Electronic Privacy In Employment

The electronic workplace has arrived. Voice mail, e-mail, modems, and integrated computer networks now dominate the American workplace. Millions of employees have access to the World Wide Web at work, and thousands of employers have developed comprehensive "Intranet" systems to distribute information in the workplace. In fact, one recent survey estimated that over 60% of all World Wide Web access occurred in the workplace. A 1997 study from Computer Intelligence, found that more than 31 million personal computers in the United States access the Internet regularly -- a 108% increase from just the previous year.

Increased globalization and availability of World Wide Web access, coupled with on-going management downsizing, virtually demand an increased reliance on electronic means of communicating with employees around the world. The benefits associated with an electronic workplace cannot be disputed. However, as companies rush out to create an electronic workplace to improve their productivity, they must consider the full impact that new technology will have on their workforce. Significant among those issues are concerns about electronic privacy. Federal and often state laws may limit employers' access to electronic data systems used by virtually all employees in the ever-expanding modern day workplace. Courts have recognized, however, the difficulty of applying existing legal standards to the rapidly-changing technology. In one recent decision, a federal District Court noted that

[t]he Internet may well be the premier technological innovation of the present age. Judges and legislators faced with adapting existing legal standards to the novel environment of cyberspace struggle with terms and concepts that the average American five-year-old tosses about with breezy familiarity. Not surprisingly, much of the legal analysis of Internet-related issues has focused on seeking a familiar analogy for the unfamiliar.
American Library Assn., et al. v. Pataki, 1997 U.S. Dist. LEXIS 8793 (S.D. N.Y., 6/20/97) (footnote omitted).

Unfortunately for both the courts and employers, such legal analogies are often difficult to draw. Accordingly, employers are forced to anticipate legal challenges to their actions in the context of a highly-mobile legal and technological landscape.

There are also practical implications to implementing new technology. According to a 1997 study conducted by CIO Communications, 94% of executives fear inappropriate Internet use will cut into work hours and hurt productivity. USA Today, April 16, 1997, p. B4. And their concerns are warranted. For example, Hewlett Packard Company recently received a "wrongful termination lawsuit from an ex-employee who was on the Internet up to six hours a day, accessing both the Sports Line and Sexy Babes Web site." Corporate Legal Times, July 1997, p. 42. In addition to the legal privacy issues, therefore, employers must carefully assess the practical applications of implementing each new technology. This article discusses the legal theories which may apply to electronic mail and other electronic privacy, and sets forth a no-nonsense approach for implementing technological change in the workplace.


The development of the doctrine of employee privacy and the dramatic expansion of the electronic workplace have set the stage for one of the most important areas of employment law as we enter the 21st century. This rapid development of information technology and the mass availability of information has the potential to eclipse an employee's right to privacy in the workplace. One major concern in the electronic workplace involves efforts to search and retrieve voice-mail, e-mail, and similar electronically stored messages, and to track World Wide Web access and use. Employers often have a legitimate need to search an employee's e-mail or voice-mail messages.

Although employers often have a legitimate need to conduct a search, cautious employers must be aware that their actions may violate an employee's right to privacy. Unfortunately, little case or statutory law exists on this subject. However, a discussion of several recent federal and state court decisions and statutes will help employers formulate policies in this area.

The Fourth Amendment

The Fourth Amendment with its proscription against unreasonable governmental searches and seizures does not directly relate to the private workplace. However, several of the doctrines that have been developed in the area of privacy arise out of litigation with regard to the Fourth Amendment and its applications. Increasingly, the tests articulated by the Supreme Court in various Fourth Amendment cases are being used in the context of the private workplace.

The Supreme Court in O'Connor v. Ortega, 480 U.S. 709 (1987) established a "reasonableness test" to balance a public employee's expectation of privacy in his office against an employer's right to conduct a reasonable search under the circumstances. The test focuses on whether the search was "justified at its inception" and whether the search was "permissible in scope." A search is "justified at its inception" when there are reasonable grounds for suspecting that the search will reveal evidence that the employee is guilty of work-related misconduct, or that the search is necessary for a noninvestigative, work-related purpose such as to retrieve a needed file while someone is on vacation. A search is "reasonable in scope" if the measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of the nature of the misconduct.

As discussed above, private employers are not constrained by the Fourth Amendment. Nevertheless, it is advisable that employers follow the dictates of Ortega and the Fourth Amendment. Although several state legislatures and courts have created constitutional, legislative or common law privacy rights for employees of private employers, that law is largely unsettled and in flux. Based on the dictates of Ortega and cases like Hill, in general searches should be based on reasonable suspicion or legitimate business needs and limited in scope to that necessary to achieve their purpose. Further, employers should endeavor to reduce their employees' expectations of privacy. This can be accomplished in several ways. Written authorization could be obtained from the employees before the search. Moreover, employees could be given notice of the fact that searches may be conducted. A well-designed employment policy addressing these issues is essential.

