At Work: Computers
And Privacy Don't Mix
Eric S. Slater, Esq.
|
|
Printer-friendly
version
|
Even before September 11, 2001, it was becoming
quite evident the relationship between computer
use and personal privacy was becoming more and
more tenuous. In particular, issues such as the
monitoring of employees by their employers in
the workplace, the proliferation of spam e-mail,
and Web sites' use of individuals' personal information
have all been hot topics. Of course, post September
11, we are now living in a totally different world.
It would appear that at least for now, personal
privacy has been weakened even further.
On October 25, 2001, Congress enacted anti-terrorism
legislation in the form of the so-called "Patriot
Act," (short for "Uniting and Strengthening
America by Providing Appropriate Tools Required
to Intercept and Obstruct Terrorism").1
Simply put, this law expands the federal government's
ability to tap telephones and track Internet usage
in the hunt for terrorists. While law enforcement
has applauded the new law, civil libertarian groups
and private citizens alike have expressed privacy
concerns. This law has been described as "overreaching,
invasive and unnecessary;" for better and
worse, it seemingly encroaches on the privacy
of Internet users.2 There is fear the
government's new powers of surveillance will go
too far and there will likely be a backlash after
some time, perhaps calling for a federal privacy
oversight agency.3
Government surveillance and its threat against
individual privacy is a larger issue; this article
will examine privacy from the standpoint of computer
use in the workplace and the fact that employees
enjoy very little privacy. Before proceeding,
it's important to note there is no specific federal
or state legislation governing employee privacy
in the workplace, and as will be pointed out later,
federal courts recognize very little in the way
of employee privacy on the job.
No Industry Is Immune
Whether you work in industry, academia, for the
government, nonprofit agencies, etc., chances
are you are being monitored at work. Don't make
the same mistake Dow Chemical employees made twice
when you use your computer at work for e-mail
or Web surfing - you risk losing your job. In
the summer of 2000, 39 employees at Dow's Midland,
MI4 and 24 employees at their Freeport,
TX5 facilities were terminated because
of computer misuse. The fired employees misused
company e-mail by storing and sending sexual or
violent images. They either ignored or alleged
that they were not aware of an employer policy
already in place that dealt with computer use
in the workplace. Ignorance of a company policy
is generally not grounds for leniency-apparently
one complaint by another employee of the alleged
misuse is sufficient for a company to take action.
Furthermore, a similar incident took place at
Merck &Co, in Whitehouse Station, NJ, in 2000,
as an undisclosed number of employees were fired
or disciplined for inappropriate use of e-mail
and the Internet.6
Just as companies do not take lightly any perceived
sexual harassment or discrimination based on race,
age, or gender, most also have a "zero-tolerance"
policy for anything deemed offensive when it comes
to computer use, and they expect employees to
make themselves aware of such policies. Companies
are making it part of their normal practice to
monitor employees' computer use, including e-mail
and Internet activity. Monitoring software is
relatively inexpensive and available from a number
of vendors. For example, software from Websense
is used by hundreds of companies across a very
broad spectrum of industries. Companies in the
chemical, scientific, and pharmaceutical industries
using Websense to monitor employees include Bayer
Corporation, Dow Chemical, ExxonMobil, Fisher
Scientific, General Electric, IBM, Monsanto, Pfizer,
Proctor & Gamble, Schering-Plough, and Texaco.7
It is important to note all the above-mentioned
companies likely have written policies, and it
is the employees' responsibility to be aware of
what the do's and don'ts are.
Employer's Rights Vs Employee's
Rights
Let's face it-we all go to work to do a job,
and the employer has a reasonable expectation
that employees will be productive. This is not
to say that discussions around the water cooler
are taboo; the Internet and e-mail are updated
versions of water cooler discussions, and it follows
that the same levels of professionalism and discretion
found in face-to-face contact are expected here
as well. Because companies fear sexual harassment
lawsuits, off-color jokes, cartoons, nudity, or
anything that is deemed inappropriate or offensive
as per company policy is grounds for dismissal.
This holds true for face-to-face and electronic
communication. It's highly doubtful that anyone
has a centerfold hanging in the office these days,
and it is really no different for the same image
on a computer screen.
The courts have weighed in on this issue and
held that employers have the right to monitor
their employees' use of computers in the workplace.
The court's holding in Smyth v. Pillsbury
reasoned that the company's interest in ensuring
appropriate use of its e-mail system outweighed
any privacy interest an employee might have in
e-mail sent or received by the company server.8
In this case, the employee had made threatening
comments about company management over the company's
e-mail system. The case turned on the fact that
because the employee voluntarily engaged in this
behavior, he lost any reasonable expectation of
privacy. What is interesting here is that the
company had previously indicated that it would
not monitor or intercept employees' e-mail, but
the court chose not to consider this. The court
stated that the test for determining whether an
alleged invasion of privacy is "highly offensive"
weighs the employee's privacy interest against
the employer's business interest.9
The decision in this case has pretty much set
the tone in how these cases will be judged in
the future.
