Between the devil and the deep blue sea: monitoring the electronic workplace; employers should have detailed, understandable and fair computer, e-mail and Internet usage policies impartially administered.

• Author: Porter, II, William G.

The evil that men do lives after them; The good is oft interred with their bones;

--William Shakespeare, Julius Caesar, Act III, scene 2

I have come to believe that if anything will bring about the downfall of a company, or maybe even a country, it is blind copies of e-mails that should never have been sent in the first place.

--Michael Eisner (commenting to the graduating class at the University of Southern California)

I suggested deleting some language that might suggest we have concluded the release is misleading.

--E-mail sent by Nancy Temple, in-house counsel for Arthur Andersen, referring to an e-mail that was central to the jury's decision to convict the accounting firm

WITH JUST a few clicks of a mouse, an employer may lose valuable trade secrets and confidential information, be liable for violating copyright laws, or be exposed to claims that it permitted a hostile work environment. The pervasive and ubiquitous nature and exponential growth of electronic mail and the Internet highlight the need to monitor the electronic workplace to curb that liability.

Just consider:

* The number of e-mail users increased from 8 million in 1991 to 108 million in 2000. (1) In 2000, 40 million employees exchanged more than 60 billion messages daily. (2)

* According to a 1999 study by the American Management Association, at least 50 percent of all workplace Internet activity is not business-related. (3)

* A study by the ePolicy Institute found that 85 percent of employees admit to recreational surfing at work. (4) Seventy percent of employees admitted to receiving or sending adult-oriented personal e-mails at work, while 60 percent admitted to exchanging e-mail that could be considered racist, sexist or otherwise "politically incorrect." Most traffic to Internet pornographic sites occurs during regular business hours, probably because Internet connections usually are faster in the workplace.

Companies have taken note of these statistics and have adopted e-mail and Internet usage policies that may contain provisions for continuous or random monitoring of usage. The ePolicy Institute study reports that 77 percent of employers monitor employees' e-mail and Internet use. In fact, 10 percent of workers with e-mail/Internet access (about 14 million people) are under continuous online surveillance. (5) About two thirds of employers have disciplined or terminated employees for violating electronic usage policies. (6)

Employers give several reasons for monitoring. Generally, they wish to maintain their professional reputation and image. They also are concerned with employee productivity and business efficiency, as "cyberslacking accounts for 30 to 40 percent of lost worker productivity." (7) With respect to legal liability, one commentator has stated, "Via the recent expansion of the strict liability doctrine of respondent superior, an employee may be held strictly liable for the foreseeable torts and crimes of employees." (8) Therefore, monitoring may assist employers in preventing and discouraging sexual or other illegal workplace harassment, defamation, copyright violations from the illegal downloading of software, music and movies, and the deliberate or inadvertent disclosure of trade secrets and other confidential information. The ePolicy Institute study showed that 68 percent of employers that monitor cite legal liability as their primary reason.

No federal or state statute currently prohibits employers from monitoring their electronic workplace. The federal Electronic Communications Privacy Act and similar state laws provide some limitations, but these limitations can be overcome in the workplace through various exceptions in the statutes. (9) The federal act prohibits the interception of electronic communications such as e-mail. It defines "interception" to mean the "contemporaneous acquisition of the communication," so an interception takes place only when an individual sends an e-mail and a third party is able to obtain a copy of the transmission at the time it is sent.

In reality, however, the act provides employees little protection from the monitoring of their workplace electronic communications. It does not apply to e-mails in their "stored" state. This means that employers can freely obtain copies of e-mails from a network computer or the employee's hard drive without violating the act. Even when the employer intercepts electronic communications, monitoring is permitted when done in the "ordinary course of business" or when the employee has "consented" to it.