Federal Statutes

The Electronic Communications Privacy Act, 18 U.S.C. ' 2701, et seq., clearly gives an employer the right to access an employee's e-mail and voice-mail messages if the messages are maintained on a system provided by the employer. However, employers may not access messages if the system is provided by an outside entity without the authorization of the employee who communicated the message or the intended receiver of the message. Title 18 of the United States Code regulates the interception of wire, electronic, and oral communications. In 1986, Title 18 was expanded to cover "electronic" communications. Section 2511 prohibits an individual from intentionally intercepting "any wire, oral, or electronic communication." 18 U.S.C. ' 2511(1)(a). "Intercept" is defined as the "aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." 18 U.S.C. ' 2510(4). Although the law is highly unsettled, a circuit court of appeals has held that the retrieval of a telephone message from an electronic digital display-type pager did not constitute an "interception" of the transmission. United States v. Meriwether, 917 F.2d 955 (6th Cir. 1990). The court reasoned that the transmission over the system had ceased by the time the agent retrieved the information by pushing the digital display button. Accordingly, under Meriwether, if the employer merely retrieves information, the employer has not engaged in an "interception" of information as prohibited by Title 18.

Once the employer has accessed messages, it must be very careful about divulging their contents. The Act prohibits certain unauthorized knowing disclosures. The employer may disclose the message to the addressee or intended recipient or to an agent of that person. The employer may also disclose the contents of the stored messages with the lawful consent of the originator or addressee of the message or the intended recipient of the message.

Perhaps the most significant exception to the Act is found in 18 U.S.C. ' 2511(2)(d), which provides that an employee may either expressly or impliedly consent to an otherwise impermissible monitoring of a communication. Accordingly, employers may avoid liability by procuring the consent of employees before monitoring communications. Because determining whether there is implied consent is highly fact specific and uncertain, employers should try to obtain express consent in writing. Whether implied consent exists often depends largely upon how a company's search and retrieval policy is explained and understood. Accordingly, company policy should be carefully tailored so as to reduce employees' expectations of privacy and limit potential exposure.

Thus, one method of limiting potential legal exposure is to conduct only "authorized" searches and retrievals, and to limit the scope of search-and-retrieval efforts to that which is business-related. Similarly, a well-established written policy regarding the employer's ability to search and retrieve voice- and e-mail messages also will assist employers in demonstrating that their conduct is "authorized."

The Act excludes telephone equipment or components thereof furnished to the user by a provider of wire or electronic communications service in the ordinary course of business and being used by the subscriber in the ordinary course of business. 18 U.S.C. ' 2510(5)(a). Thus, monitoring voice-mail retrievable systems furnished by a communications service, and used during the ordinary course of business, may not constitute an "interception" for the purposes of this statute. Although it is unclear whether this exception would apply to a voice-mail system, it appears less likely to apply to an e-mail or other system if the system does not rely on a "telephone or telegraph instrument, equipment or facility, or any component thereof." To fall within the ambit of this exception, monitoring also must take place within the "ordinary course of business." 18 U.S.C. ' 2510(5)(a). Sanders v. Bosch, 38 F.3d 736 (4th Cir. 1994). A general policy of monitoring does not by itself render monitoring of any particular call or piece of information as occurring in the ordinary course of business. Rather, every particular monitoring activity must be separately considered to determine whether it occurred in the ordinary course of business.

Implement New Technology Using A Team Selection Process Which Focuses On Employment-Related Issues

Employers often ignore employment-related legal problems that may accompany the introduction of new technology. Many employers focus on the quick implementation of new technology in order to gain the immediate benefits of increased productivity and efficiency. However, in so doing, the employer may not anticipate the effect the new technology may have on personnel policies and procedures or the potential employment-related legal problems that may accompany the new technology. Employers often implement the new technology without even consulting with the human resources or legal departments.

It is essential that today's employer adopt a multidisciplinary approach to implementing new technology. A team should be formed and staffed with representatives from all affected departments, including human resources and legal. The team should be given the goal of implementing technology and integrating the new technology into the business objectives of the organization. The team process will help to ensure that the new technology will either fit existing employment policies or that those policies will be modified coincident with the installation of the new system. In this manner, it is more likely that troublesome issues which could result in litigation will be identified in advance.

