July 26, 2018
Employer Monitoring and Surveillance
A recent American Management Association Survey finds that two-thirds of employers monitor their employees’ website visits at work.i Further, in a Deloitte, LLP Ethics and Workplace Survey, sixty percent (60%) of the respondents believed they had a right to know how employees portray themselves and their organization in online social networks. An equal number of employees under 34 disagree. Employers are paying more attention to what their employees are doing and saying. Can they do so? Yes. Should they? It depends. The law of privacy is evolving, requiring an employer to find the balance between needing to know what is occurring in the office to protect itself from liability and the employee’s expectation of privacy. So far, the courts have tended to support the private employer, particularly where the employee is on notice, they have consented and the surveillance is related to a business purpose. As for the public employer, the courts are more zealous in protecting the privacy rights of the employee.
II. Employer Right/Duty/Privilege to Investigate v. Employee’s Right/
Expectation of Privacy
Electronic monitoring has become increasingly sophisticated. The 2007 AMA Workplace Monitoring and Surveillance reportii listed the following forms of electronic monitoring and surveillance:
- Recording and review of telephone conversations
- Storage and review of voice mail messages
- Storage and review of computer files
- Storage and review of e-mail messages
- Monitoring Internet connections
- Video recording of employee job performance
- Telephone use (time spent, numbers called)
- Computer use (time logged on, keystroke counts)
- Video surveillance for security purposes
This same report identified the following reasons for the monitoring and surveillance:
- Legal compliance
- Legal Liability
- Performance Review
- Productivity Measures
- Security Concerns
Each of the reasons cited by employers for conducting monitoring and surveillance provides a third protection against a claim of privacy violation: The legitimate business purpose.
A. Private Employer
Most courts would agree that a private employer has a right to monitor the performance of its employee. Indeed, the most common reason cited for monitoring is the evaluation of performance.iii Use of GPS devices to track employees in employer owned vehicles and even employee owned vehicles has been upheld on the ground of increasing productivity or enforcing safety.
In some instances that right becomes a duty. Thus, an employer who receives a complaint of sexual harassment and fails to investigate, may be liable for the harassing employee’s actions. Likewise, the employer that fails to investigate the background of an employee may find itself liable for a claim of negligent hiring defamation and copyright infringement.
The right to monitor, however, is offset by an employee’s right to privacy, a right that in many cases is constitutional as well as statutory. The Electronic Communications Privacy Act of 1986 (the Act) was enacted to extend government restrictions on wire taps from telephone calls to include transmissions of electronic data by computer. The USA PATRIOT Act subsequently amended and some argue, weakened, the Act. Further, the provision allowing the FBI to issue National Security Letters to Internet service providers ordering them to disclose records about their customers was ruled unconstitutional. As a practical matter, this Act protects individuals' communications from government surveillance without a court order but is not of assistance to the employee working on line on her employer's equipment.
In June 2010, the United States Supreme Court weighed in on whether the Ontario police department violated its employees’ rights by reading private, sexually explicit text messages sent by the employee on pagers supplied and owned by the police department. The Supreme Court held that the search of the employee’s text messages was justified by a legitimate, work-related purpose because the employer had a right to monitor excess usage to control costs. The Court opined that an employer’s written policies on electronic communications are important and will be considered in privacy right cases. The policies “shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.” The bottom line is that the Court has told us that employers need to have written policies in place that specifically tell employees that they should have no expectation of privacy when communicating on any company electronic system, including computers, phones, pagers, etc. These policies must then be clearly communicated to employees.
As monitoring technology becomes more sophisticated, the employer needs to exercise even greater care to ensure that those protected rights are not violated by the employer’s surveillance activity. Thus, in Stengart v. LovingCare Agency, Inc. 990 A.2d 650 (N.J. 2010) the New Jersey Supreme Court ruled that attorneys for an employer violated the privacy rights of a former employee and the rules of professional conduct by reading emails the employee sent to her counsel on a company laptop through her personal password-protected Yahoo email account Even the Ninth Circuit has expressed concerns regarding the use of Internet software that monitors Internet use on employee computers. The concern resulted in a direction to its IT staff to disable the monitoring software.iv Although the software is back in use, the court pointed to the unfairness of monitoring without employees being fully aware of the policy.
This policy is consistent with the Ninth Circuit's 2007 case, United States v. Ziegler 474 F.3d 1184 (9th Cir. 2007), where the Appeals Court upheld an employer's right to monitor and access its employees' computer records. The Court found such right because the employer had an effective policy that dispelled any notion of privacy in employees' use of their workplace computers. Thus, the Court found, the employee did not have a reasonable expectation of privacy in the files he downloaded from the Internet and stored on the computer he used at work.
