employees?

The difficulties of email communication are magnified a thousandfold because it is, in a very real sense, becoming ubiquitous. Email⁴ is very rapidly becoming "the" way to communicate, within a business or over the Internet. According to an article by attorneys Mark S. Dichter and Michael S. Burkhardt, Electronic Interaction in the Workplace: Monitoring, Retrieving and Storing Employee Communications,⁵ published in early October 1996, 90 percent of all large companies, 64 percent of mid-size companies, and 42 percent of small businesses used internal email, and more than 40 million workers were corresponding via email. Within the span of two years, email use has increased dramatically. It's estimated that Internet users sent more than 6 billion email messages last year,⁶ and it is estimated that worldwide there has been an explosion of business users on the Internet.⁷ Internet email will grow exponentially as the worldwide use of email increases.⁸ Moreover, the distinction between internal company email and Internet email is blurring, especially as more companies make Internet access available from desktop systems or via an Internet server using routers or similar technology.

Ease of use or abuse

The problems posed by email are very real and have resulted in very real liability for several companies. The very ease with which email can be created and disseminated appears to reduce a user's inhibitions.

An employer can be held liable for sexual or racial harassment perpetrated or furthered by email.⁹ There is some suggestion that prompt action to remedy a hostile atmosphere thus created may exculpate the employer.¹⁰ It would be dangerous for an employer to hope that it will escape liability merely because it does not know such harassment is ongoing, especially if the probability of such harassment is foreseeable.¹¹ Of course, email is just one of many vehicles by which offensive conduct may be communicated in the workplace. However, unlike other forms of misconduct, the average employer may have more difficulty detecting or preventing email harassment. Nevertheless, "a company will be liable if management-level employees knew, or in the exercise of reasonable care should have known, about a barrage of offensive conduct."¹²

Some courts have held employers subject to liability if an employee with apparent authority libels a third party or inflicts trade disparagement in the furtherance of his or her employer's business.¹³ The problem for an employer who permits a large number of employees to send out email over the Internet from a company Internet server or from a company computer, lies not just in the fact that employees may be viewed as clothed with apparent authority. Especially if an employer also maintains a Web page, Internet email that travels across state and international boundaries may potentially subject an employer to the jurisdiction of foreign courts, with all of the difficulties and costs that inevitably attend the defense of an action far from the employer's home jurisdiction.¹⁴

If an angry employee publishes confidential information anonymously over the Internet, or sends it to a competitor, the information loses its confidential protection and becomes part of the public domain.¹⁵ Obviously, given the sophistication of today's Internet email systems, confidential information and trade secrets can be easily shared with unauthorized third parties.

Protecting against the misuse of email

While the need for employer policing or monitoring of employee email activity will become more important in the years ahead, such activity will have to be undertaken with extreme care. Although the Fourth Amendment and other constitutional proscriptions do not as a rule apply to private businesses,¹⁷ there are both state¹⁸ and federal¹⁹ statutes that could be construed as prohibiting such monitoring on the grounds that it invades the privacy or protected labor law rights of employees.²⁰ There always have been limitations on the extent to which an employer can search or otherwise monitor employee activities at work,²¹ and these cases often have been resolved on the grounds that an employer unreasonably invaded the employee's privacy.²²

Courts have carved out exceptions to the monitoring of employee activity where a legitimate business purpose can be demonstrated,²³ and that includes the monitoring of email communications.²⁴ However, Congress has evinced a serious concern with the privacy of email,²⁵ including email generated in the workplace. The Electronic Communications Privacy Act of 1986 (ECPA) defines electronic communication in such a way that it can be construed as applying to email. According to the Act, electronic communication:

"[includes] any transfer or signs, signals, writing, images, sounds, data or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photo-optical system that affects interstate commerce."²⁶

The ECPA makes it illegal to intentionally intercept, use, or disclose oral, wire, or electronic communications,²⁷ and it provides for criminal, civil, and injunctive relief, as well as attorney fees and other equitable relief.²⁸ It could be argued that the ECPA's definition does not apply to internal email systems, but the growing interrelationship between intranet and Internet email systems undoubtedly will render such a distinction virtually meaningless in the years ahead. There are several relevant exceptions to the application of the ECPA proscriptions. The most important exceptions are predicated on business necessity and consent.

The business exception to the ECPA

To the extent employees are using email at work via company computers, an employer may be justified in monitoring that email. While unlimited and indiscriminate monitoring is very hard to justify,²⁹ the courts will tolerate some monitoring. However, to the extent that "monitoring" involves the surreptitious interception or surveillance of employee email, monitoring activities will very probably find disfavor in the courts. By analogy to telephone wiretap cases, while occasionally permitted,³⁰ surreptitious interception or surveillance of employee telephone calls has not been received well by the courts.³¹The authors submit that any email monitoring should be done only after notifying employees that their email will be monitored.³² While there may be a justifiable business reason for undisclosed monitoring, a business that does so runs a considerable risk.³³

Next Page