http://www.JobSpectrum.org/job_weekly.html At Work: Computers And Privacy Don't Mix Eric S. Slater, Esq. |
Even before September 11, 2001, it was becoming quite evident the relationship between computer use and personal privacy was becoming more and more tenuous. In particular, issues such as the monitoring of employees by their employers in the workplace, the proliferation of spam e-mail, and Web sites' use of individuals' personal information have all been hot topics. Of course, post September 11, we are now living in a totally different world. It would appear that at least for now, personal privacy has been weakened even further.
On October 25, 2001, Congress enacted anti-terrorism legislation in the form of the so-called "Patriot Act," (short for "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism").1 Simply put, this law expands the federal government's ability to tap telephones and track Internet usage in the hunt for terrorists. While law enforcement has applauded the new law, civil libertarian groups and private citizens alike have expressed privacy concerns. This law has been described as "overreaching, invasive and unnecessary;" for better and worse, it seemingly encroaches on the privacy of Internet users.2 There is fear the government's new powers of surveillance will go too far and there will likely be a backlash after some time, perhaps calling for a federal privacy oversight agency.3
Government surveillance and its threat against individual privacy is a larger issue; this article will examine privacy from the standpoint of computer use in the workplace and the fact that employees enjoy very little privacy. Before proceeding, it's important to note there is no specific federal or state legislation governing employee privacy in the workplace, and as will be pointed out later, federal courts recognize very little in the way of employee privacy on the job.
No Industry Is Immune
Whether you work in industry, academia, for the government, nonprofit agencies, etc., chances are you are being monitored at work. Don't make the same mistake Dow Chemical employees made twice when you use your computer at work for e-mail or Web surfing - you risk losing your job. In the summer of 2000, 39 employees at Dow's Midland, MI4 and 24 employees at their Freeport, TX5 facilities were terminated because of computer misuse. The fired employees misused company e-mail by storing and sending sexual or violent images. They either ignored or alleged that they were not aware of an employer policy already in place that dealt with computer use in the workplace. Ignorance of a company policy is generally not grounds for leniency-apparently one complaint by another employee of the alleged misuse is sufficient for a company to take action. Furthermore, a similar incident took place at Merck &Co, in Whitehouse Station, NJ, in 2000, as an undisclosed number of employees were fired or disciplined for inappropriate use of e-mail and the Internet.6
Just as companies do not take lightly any perceived sexual harassment or discrimination based on race, age, or gender, most also have a "zero-tolerance" policy for anything deemed offensive when it comes to computer use, and they expect employees to make themselves aware of such policies. Companies are making it part of their normal practice to monitor employees' computer use, including e-mail and Internet activity. Monitoring software is relatively inexpensive and available from a number of vendors. For example, software from Websense is used by hundreds of companies across a very broad spectrum of industries. Companies in the chemical, scientific, and pharmaceutical industries using Websense to monitor employees include Bayer Corporation, Dow Chemical, ExxonMobil, Fisher Scientific, General Electric, IBM, Monsanto, Pfizer, Proctor & Gamble, Schering-Plough, and Texaco.7 It is important to note all the above-mentioned companies likely have written policies, and it is the employees' responsibility to be aware of what the do's and don'ts are.
Employer's Rights Vs Employee's Rights
Let's face it-we all go to work to do a job, and the employer has a reasonable expectation that employees will be productive. This is not to say that discussions around the water cooler are taboo; the Internet and e-mail are updated versions of water cooler discussions, and it follows that the same levels of professionalism and discretion found in face-to-face contact are expected here as well. Because companies fear sexual harassment lawsuits, off-color jokes, cartoons, nudity, or anything that is deemed inappropriate or offensive as per company policy is grounds for dismissal. This holds true for face-to-face and electronic communication. It's highly doubtful that anyone has a centerfold hanging in the office these days, and it is really no different for the same image on a computer screen.
The courts have weighed in on this issue and held that employers have the right to monitor their employees' use of computers in the workplace. The court's holding in Smyth v. Pillsbury reasoned that the company's interest in ensuring appropriate use of its e-mail system outweighed any privacy interest an employee might have in e-mail sent or received by the company server.8
In this case, the employee had made threatening comments about company management over the company's e-mail system. The case turned on the fact that because the employee voluntarily engaged in this behavior, he lost any reasonable expectation of privacy. What is interesting here is that the company had previously indicated that it would not monitor or intercept employees' e-mail, but the court chose not to consider this. The court stated that the test for determining whether an alleged invasion of privacy is "highly offensive" weighs the employee's privacy interest against the employer's business interest.9 The decision in this case has pretty much set the tone in how these cases will be judged in the future.