What about the individual's privacy? The Fourth
Amendment to the U.S. Constitution protects the
individual from governmental intrusion (unreasonable
searches and seizure); however, modern privacy
law is a still-evolving area, not recognized by
the courts until the 20th century. The Fourth
Amendment does not expressly state that the individual
has a right to privacy although the Supreme Court
in Griswold v. Connecticut10
interpreted that such a right exists.11
How do we define privacy? In the legal arena,
there are four basic kinds of privacy rights12:
- Unreasonable intrusion upon the seclusion
of another,
- Appropriation of a person's name or likeness,
- Publication of private facts, and
- Publication that places a person in a false
light.
It is most common to refer to these privacy
rights in the practice of mass communications
law, usually where the print or broadcast media
have allegedly invaded someone's privacy. There
are several court decisions in these areas, but
these holdings have not led to any full-scale
legislation resulting in actual codification of
privacy laws, on either the federal or state level.
For our purposes, a better definition of privacy
is the expectation that confidential personal
information disclosed in a private place will
not be disclosed to third parties, when that disclosure
would cause either embarrassment or emotional
distress to a person of reasonable sensibilities.13
This is where the argument for privacy of e-mail
in the workplace ends. The workplace is a public
place, and the company e-mail system is a public
means of communicating. Many treatises have been
written about privacy rights, including the famous
1890 article by Samuel Warren and Louis Brandeis
entitled "The Right to Privacy", in
which the authors advocated the individual's right
to be let alone.14 It is fair to state that individuals
might expect this in their own homes, but not
in the workplace. Essentially, the right of privacy
is restricted to individuals who are in a place
that a person would reasonably expect to be private.15
The court in the Smyth case did not find the privacy
argument to be persuasive, and this is currently
the lead case in this area of law. Subsequent
cases in Massachusetts and Texas have led to the
same result.16
Expect To Be Monitored At Work
Experts say companies are under increasing pressure
to monitor employees electronically, and workers
should assume they are being watched.17 A number
of studies on this topic have been done over the
past several years; the most recent results published
last year by the American Management Association
show that the number of companies conducting some
form of "active monitoring" is a whopping
82%.18 E-mail monitoring over the same period is
47%,19 creating a whole new industry in e-mail monitoring
software.
Also, the increased in monitoring has led consulting
groups such as The
ePolicy Institute to emerge. Their objective
is to offer advice to employers in creating and
implementing effective computer use policies.
There are many misconceptions that people in general
have about e-mail and net surfing, and these carry
over into the workplace.
Employment Law Learning Technologies, another
company that advises businesses regarding their
legal liabilities in daily business conduct, recently
released a list of the top e-mail misconceptions.20
Sidebar:
The Truth About E-Mail In The Office
The bottom line is purely common sense: Think
before you send. If you receive an off-color e-mail
from someone, don't forward it, just delete it.
Always assume that numerous people will see anything
you send in an e-mail. Chances are you will not
be punished for merely being the recipient; it's
when you send it that you could be jeopardizing
yourself. Dow Chemical didn't fire those who were
only on the receiving end. Be careful what you
say in an e-mail message. Don't look at pornography
or anything that might be deemed offensive while
at work. Harassment lawsuits take many forms.
Something you think is harmless might be offensive
to a co-worker, and you don't want to be on the
wrong end of the dispute.
Can Employees Find Any Protection At All?
Given the direction of the courts, the fact
that the Fourth Amendment pertains only to governmental
intrusion, and that most state laws do not address
privacy, employees do not have much recourse when
it comes to workplace computer use. In 1986, Congress
enacted the Electronic Communications Privacy
Act (ECPA), which prohibits the intentional or
willful interception, accession, disclosure, or
use of one's electronic communication.21 The main
application of ECPA involves telephone communication
and wiretapping. Although on its face this statute
would appear to allow for employees' e-mail privacy,
there are exceptions that effectively allow the
employer to monitor e-mail. These exceptions include
e-mail that is sent in the ordinary course of
business and e-mail that is monitored with the
employee's consent. If a company has a policy
in place, employee consent is implied. Furthermore,
the number of companies adopting e-mail policies
is on the rise, so these, in combination with
the ECPA exceptions, effectively render the statute
unenforceable.
Because many companies have adopted computer
use policies, there is no excuse for employees
to abuse e-mail or the Internet. As long as the
company is clear about what it expects and what
it will not tolerate with regard to use, employees
must use common sense and restraint and adhere
to the policy. Given current events, privacy proponents
shouldn't expect help at any level of government.
States such as California have unsuccessfully
attempted to enact legislation to protect employee
privacy in the workplace.22 Other related
issues in which states have attempted to aid the
cause from a free speech stance include California's
"anti-SLAPP" law, legislation designed
to help defendants defeat "strategic lawsuits
against public participation." This law is
now being invoked in cases involving statements
made in cyberspace.23 A recent case
involving the anti-SLAPP legislation resulted
in Hollis-Eden Pharmaceuticals, a California-based
drug research firm, settling with two defendants.
