IV. Case Discussion
In examining case law concerning e-mail privacy, there are a few standard benchmark cases. Most of these cases come from California and it is no coincidence that this law should develop in what is considered a technological center of the United States. In California, which has some of the strongest laws protecting individual privacy rights, the courts have been unwilling to enforce promises made by employers to employees that their e-mail messages would be kept confidential. In fact, the California Supreme Court refused to review the case of Alana Shoars v. Epson America Incorporated. In that case Ms. Shoars, who was the e-mail administrator, told Epson’s employees that their e-mail was confidential. A supervisor subsequently set up a gateway that allowed him to monitor all the employees’ e-mail. When Ms. Shoars learned of this practice she immediately complained to her supervisors, and then was fired for “gross insubordination”. The judges in Ms. Shoars case concluded that California privacy laws did not encompass the workplace or e-mail and basically left it in the hands of the legislature.
The same result was found in Flanagan v. Epson. [Sup. Ct. Cal., Jan. 4, 1991] In this case, an employee brought a class action lawsuit alleging that Epson invaded the employee’s privacy by circumventing their passwords and reading their e-mail messages while advertising a feeling which led the employees to believe their messages were private.
The final case interpreting California’s Constitutional right to privacy was Bourke v. Nissan Motor Company. [California Superior Court, Los Angeles County (1991)] In determining whether the right to privacy has been violated, the court said you must first determine whether the individual had a personal and objectively reasonable expectation of privacy. Nissan argued that there was no reasonable expectation because the employees had signed a Computer User Registration Form, which stated, “it is company policy that employees and contractors restrict their use of company-owned computer hardware and software to company business. Bourke and Hall countered that they had a privacy expectation because they were given passwords to access the computer system and were told to safeguard these passwords. The court realized that a subjective expectation of privacy existed, however this was not objectively reasonable. As a result, since there was no reasonable expectation of privacy, there was no violation of the right to privacy.
The federal courts seem to have taken the same position. In Smyth v. Pillsbury Corporation, [914 F. Supp. 97 (E.D. Pa. 1996).] a federal court in Pennsylvania ruled this year that Pillsbury Corporation was entitled to fire a manager who had sent e-mail critical of a supervisor, even though the company had explicitly promised it would not monitor e-mail messages. The court reasoned that an employer may not be prevented from firing an employee based upon a promise, even when reliance is demonstrated. The court also quickly dismissed plaintiff’s claims of a tortious invasion of privacy under common and statutory law.
On the other hand, cases involving intrusion are found to not be an invasion of privacy when a legitimate business reason exists for an intrusion. In Vernars v. Young [539 F.2d 966 (3d Cir. 1976).] an employee’s e-mail was opened and read by a fellow employee. A cause of action for invasion of privacy was found in this case. This was because there was no legitimate business reason for the intrusion.
V. Preventive Policy Measures
The ECPA signals that the most favorable method for employers to protect against liability is to gain prior consent from employees before monitoring or accessing their business e-mail accounts. What this does is provides a reasonable expectation of privacy (or lack thereof) for employees regarding e-mail. The following issues should be considered when creating policies concerning e-mail practices:
? Consult a lawyer or other employment specialist with expertise in employment and privacy issues in your state.
? Prepare a written policy.
? Include a clear description of the permissible uses of e-mail.
? Receive verification that the employees have reviewed and agree to the policies.
? Update the policies to change with technology.
? Emphasize and impermissible content for e-mails.
? Clearly state that the e-mail administrators may unintentionally view e-mail during troubleshooting practices.
? Inform employees and independent contractors of any intent to monitor e-mails.
? State the consequences of misuse of the e-mail system.
? Show flexibility by allowing limited personal use of the e-mail system but clearly define acceptable personal uses.
? Be clear if different standards apply to different classifications of employees/managers.
? Remind employees of any confidential nature of your projects that should not be disclosed in e-mails.
? Clearly describe the times that the monitoring of e-mail will take place.
? Create policies regarding the retention time of e-mails and backups of e-mail systems.
? Do not bury the policy in pages and pages of policies in a company handbook.
? Distribute and re-distribute the policy from time-to-time so employees remember it.
? Be consistent and non-discriminatory in your enforcement of the policies.
Most companies are flexible and allow for employee’s limited personal use of the e-mail system. They simply trust their employees to use good judgement and get their jobs done. Others either have written policies in place or are planning them.
Whether or not you decide to have a policy for your company, let the employees and independent contractors know if you do or do not have a policy. Clear communication is the best way to avoid disputes. It also provides for a more positive working environment.