What about the individual's privacy? The Fourth Amendment to the U.S. Constitution protects the individual from governmental intrusion (unreasonable searches and seizure); however, modern privacy law is a still-evolving area, not recognized by the courts until the 20th century. The Fourth Amendment does not expressly state that the individual has a right to privacy although the Supreme Court in Griswold v. Connecticut10 interpreted that such a right exists.11
How do we define privacy? In the legal arena, there are four basic kinds of privacy rights12:
It is most common to refer to these privacy rights in the practice of mass communications law, usually where the print or broadcast media have allegedly invaded someone's privacy. There are several court decisions in these areas, but these holdings have not led to any full-scale legislation resulting in actual codification of privacy laws, on either the federal or state level.
For our purposes, a better definition of privacy is the expectation that confidential personal information disclosed in a private place will not be disclosed to third parties, when that disclosure would cause either embarrassment or emotional distress to a person of reasonable sensibilities.13 This is where the argument for privacy of e-mail in the workplace ends. The workplace is a public place, and the company e-mail system is a public means of communicating. Many treatises have been written about privacy rights, including the famous 1890 article by Samuel Warren and Louis Brandeis entitled "The Right to Privacy", in which the authors advocated the individual's right to be let alone.14 It is fair to state that individuals might expect this in their own homes, but not in the workplace. Essentially, the right of privacy is restricted to individuals who are in a place that a person would reasonably expect to be private.15 The court in the Smyth case did not find the privacy argument to be persuasive, and this is currently the lead case in this area of law. Subsequent cases in Massachusetts and Texas have led to the same result.16
Expect To Be Monitored At Work
Experts say companies are under increasing pressure to monitor employees electronically, and workers should assume they are being watched.17 A number of studies on this topic have been done over the past several years; the most recent results published last year by the American Management Association show that the number of companies conducting some form of "active monitoring" is a whopping 82%.18 E-mail monitoring over the same period is 47%,19 creating a whole new industry in e-mail monitoring software.
Also, the increased in monitoring has led consulting groups such as The ePolicy Institute to emerge. Their objective is to offer advice to employers in creating and implementing effective computer use policies. There are many misconceptions that people in general have about e-mail and net surfing, and these carry over into the workplace. Employment Law Learning Technologies, another company that advises businesses regarding their legal liabilities in daily business conduct, recently released a list of the top e-mail misconceptions.20
Sidebar: The Truth About E-Mail In The Office
The bottom line is purely common sense: Think before you send. If you receive an off-color e-mail from someone, don't forward it, just delete it. Always assume that numerous people will see anything you send in an e-mail. Chances are you will not be punished for merely being the recipient; it's when you send it that you could be jeopardizing yourself. Dow Chemical didn't fire those who were only on the receiving end. Be careful what you say in an e-mail message. Don't look at pornography or anything that might be deemed offensive while at work. Harassment lawsuits take many forms. Something you think is harmless might be offensive to a co-worker, and you don't want to be on the wrong end of the dispute.
Can Employees Find Any Protection At All?
Given the direction of the courts, the fact that the Fourth Amendment pertains only to governmental intrusion, and that most state laws do not address privacy, employees do not have much recourse when it comes to workplace computer use. In 1986, Congress enacted the Electronic Communications Privacy Act (ECPA), which prohibits the intentional or willful interception, accession, disclosure, or use of one's electronic communication.21 The main application of ECPA involves telephone communication and wiretapping. Although on its face this statute would appear to allow for employees' e-mail privacy, there are exceptions that effectively allow the employer to monitor e-mail. These exceptions include e-mail that is sent in the ordinary course of business and e-mail that is monitored with the employee's consent. If a company has a policy in place, employee consent is implied. Furthermore, the number of companies adopting e-mail policies is on the rise, so these, in combination with the ECPA exceptions, effectively render the statute unenforceable.
Because many companies have adopted computer use policies, there is no excuse for employees to abuse e-mail or the Internet. As long as the company is clear about what it expects and what it will not tolerate with regard to use, employees must use common sense and restraint and adhere to the policy. Given current events, privacy proponents shouldn't expect help at any level of government. States such as California have unsuccessfully attempted to enact legislation to protect employee privacy in the workplace.22 Other related issues in which states have attempted to aid the cause from a free speech stance include California's "anti-SLAPP" law, legislation designed to help defendants defeat "strategic lawsuits against public participation." This law is now being invoked in cases involving statements made in cyberspace.23 A recent case involving the anti-SLAPP legislation resulted in Hollis-Eden Pharmaceuticals, a California-based drug research firm, settling with two defendants. The defendants were stockholders who posted negative comments about the company in an Internet chat room. The company was ordered to pay attorney's fees and dismiss the case.24 The Privacy Journal (www.townonline.com/privacyjournal/) lists California as one of the "top tier" states in terms of privacy protections25, so it comes as no surprise that it would also lead the way regarding First Amendment issues.