Using Social Media Sites To Background Check Potential Employees A report by Jump Start Social Media reports that its survey of hiring managers reported that 75% of the hiring managers checked LinkedIn to research candidates’ credentials, 48% used Facebook, and 26% used Twitter. While “googling” applicants is not per se illegal, the information discovered may reveal things that the employer doesn’t want to know. Information that would place the applicant in a protected category could give rise to a discrimination lawsuit if an adverse employment action is taken. For example, if the employer finds out about an applicant’s sexual orientation through a social media site, and then decides to not hire the applicant based upon that information, the employer may have violated Nevada’s antidiscrimination statute. One possible solution is to use a third-party to conduct the search and instruct them that they are only to reveal pertinent information that is not related to any protected category.
It is important to reference the company’s harassment, anti-discrimination, work violence and all similar policies in its social media policy. In addition, update the company’s other policies to notify employees that any conduct committed electronically, through social media sites or otherwise, that violates the policy would still be a violation and subject to discipline. There are more and more cases of “sexting” or text messages sent that would violate work place policies.
Remind employees that they are responsible for the content of what they post on any social media site. Posting that violates a third party’s rights could subject them to liability, including money damages. Nevada recognizes four privacy claims:
-unreasonable intrusion in the seclusion of another
-intrusion on the name or likeness of another
-unreasonable publication of private facts
-publicity that unreasonably places someone in a false light to the public.
All of these are torts and can subject employees to personal liability Employers need to craft policies that provide guidance to its employees about what is, and what is not, ok to post on a social media site. Show how inadvertent disclosure of confidential information can harm the company if an employee is privy to the employer's or its customer's confidential information. A simple posting by an employee who works in research & development that he has to cancel his golf tee time because of yet another project delay, allows followers (or “friends”) who are aware of where the employee works to connect the project delay to problems with a product that the employer is preparing to launch. The employer’s stock could be adversely affected.
Trademark and copyright are of concern, too. Employees who are posting must be sure to comply with all trademark and copyright laws. Proper credit needs to be given, even on the internet.
b. Public Employers
In the public arena, the U.S. Constitution's Fourth Amendment prohibition on unreasonable searches by public entities gives rise to a privacy protection for employees. In the case of Quon v. Arch Wireless Operating Co., Inc., 554 F.3d 769 (9th Cir. 2009), the court found that the police department and its text messaging provider both violated a police officer's rights by accessing and reviewing his text messages. The City of Ontario, California had a policy that told employees that they shouldn't expect privacy in their use of its computer resources. Officer Quon acknowledged that policy in writing and even attended a meeting where he was told that this policy applied to pagers. He was also told, however, that if his usage went over his allotted amount, he could pay for that overage. The Ninth Circuit said that statement was reasonably interpreted by Quon as modifying the Department's computer use policy. Thus, the search of Officer Quon's text messages had to be reasonable and the Court found that because the search was not limited to one necessary for a noninvestigatory work-related purpose. The case was sent back to the trial court.
The Quon case, however, may raise an issue for private employers that use thirdparty service providers to deliver communications services. Under the federal Stored Communications Act, a communication provider cannot disclose private communications to other entities or individuals. If, as in the Quon case, the company’s service provider is found to be an Electronic Communication Service, disclosing the electronic communications violates the Stored Communications Act. If the company’s service provider is found to be a Remote Computing Service, there is no such violation.
III. Searches and Seizures
As noted above, employee privacy in the workplace varies depending on whether the employer is a governmental entity or a private employer. Governmental entities are “state actors” for the purposes of the Fourth Amendment, and therefore must comply with constitutional prohibitions on illegal searches and seizures. Private employers generally are not subject to the Fourth Amendment and need only show that the search at issue is a necessary aspect of running the employer’s business.v The safest course of action for both public and private employers is to lower the employee’s expectation of privacy.
This can be done by imposition of practices and office procedures which are uniformly and regularly applied. The following recommendations are a good starting point for reducing employee’s expectations of privacy:
- Retain a key or combination to employees’ lockers, desks and company vehicles, and inform employees that the keys and combinations are being retained.
- Prohibit employees from using their own locks and be sure that all locks on company property are company owned.
- Reserve the right to search lockers, desks, vehicles and computers at any time.
- Supply written notice to employees that lockers, desks and vehicles may be searched without employee consent or knowledge and that refusing to allow searches may result in discipline.
- When conducting a search at the request of police be sure to secure a valid search warrant.
- Inform employees that their bags, pockets or briefcases may be searched and obtain employee consent prior to conducting such searches.
- Conduct searches in a reasonable manner so as not to humiliate the employee.vi
- Conduct searches even-handedly and in a non discriminatory manner.
