Electronic Communication Policies: How Private Is E-mail?
In today's electronic environment, associations need to use e-mail's ability to connect members, staff, vendors, and buyers to remain relevant. But e-mail use also raises various legal issues:
- Do association managers have a right to monitor staff e-mail?
- Do staff have a right to privacy?
- If management monitors staff e-mail, must they inform the staff?
- May staffers use passwords and encryption to prevent management from gaining access to and deciphering their e-mail?
At the moment, the answers are yes, no, no, and no, according to the issue's sparse legal history. But regardless of what is or is not legal, the best way for an organization to protect itself is to set a written policy on electronic communications.
What The Courts Say
The top 200 Fortune 500 companies in North America will generate an estimated 14 billion messages this year, according to Andre Bacard's Computer Privacy Handbook, 1995. The sudden growth and widespread use of e-mail has received the attention of the nation's courts and legislatures. Anne Wells Branscomb, in Who Owns Information? presents some representative anecdotes.
At Epson America, Inc., an e-mail system administrator was fired for objecting to the company's surreptitious e-mail monitoring. When she and other employees sued Epson, the lower court dismissed their case. Even though Epson won that round, consider the litigation cost, the impact on stock-holders and image, and the employee relationships Epson has jeopardized.
In Bourke v. Nissan Motors Corp., the plaintiff was fired for sending personal messages, some of which contained sexual material, through the company's in-house system. She sued for invasion of privacy and wrongful termination, and lost. The court emphasized that company employees agreed to use the computer systems for company business only, and knew the company monitored messages.
Bacard cites a Columbia University report noting that two-thirds of managers surveyed monitor their employees' e-mail, and most do so surreptitiously. Thus, he says, "employees have no idea of whether they are being monitored, nor of what the company does with the data about them."
Setting A Policy
Today, most scholars and cyberlaw lawyers agree that an employee cannot expect privacy in the workplace. Ordinarily there is no legal impediment to management's monitoring of employee electronic communications, and typically, management has no duty to divulge such activity.
But management subjects itself to litigation, disharmony, and potential liability when it fails to establish workable, common-sense policies that balance legal with nonlegal considerations, such as the culture of the workplace, the organization's needs, the risks it faces, and the role of electronic communication.
At the very least, organizations that monitor their staff's e-mail should tell them. They also should consider using outside legal assistance for formulating and articulating policies, enforcement, and administration. The policy developers should ask the following questions:
- Why are we monitoring our employees?
- How can we best do it?
- Who should conduct the surveillance?
- What reasons will justify revealing monitored information to others?
- How should the association use the information it obtains?
The development of an electronic communication policy will enable organizations to recognize risks, avoid conflicts, and discover positive opportunities for growth into cyberspace.