VI. Future Privacy Legislation
Several attempts have been made to make the current laws regarding privacy in e-mail more clear and more in line with the technological advances of the late 20th century. In 1993, a bill was introduced by Senator Paul Simon (D-Ill.) to restrict employer monitoring of e-mail. The bill never came up for a vote.
The Privacy for Consumers and Workers Act has not been voted on either. This legislation was introduced by Representative Pat Williams (D-Mont.). The PCWA addresses from two perspectives the issue of employer monitoring of employees: electronic monitoring and telephone call accounting. In addressing the issue of electronic monitoring, PCWA can be analyzed in five parts: permitted monitoring, notice of monitoring, prohibited monitoring, data obtained from monitoring, and penalties.
Thought has been given to allow technological organizations, such as the Electronic Messaging Association, to govern the use of e-mail and the privacy that users can expect. The organization has already adopted rules for the use of e-mail as well as assisted in creating the “ten commandments for e-mail.” Those commandments (there are actually only 7) are:
? Respect confidentiality.
? Don’t flame.
? Don’t use anonymous remailers.
? Don’t look at other’s messages.
? Don’t misrepresent or lie.
? Follow EMA guidelines.
? Consider presentation of a message.
VII. Conclusion
In today’s technologically advanced world, new ideas and inventions are around us on a daily basis. A lot of these advances create opportunities for play or even danger. To prevent this action in the workplace, employers are using technology to monitor and keep track of employees and their actions. The level of surveillance being practiced by employers is unprecedented. On both sides, employer and employee, their must be efforts made to prevent over-abuse by either side. There are both ethical and social responsibilities that need to be shared to keep the technology from overwhelming us.
I hope that I have shown that the current law in this area is inadequate and needs to be reviewed. The current law in this area, the Electronic Communications Privacy Act of 1986, does not satisfactorily address the many problems in connection with abuse of e-mail systems by employees or abuse of privacy issues by employers. The Federal Court of Appeals for the Fifth Circuit has commented that the ECPA is simply not clear and is too broad to be effective. One of the main reasons for this is that the ECPA is simply an amended version of the 1968 federal wiretap law which was originally adopted to deal with telephone eavesdropping. Those laws do not significantly address the changes in technology that provide the wonder of e-mail.
With the current legislation being ambiguous, and no new legislation yet passed, the next best solution is encouraging employers to implement a clear e-mail policy. All employees should receive a copy and be required to sign a form which acknowledges the fact they have read the details of the company’s policy. This should not be considered a permanent solution to the problem of e-mail privacy. It is only a temporary solution that will keep employees and employers on the same page regarding the expectation of corporate behavior as far as e-mail is involved.
Bibliography
VII. References
ACLU. (September, 1996). SURVEILLANCE INCORPORATED: American Workers Forfeit Privacy for a Paycheck. [On-Line]. Available: http://aclu.org/library/wrrpt96.html
AFTAB. Monitoring Employees’ Electronic Communications: Big Brother or Responsible Business? [On-Line]. Available: http://aftab.com/privacy.htm
Angell, D. and Heslop, B. (1994). The Elements of E-Mail Style. Addison Wesley, Reading , MA.
Bacard, A. E-Mail Privacy FAQ. [On-Line]. Available: http://www.andrebacard.com/ema
Casser, K. (1996). Employers, Employees, E-mail and The Internet. [On-Line]. Available: http://cla.org/RuhBook/chp6.htm
Cavanaugh, M. Workplace Privacy in an Era of New Technologies. [On-Line]. Available: http://www.ema.org/html/pubs/mmv2n3/workpriv.htm
Electronic Communications Privacy Act (1986). [On-Line]. Available: http://www.tscm.com/ecpa.htm#s2511
Entwisle, S.M. E-mail and Privacy in the Workplace. [On-Line] Available: http://www.acs.ucalgary.ca/~smenwis/privacy.html
Freibrun, E. (1994). E-mail Privacy in the Workplace – To What Extent?. [On-Line]. Available: http://www.cl.ais.net/lawmsf/articl9.htm
Gan, M. (1996). Employee Rights & Email. [On-Line]. Available: http://www.newsguild.org/d6t.htm
Lee, L. Watch Your E-Mail! Employee E-Mail Monitoring and Privacy Law in the Age of the “Electronic Sweatshop.
Morris, F. E-Mail Communications: The Next Employment Law Nightmare. HR Advisor (July-August 1995).
Oppedahl, C. (July 3, 1995). Security, Privacy, Discovery Issues Stem From E-Mail Communications. [On-Line].
349