- Always attempt to obtain consent of the employee before conducting a search.
- Stop a search if the employee credibly denies knowledge of the search policy.
Employers are subject to penalties and civil damages when third persons intercept telephone conversations without the consent of either of the conversing parties.vii This argument has been extended to interceptions of secure web sites.viii Employees, however, can waive their right to protection under the Act. Thus, before employees are hired and before electronic monitoring begins, the employer should obtain written releases from all employees allowing the employer to monitor their voice mail or other electronic communications.ix
E-mail is one of the Internet’s venerable and most popular communication channels. E-mail is defined as “mail composed and transmitted on a computer system or network.” Despite its age, e-mail remains a widely used communication tool on the Internet.
E-mail has the dubious distinction of being able to stick around on individual computers and company computer servers, and may provide evidence for employee discrimination claims. Further, especially in the discrimination context, e-mail can be particularly threatening. Whereas in the past the range of an off-color joke was the earshot of the speaker, now, through e-mail, an ignorant employee can share a discriminatory message with an entire company instantaneously. The message can be printed out and saved for future use, thereby ending any dispute over what was actually said. Further, the informal nature of e-mail lends itself easily to making defamatory statements about co-workers and subordinates. The company also risks losing trade secrets and compromising computer security where confidential and secret documents can be attached to an e-mail and instantaneously sent anywhere in the world.x Because of the perils posed by e-mail, e-mail use policies are important. The policy should require that all employees sign a consent form acknowledging that the company may monitor the employee’s e-mail messages. E-mail use policies should also restrict the use of any type of offensive, harassing, fraudulent, defamatory or otherwise illegal language in email message. The policy should also address copyright infringement and unauthorized sharing of trade secrets, proprietary information and confidential information.
VII. Internet/Social networking
Email, however, is so yesterday.. The number of internet users is growing exponentially:
• 2000 – 124 million internet users (44%)
• 2002 – 167 million internet users (58%)
• 2006 – 205 million internet users (70%)
• 2009 – 227 million internet users (74%)
• 2011 – 272.1 million internet users (78.3%)
Social media (such as Facebook, Twitter, LinkedIn, YouTube, and blogs) is now overtaking email as the most common form of communication. Employees have access to it on their computers, smartphones, and I-pads. At a recent American Bar Association seminar on Facebook Firing, a speaker advised that in 2004, there were one million users on "Facebook". In 2009, there were two hundred million users on "Facebook. In the month of March 2009, "Twitter" grew by 120%. Instantaneous access to government records, phone numbers, and employment resources, for example, can significantly enhance workplace productivity. However, like e-mail, the Internet also poses pitfalls for employers.
Like e-mail, use of the Internet whether over the company owned computer, the employee's PDA or cell phone may unwittingly set an employer up for a discrimination claim. Accessing a pornographic site, downloading a pinup calendar as a screensaver forwarding a sexist or racist joke received on the office computer all may be used as evidence of a hostile work environment. Does an employee's use of a social networking site or blog to discuss the company or its employees create the same risk? Depending on the content and even where the employee accesses the site or blog, it may.
Everyone has heard about the “Facebook Firing” where an employee was terminated for something they posted on Facebook. There are many versions of the case, and many ended up before the National Labor Relations Board. The NLRB promptly took action and held in many cases that the employer committed an unfair labor practice for disciplining or terminating employees for postings on Facebook. The NLRB took the position that the complaints made by employees about working conditions (even when using foul language) was still protected conduct because the employees were engaging in “concerted activity” in order to better working conditions. In fact, the NLRB had so many cases that the NLRB’s General Counsel issued a memo on the subject in August of 2011. The memo outlines what the NLRB found in each case, and highlights when employer’s policies go too far or are too restrictive. For example, the NLRB found that employer’s policies stating that employees could not post pictures of themselves in their uniform on any social media site was too restrictive as employees must be allowed to show themselves conducting union activities while in uniform. The most important thing to remember is that any employer, unionized or non-unionized, can be subject to an unfair labor practice. More and more employees are claiming unfair practices and filing charges based upon actions taken in response to employee’s social media postings. The NLRB seems to consider social media sites to be the new gathering sites, and that such speech is protected. The unfortunate thing for employers is that social media postings exist forever, while a statement at a gathering would not. To review a copy of the NLRB’s General Counsel memo, go to https://www.nlrb.gov/news/acting-generalcounsel-releases-report-social-media-cases to download a copy. Does this mean that an employee can criticize her employer with impunity? Not always.