Review Existing Employment Privacy Policies

Once an employer has committed to examining the employment law considerations associated with the introduction of new technology, it is essential to critically review existing policies to determine how technology is addressed by the policies and whether the policies need modification. Too few employers have developed comprehensive privacy policies. In a study undertaken in 1996, the Society of Human Resource Management found that nearly 80% of study participants used electronic mail -- yet only 36% of those corporations had in place policies regarding proper e-mail usage, and only 34% had written workplace privacy policies. Such a policy is becoming more and more essential However, even if a company has a privacy policy, it will probably have to be reviewed to ensure that it addresses issues unique to the electronic workplace.

Establish A Self-Auditing And Issue Spotting Process

In planning for the implementation of new information technology in the workplace, one must consider a wide range of practical and legal employment implications. Any practical or legal deficiencies could be eliminated if an employer conducted a simple audit of its practices prior to implementing a technological change. For example, a company should consider the following issues when implementing electronic mail and Work Wide Web access.

  • Who will be the authorized users of the new technology, and how will they be identified within the company
  • How will access to the Company's electronic mail or Intranet system be limited?
  • Will there be sensitive or confidential business or personnel information available in or transmitted through the system? How will the Company handle attached documents sent on the Internet?
  • What steps, including policies, procedures, and technical protective systems, should be established to protect confidential and business information
  • Which of the company's personnel policies will need to be revised in light of the new technology
  • Will there be safety and occupational health training needed as a result of the new technology?
  • What potential health or safety problems may be presented by the new technology, and how will the company address those potential problems? What ergonomic accommodations should be offered to employees using the new technology?
  • Will the new technology enable employees to work at home? If so, what new policies and procedures will be needed to handle supervision, training, compensation, workplace safety, and other issues for employees working at home?

This list should be used as a starting point for the team assigned the task of implementing new technology. It is anticipated that the process of answering these questions will suggest additional potential problems and tactics for improving the implementation process.

Develop Practical And Innovative Responses

The development of policies is an important and integral step toward facing the new technology. The policies must be as complete, complex, and innovative as necessary to meet the requirements of the new technology. Often, this process requires a significant level of partnering between the human resources and information services departments, as each brings its unique knowledge and experience to bear on challenges brought about by implementation. For example, consider an employer's implementation of access to the World Wide Web. The human resources department could assist with the development of training programs and employee roll-out strategies to encourage efficient and appropriate use. The information services department could brainstorm possible mis-uses of the system, and develop technological blocks (such as automatic use notification or built in log-off procedures) to ensure compliance. Again, such a multidisciplinary approach is crucial to proactively identifying and resolving the legal, practical and technological challenges brought about by new technology.

Develop An Electronic Workplace Training Program

The self-directed work force and the elimination of several levels of supervision have created an environment in which the role of training has taken on a higher level of importance. The regulations and policies related to new technology become the tools for managers to avoid future litigation problems. Training managers concerning the proper use and misuse of new technology is paramount to reducing litigation risk. In many areas, this training will extend beyond the managers to the employees who utilize and access the technology.

Monitor Policies And Programs

Every employer has an obligation to monitor and enforce the policies that govern its workplace. An organization cannot fully meet its key legal obligations by merely providing competent policies and good training. Our liability system is still built on the assumption that the workplace is controlled by the employer and that the employer has a responsibility to monitor and enforce its policies. New technology can greatly assist in this process. Unfortunately, it can also create the potential for systematic abuse. In carrying out the duty of monitoring and enforcing employment policies, employers should look to the audit check list described above when reviewing and implementing new technologies and the policies to support them.

The misuse of the electronic workplace is already an area where employers are facing disciplinary decisions. Employers have the choice of responding to situations as they arise or establishing standards for disciplinary action. Regardless of the approach, consistency will be important to reducing the likelihood of litigation and to ensuring acceptance of the employer's disciplinary process.

Maintain A Legislative And Judicial Watch

It is possible that an organization can follow the above steps and provide an excellent preventive program for the integration of new technology with minimal negative consequences. Unfortunately, these efforts can be derailed if legislative enactments occur without full appreciation of their impact. For example, in 1996 Congress enacted the now-overturned Communications Decency Act as part of the omnibus Telecommunications Act. Reno v. ACLU, 117 S.Ct. 2329 (1997). A search of federal employment cases involving electronic mail revealed over 250 cases since 1995 alone. As with the underlying technology, therefore, the legislative and judicial branches of state and federal governments are rushing to grapple with the new legal challenges described in this article. Employers are therefore well-advised to maintain a careful legislative and judicial watch in the jurisdiction sin which they conduct business.


The ultimate effect that the development of the information superhighway will have on the workplace remains to be seen. However, employers need not wait until the highway is complete to begin their travels. Employers who wait for legislation or the courts to define the parameters of the highway before acting will encounter costly, time-consuming roadblocks. The practical approach described above will enable the employer to better navigate the electronic workplace and decrease the risk of litigation in the process.