Most employers will not give people second chances because the likelihood of being hit with a harassment lawsuit is all too real, and employers do not want to take the risk. Companies should take a proactive approach in educating their employees about a perceived or assumed expectation of privacy, and to let their workers know what they can realistically expect. In the Dow Chemical situation, the company adopted a policy but did not institute this kind of proactive education. Unfortunately, many employees do not pay attention to or read company policies, even though it is in their best interest to do so. Companies would be wise to make these policies known through more formal channels.
Ultimately, it is the responsibility of the individual to know company policies, and individuals should not rely on their companies to take an active educational approach. The best advice is to be smart and protect yourself. Your professional livelihood may depend on it.
Eric S. Slater, Esq. is the Copyright Administrator for the Publications Division of the American Chemical Society in Washington, DC. Eric received his JD from New York Law School in 1998, and holds a Master of Journalism from Louisiana State University and Bachelor of Science in Mass Communications from Virginia Commonwealth University.
Modified and reprinted with permission from Chemical Innovation, July 2001,
31(7), pp. 43-45. Copyright 2001 American Chemical Society.
1H.R. 2975, see http://thomas.loc.gov/cgi-bin/query/z?c107:h.r.2975:
2Isenberg, D. Cyberlaw 2002: No clearer than 2001. CNET News,
http://news.cnet.com/news/0-1274-210-8207717-1.html,
December 18, 2001. (Accessed January
2002).
3Black, J. Uncle Sam Needs Watching, Too. Businessweek Online.
November 29, 2001, http://www.businessweek.com/bwdaily/dnflash/nov2001/nf20011129_3806.htm.
(Accessed January 2002).
4Miller, G. Fired By Big Brother. The Los Angeles Times Magazine.
Jan. 28, 2001, pp.1-13, 36-37.
5Shankland, S. Dow Chemical fires 24 in email controversy. CNET
News, September 15, 2000, http://news.cnet.com/news/0-1007-200-2787458.html
(Accessed January 2002). 6DiSabatino, J. Congress Weighs E-Mail,
Net Monitoring Legislation. Computerworld, July 31, 2000, p. 30.
7Websense: Company Information: Customer List. www.websense.com/company/customers/index.cfm.
(Accessed January 2002).
8Michael A. Smyth v. The Pillsbury Company, 914 F.Supp.
97 (E.D. Pa. 1996); see also Michael, A. R.; Lidman, S.M. Monitoring of Employees
Still Growing. The National Law Journal, Jan. 29, 2001, p. B9.
9Id., Michael and Lidman.
Griswold v. Connecticut, 381 U.S. 479 (1965).
11 DiLuzio, S. Workplace E-Mail: It's Not as Private as You Might
Think. 25 Del. J. Corp. L. 741 (2000), at 744.
12Prosser, W. Restatement (Second) of Torts, �� 652A-652I (1977).
13Standler, R. Privacy Law in the USA. www.rbs2.com/privacy.htm,
1997. (Accessed January 2002).
14Warren, S.; Brandeis, L. The Right to Privacy. 4 Harvard L.R. 193
(1890).
15American Jurisprudence 2d Telecommunications � 209 (1974).
16Restuccia v. Burk Technology, Inc., W.L. 1329 386, Mass
Super. Ct., Aug. 13, 1996; Bill McLaren, Jr. v. Microsoft Corp.,
No. 05-97-00824, Tex. Crt. Of App., May 28, 1999.
17Benner, J. Privacy at Work? Be Serious. www.wired.com/news/privacy/0,1848,42029,00.html.
March 1, 2001. (Accessed January 2002).
18 2001 AMA Survey, Workplace Monitoring & Surveillance, American
Management Association, available at http://epolicyinstitute.com/survey/survey.pdf.
See also www.amanet.org. (Accessed January
2002).
19Id.
20Oakes, C. Seven Deadly Email Thoughts. www.wired.com/news/infostructure/0,1377,38007,00.html,
Aug. 4, 2000. (Accessed January 2002).
21Electronic Communications Privacy Act, 18 U.S.C. �� 2510-2522,
2701-2709 (1986).
22Sinrod, E. Eyeing Electronic Surveillance in the Office. New
York Law Journal, October 23, 2001, p. 5. Burke, E. Anti-SLAPP Laws and
the Internet. Gigalaw.com, October 2001. www.gigalaw.com/articles/2001/burke-2001-10.html.
(Accessed January 2002).
24 Bartlett, M. Drug Company Settles Two Chat Room Speech Cases.
Newsbytes, January 9, 2002. www.newsbytes.com/news/02/173527.html.
(Accessed January 2002).
25Doyle, R. Privacy in the Workplace. Scientific American,
January 1999. www.sciam.com/1999/0199issue/0199numbers.html.
(Accessed January 2002).
Questions or Comments? Email us at |
JobSpectrum.org © 2001 American Chemical Society. All rights reserved. |