Employers have many reasons to monitor employee communications, including staying out of legal trouble. For example, if any kind of illegal discrimination or employee harassment is occurring, and you allow it to continue by ignoring possible evidence of its occurrence, you could lose a lawsuit.
If employees are defaming your company through public social media postings, or revealing proprietary information about your products, services or strategic plans, your business could sustain serious competitive injury.
Simply, there are times you need to keep tabs on what employees are communicating, and doing so does not make you a sinister “big brother.” The fact that there are so many ways employees can abuse communication systems makes the task of staying on top of it a bit trickier. For instance, your right to monitor employee emails sent from company-owned computers via the company’s email system is fairly straightforward. However, that is only part of the problem.
What is in Your Employee Handbook?
You may be concerned about messages an employee is sending using a personally owned smart phone. Can you monitor those messages? The answer begins with the policy in your employee handbook. As noted, in deciding employee privacy cases, courts typically consider whether the employee had a reasonable expectation of privacy. Such an expectation disappears when you spell out your policies clearly and in detail, then secure an acknowledgement that the employee has read and understood them.
Among other provisions, these policies generally should:
1 – Explain their purpose in terms conveying that employees all ultimately benefit from the safeguards in place. The policies are intended to protect the company and possibly shield all concerned from defamatory communications that other employees could initiate.
2 – Articulate which modes of communications are subject to employer monitoring, including emails and other forms of electronic communication on company-owned devices, including cell phones, and
3- Spell out the steps you might take pursuant to the policy.
Your rights to monitor employee communication, when employees have been put on notice that you will exercise them, might be greater than you expect. According to the Small Business Administration (SBA), “no specific laws govern the monitoring of an employee’s social media activity on a company’s computer” if you are looking for unauthorized posting of company content.
The SBA cautions that there have been rulings against employers who fired workers for complaining on social media sites about their workplace conditions, which is generally considered “protected speech” under the National Labor Relations Act. The SBA’s advice: “Provide employees with a social media policy and be sure to include information about what you consider confidential and proprietary company information that should not be shared.”
Employer Exemption
What about monitoring employee emails and telephone conversations? Although the Electronic Communications Privacy Act of 1986 (ECPA) prohibits the intentional interception of “any wire, oral or electronic communication,” it does include a business use exemption that permits monitoring of email and phone calls.
The SBA states, “Generally, if an employee is using a company-owned computer or phone system, and an employer can show a valid business reason for monitoring that employee’s email or phone conversations, then the employer is well within his or her rights to do so.” As noted, if employees have been given a heads up and demonstrated they understand the policy, you are in a strong position.
The SBA advises employers to be aware that the ECPA “draws a line between business and personal email content you can monitor, business content is OK, but personal emails are private.”
Bring Your Own Device (BYOD) Policies
The latest frontier in discriminating between legitimately personal communications and employment related ones involves employees using their own laptops and smart phones pursuant to a “bring your own device” (BYOD) policy. There are practical advantages to BYOD policies, including employee convenience and savings in the company’s IT budget. On the other side of the equation, employees using their personal devices can give them a false sense of impunity with respect to what company-related sensitive or offensive information they convey on them.
If you do have a BYOD policy, consider expanding the scope of your privacy policies to accommodate it.
The policy could:
+ State that you reserve the right to access, monitor, and delete information from personally owned devices under specified circumstances,
+ Stipulate which employee-owned devices can be used for work purposes and are eligible for tech support,
+ Require the use of “mobile device management technology” to create an electronic barrier between personal and business-related data,
+ Limit employee job categories eligible for using personal devices,
+ Establish data security protocols, including standards for passwords, and
+ Set a schedule for deleting business-related data maintained on personally owned devices.
The law governing employee privacy at a time of rapid evolution of communication technology is not entirely clear on all counts, varies by jurisdiction, and constantly changes. It is important to consult an attorney with relevant expertise as you develop your policies to balance legitimate interests with those of employees.