With the rise of social media in the workplace, the NLRB created what is known as a modified Atlantic-Steel/Jefferson standard. These decisions, dating back more than 30 years, upheld terminations of employees who uttered an unprovoked obscenity at a foreman and handed out pamphlets to the public criticizing their employer’s product. Today’s NLRB borrowed a little from each of these decisions to craft the modified standard based on a case involving a popcorn plant. Under the NLRB’s “popcorn” test, if the -employee’s postings or texts relate to terms and conditions of employment, they are protected by the National Labor Relations Act -employee is posting or texting as a part of an employee discussion of the workplace, the actions are protected by the National Labor Relations Act -employee is posting or texting from home and the comments are not verbal or physical threats, the actions is protected by the National Labor Relations Act. -postings can be viewed by third parties but are not critical of the employer’s product or business policies, the action is protected by the National Labor Relations Act.
-where the posting disrupts workplace discipline
-contains information that damages the employer’s reputation and business
-can be viewed by third parties and is accompanied by vulgar, obscene, threatening or intimidating language, the Employee’s actions may not be protected by the National Labor Relations Acc Other forms of improper use may be dangerous to employers. the employee who uses her current employer’s Internet access to search for new jobs. "LinkedIn", a useful tool for referrals, finding positions and/or finding employees is fast, efficient, and theoretically "more professional" than other social networks such as "Facebook" but poses difficult challenges to employers when abused or misused. Consider the employee who has yet to be told she is being terminated when she reads a posting for her job on a social network. What about the supervisor tasked with terminating an employee for a valid business reason who shares with his "Friends" his feelings about the employee and in doing so, gives rise to an argument for a discriminatory firing. What if the letter of recommendation is written while at a company whose company policy prohibits giving out information other than confirming employment is now broadcast to the world?
Accordingly, as with e-mail, it is important to develop an Internet/social networking use policy but one that is not overly broad so as to run afoul of the National Labor Relations Act.
- Conduct an internal audit to find out how Internet/social networking is presently being used.
- Determine why, when and how Internet/social networking should be used to advance business purposes.
- Develop a written policy of acceptable and unacceptable Internet/social networking use.
- Conduct an Internet/social networking use training program to let users know what kind of access and use is appropriate or inappropriate.
The policy should provide:
1. No expectation of privacy when using an employer computer system, including messages sent over the employee's phone that run through the employer's Internet system.
2. No dissemination of confidential or proprietary information over the employer's computer system, the employee's phone or PDA or on any social network or blog along with the warning that employees may be held legally responsible for the content of such communications, including a blog if it violates the law i.e. trade secret laws or copyright laws.
3. No violation of the company's codes of conduct including antidiscrimination policies.
4. Respect for privacy of fellow employees by not posting pictures or information about such employees without their written permission.
5. No use of company logos, including letterhead or uniforms.
6. No conduct that creates a conflict of interest or is disparaging in such a way as to harm the employer's business interest.
7. Disclaimers on personal opinions so that no one will assume the employee is speaking for the company.
8. Clear statement that violation of the policy can lead to disciplinary action including termination. The author, publisher, speaker and sponsors of this program present these materials with the understanding that the information provided is not legal advice. Due to the rapidly changing nature of the law, information contained in these publications or presented by the speaker may become outdated. As a result, an attorney or other individual using these materials must always research original sources of authority and update this information to ensure accuracy when dealing with a specific client's legal matters. Further, the presentation or materials provided are not intended to establish practice standard or standards of care applicable to an attorney's performance. In no event will the authors, the sponsors, the speakers or the publisher be liable for any direct, indirect, or consequential damages resulting from the use of these materials. This material is offered only for general informational and educational purposes. They are not offered as and do not constitute legal advice or legal opinions. Although we intend to keep this information current, we do not promise or guarantee that the information is correct, complete, or up-to-date. You should not act or rely upon the information in this material without seeking the advice of an attorney.
i 2007 AMA Survey Workplace Monitoring & Surveillance, 2007 American Management Association, New York, New York USA
ii 2001 AMA Survey Workplace Monitoring & Surveillance, 2001 American Management Association, New York, New York USA
iii www.CNN.com - Career – Monitoring Employees: Eyes in the workplace – January 2, 2001
v Williams v. Philadelphia House Auth., 826 F.Supp. 952 (E.D.Pa 1993)
vi Bodewig v. K-Mart, Inc., 635 P.2d 657 (Or.App 1981)
vii The Federal Wiretap Act, 18U.S.C. §§2510-2520 and the Electronic Communications Privacy Act, 18 U.S.C. §§2701 et seq.
viii Konop v. Hawaiian Airlines, Inc., 236 F.3d 1035 (9th Cir 2001)
ix 18 U.S.C. §§2511(2)(d)
x Smyth v. Pillsbury Co., 914 F.Supp. 97 (1996) no reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding assurances that such communications were confidential.