Moreover, few states (among them, Delaware and Connecticut) even require that employers notify their employees of monitoring. (10)

As a general matter, employees in the private sector have no reasonable expectation of privacy in their workplace e-mail and Internet usage that otherwise would abrogate the employer's right to monitor that usage. In fact, courts almost expect that employers will engage in some form of monitoring. As the Seventh Circuit explained in Muick v. Glenayre Electronics:

The laptops were [the employer's] property and it could attach whatever conditions to their use it wanted to. They didn't have to be reasonable conditions; but the abuse of access to workplace computers is so common (workers being prone to use them as medium of gossip, titillation, and other entertainment and distraction) that reserving a right of inspection is so far from being unreasonable that failure to do so might well be thought irresponsible. (11) E-mail and Internet privacy issues were addressed in the Defense Counsel Journal in 2000 by Hall Adams III, Suzanne M. Scheuing and Stacey A. Feeley in E-Mail Monitoring in the Workplace: The Good, the Bad and the Ugly. (12) Their paper addressed the central issue of whether an employer can legally monitor employee e-mails and Internet usage without violating employees' privacy or some other state or federal law. The answer to that question was essentially, yes; the courts have consistently rejected claims that e-mail and Internet monitoring represents and invasion of privacy.

This article surveys the flip side of the employer's right to monitor: an employer's liability for actually acquiring information through electronic monitoring, having that information and potentially acting--or failing to act--on that information. In many respects, this delves into uncharted areas of cyberlaw, as the courts are just beginning to explore what liability, if any, employers may have in this arena.

E-MAIL AND INTERNET USE: EMPLOYEES' CONDUCT AT WORK

Employers have always monitored workplace conduct. In O'Connor v. Ortega, (13) for example, the U.S. Supreme Court recognized that employers have legitimate interests in monitoring their employees' work environment.

1. Sexually Explicit E-mails

   In the Seventh Circuit Muick case, cited above, federal law enforcement authorities notified Glenayre Electronics, Albert Muick's employer, that they were investigating Muick's dealings with child pornography. At their request, Glenayre seized Muick's workplace computer until the authorities obtained a warrant for it. Muick claimed that Glenayre's actions constituted an unreasonable search and seizure and a violation of his right to privacy.

   The court first rejected Muick's claims that the company conducted an illegal search or violated his constitutional rights by cooperating with federal investigators because Glenayre was not acting as a government agent when it turned over the computer to the authorities. Next, the court rejected Muick's right to privacy claim to the computer the employer had furnished for use in the workplace, noting that "Glenayre had announced that it could inspect the laptops that it furnished for the use of its employees, and this destroyed any reasonable expectation of privacy that Muick might have had and so scotches his claim." The case reinforces the importance of a properly drafted e-mail policy to prevent employees from succeeding in an invasion of privacy claim.

   In Blakey v. Continental Airlines, (14) Tammy Blakey, Continental Airlines' first female pilot on the A300 Airbus aircraft, sued Continental in federal court for sexual harassment, discrimination and defamation. During that litigation, a number of Continental pilots posted insulting, defamatory and derogatory remarks about her on the pilot's online computer bulletin board, which was accessible via the Internet by all Continental pilots and crew members through their paid membership in CompuServe. Blakey sued Continental and several coworkers who posted messages on the bulletin board in state court for, among other things, retaliatory sexual harassment.

   The New Jersey Supreme Court explained that an employer can be held liable for co-workers' retaliatory harassment if it knew, or should have known, about the harassment but failed to act to stop it, and employers have a duty to take effective measures to stop that harassment in the workplace and settings related to the workplace. Consequently, Continental's liability would depend on whether the on-line forum was such an integral part of the workplace that harassment there should be regarded as a continuation or extension of the pattern of workplace harassment. The case was remanded to the trial court for that determination.

   It is notable that the Blakey court did not hold that employers have a duty to monitor private communications of their employees, but it did admonish employers that "it may well be in [their] best interests to adopt a proactive stance when it comes to dealing with co-employee harassment," adding that "the best defense may be a good offense." Effective remedial steps reflecting a lack of tolerance for harassment will be relevant to an employer's affirmative defense that its actions absolve it from all liability for sexual harassment. This case was unusual because the employer did not own the computer network at issue. Where the employer does so, as in most cases, it will be...