The defendants were stockholders who posted negative
comments about the company in an Internet chat
room. The company was ordered to pay attorney's
fees and dismiss the case.24 The Privacy
Journal (www.townonline.com/privacyjournal/)
lists California as one of the "top tier"
states in terms of privacy protections25, so it
comes as no surprise that it would also lead the
way regarding First Amendment issues.
Most employers will not give people second chances
because the likelihood of being hit with a harassment
lawsuit is all too real, and employers do not
want to take the risk. Companies should take a
proactive approach in educating their employees
about a perceived or assumed expectation of privacy,
and to let their workers know what they can realistically
expect. In the Dow Chemical situation, the company
adopted a policy but did not institute this kind
of proactive education. Unfortunately, many employees
do not pay attention to or read company policies,
even though it is in their best interest to do
so. Companies would be wise to make these policies
known through more formal channels.
Ultimately, it is the responsibility of the individual
to know company policies, and individuals should
not rely on their companies to take an active
educational approach. The best advice is to be
smart and protect yourself. Your professional
livelihood may depend on it.
Eric S. Slater, Esq. is the Copyright Administrator
for the Publications Division of the American
Chemical Society in Washington, DC. Eric received
his JD from New York Law School in 1998, and holds
a Master of Journalism from Louisiana State University
and Bachelor of Science in Mass Communications
from Virginia Commonwealth University.
Modified and reprinted with permission from
Chemical Innovation, July 2001, 31(7), pp. 43-45.
Copyright 2001 American Chemical Society.
1H.R. 2975, see http://thomas.loc.gov/cgi-bin/query/z?c107:h.r.2975:
2Isenberg, D. Cyberlaw 2002: No clearer
than 2001. CNET News, http://news.cnet.com/news/0-1274-210-8207717-1.html,
December 18, 2001. (Accessed January
2002).
3Black, J. Uncle Sam Needs Watching,
Too. Businessweek Online. November 29,
2001, http://www.businessweek.com/bwdaily/dnflash/nov2001/nf20011129_3806.htm.
(Accessed January 2002).
4Miller, G. Fired By Big Brother. The
Los Angeles Times Magazine. Jan. 28, 2001,
pp.1-13, 36-37.
5Shankland, S. Dow Chemical fires 24
in email controversy. CNET News, September
15, 2000, http://news.cnet.com/news/0-1007-200-2787458.html
(Accessed January 2002). 6DiSabatino, J. Congress
Weighs E-Mail, Net Monitoring Legislation. Computerworld,
July 31, 2000, p. 30.
7Websense: Company Information: Customer
List. www.websense.com/company/customers/index.cfm.
(Accessed January 2002).
8Michael A. Smyth v. The Pillsbury Company, 914
F.Supp. 97 (E.D. Pa. 1996); see also Michael,
A. R.; Lidman, S.M. Monitoring of Employees Still
Growing. The National Law Journal, Jan. 29, 2001,
p. B9. 9Id., Michael and Lidman. Griswold v. Connecticut,
381 U.S. 479 (1965). 11 DiLuzio, S. Workplace E-Mail:
It's Not as Private as You Might Think. 25 Del.
J. Corp. L. 741 (2000), at 744. 12Prosser, W. Restatement
(Second) of Torts, �� 652A-652I (1977).
13Standler, R. Privacy Law in the USA.
www.rbs2.com/privacy.htm,
1997. (Accessed January 2002).
14Warren, S.; Brandeis,
L. The Right to Privacy. 4 Harvard L.R. 193 (1890).
15American Jurisprudence 2d Telecommunications �
209 (1974). 16Restuccia v. Burk Technology, Inc.,
W.L. 1329 386, Mass Super. Ct., Aug. 13, 1996;
Bill McLaren, Jr. v. Microsoft Corp., No. 05-97-00824,
Tex. Crt. Of App., May 28, 1999.
17Benner, J. Privacy at Work? Be Serious.
www.wired.com/news/privacy/0,1848,42029,00.html.
March 1, 2001. (Accessed January 2002).
18 2001 AMA Survey, Workplace Monitoring
& Surveillance, American Management Association,
available at http://epolicyinstitute.com/survey/survey.pdf.
See also www.amanet.org.
(Accessed January 2002). 19Id.
20Oakes, C. Seven Deadly Email Thoughts.
www.wired.com/news/infostructure/0,1377,38007,00.html,
Aug. 4, 2000. (Accessed January 2002).
21Electronic
Communications Privacy Act, 18 U.S.C. �� 2510-2522,
2701-2709 (1986).
22Sinrod, E. Eyeing Electronic Surveillance
in the Office. New York Law Journal, October
23, 2001, p. 5. Burke, E. Anti-SLAPP Laws and
the Internet. Gigalaw.com, October 2001. www.gigalaw.com/articles/2001/burke-2001-10.html.
(Accessed January 2002).
24 Bartlett, M. Drug Company Settles
Two Chat Room Speech Cases. Newsbytes,
January 9, 2002. www.newsbytes.com/news/02/173527.html.
(Accessed January 2002).
25Doyle, R. Privacy in the Workplace.
Scientific American, January 1999. www.sciam.com/1999/0199issue/0199numbers.html.
(Accessed January 2002).
|