There are many good business reasons to monitor employee communications. These reasons include measuring productivity, maintaining confidentiality, and limiting employer liability for employee misconduct. For example, some employers want to measure employee output (such as keystroke counts) or assess the quality of customer contacts (particularly by telephone and e-mail). Many also monitor to ensure their communications systems are being used according to policy and are not compromised by viruses or inappropriate personal use.
Still, monitoring can be controversial because employees often view it as invasive, distracting, and stressful. And, if done improperly, you may violate federal and state laws that limit your ability to monitor employee telephone and computer communications. Below is a discussion of the legal issues and a practical guide on how to reduce both legal and employee problems when implementing monitoring policies.
Laws governing electronic monitoring
Interestingly, even though employees may feel that telephone and computer monitoring violates their privacy, the law does not entirely support these concerns. Under federal law, employers have the right to monitor work-related use of telephone, e-mail, and other computer-generated communications, if certain conditions have been met. Title III of the Omnibus Crime Control and Safe Streets Act (commonly referred to as the Wiretap Act), found at 18 U.S.C. §§2510 et seq., generally prohibits the intentional interception of any wire, oral, or electronic communication. (Note that the Wiretap Act initially primarily covered telephone conversations, but was amended by the Electronic Communications Privacy Act (ECPA) to include all electronic and computer communications, including e-mail.)
However, the Wiretap Act contains two exceptions to its interception prohibition: (1) when at least one party to the communication performs the interception, or has previously consented to the interception; or (2) when the interception is by an employer with a legitimate business-related reason for the interception (the "business extension" exception).
1. Consent. To qualify, consent may be expressed, as in a written agreement, or implied from the circumstances, as when an employee is informed that all calls and e-mail will be monitored for quality assurance or training purposes. So, for example, in Griffin v. City of Milwaukee, 74 F.3d 824 (7th Cir. 1996), the court found no violation of the Wiretap Act because the employee had given implied consent to systematic interception of telephone conversations. She worked in the police division that handled all incoming emergency calls, she was informed that calls might be monitored for supervision and training purposes, and the recording equipment was conspicuously placed in the middle of the work area.
However, it is not sufficient notice when an employer informs employees that it might start monitoring calls. Thus, in Deal v. Spears, 980 F.2d 1153 (8th Cir. 1992), the court did not consider the employer's remark that he might monitor calls, if abuse of personal calls continued, to be notice sufficient to create the needed implied consent.
2. The business extension exception. Under the "business extension" exception, an employer, within certain limitations, may monitor an employee's telephone calls and e-mail without the employee's consent. The exception allows an employer, in the ordinary course of business, to intercept communications if it uses equipment or a component that it furnishes or that is furnished to it by a provider of wire or electronic communications service in the ordinary course of the provider's business (usually, the telephone company). So, under the Wiretap Act, you may monitor and even record an employee's telephone calls without consent as long as you can show a normal business-related reason for doing so and use equipment allowed by the Act.
For example, in Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983), the court determined that a supervisor could monitor the telephone solicitation calls of sales employees by means of a standard telephone extension that shared lines with the telephones used by the employees. In contrast, in Sanders v. Robert Bosch Corp., 38 F.3d 736 (4th Cir. 1994), the court rejected the employer's contention that the business extension exemption applied to its 24-hour a day, 7-day a week recording of telephone calls. The court concluded that there was no business justification for such a drastic measure, despite the employer's assertion that it feared bomb threats. No threats had been received during the monitoring.
Generally, the business extension exception also does not apply if the employer listens to a personal conversation beyond the point necessary to determine that it is personal. For example, in United States v. Murdock, 63 F. 3d 1391 (6th Cir. 1995), cert. denied, 517 U.S. 1187 (1996), the court found that the business extension exception did not apply when the funeral home owner intercepted the co-owner/ex-spouse's personal calls.
However, most courts also have recognized that certain employers may have legitimate business reasons to monitor personal calls. So, for example, in Arias v. Mutual Cent. Alarm Serv., Inc., 202 F.3d 553 (2d Cir. 2000), an employer, that provided a central alarm notification service responsible for monitoring customer fire and burglar alarms, properly recorded all incoming and outgoing calls, including employees' personal calls. Legitimate business reasons supported the monitoring, including that 24-hour recordings are standard in the industry, are recommended by the employer's insurers, and help ensure that employees are not divulging sensitive information that could facilitate access to customer's homes.
Most states also have statutes prohibiting electronic eavesdropping, many of which are modeled closely on the federal Wiretap statute. A few states, such as California, Illinois, and Michigan, are more restrictive and require the consent of all parties before monitoring. The Illinois law allows monitoring when at least one-party consents in limited circumstances, such as for monitoring telemarketing solicitations. Others also have enacted laws that specifically regulate monitoring computers and e-mail. For example, Delaware requires employers to provide written notice of any monitoring of telephone, Internet, or e-mail use. Connecticut also requires written notice of any electronic monitoring, but exempts employers that use the monitoring to collect evidence of unlawful activity or hostile workplace harassment.
Access to stored electronic communications
Employer monitoring of stored e-mails and voicemails is much less regulated and generally allowed under federal law. Under the ECPA sections codified at 18 U.S.C. §§2701, et seq., employers that provide electronic communication service may access messages once they are stored in their computer or telephone systems, without notifying employees of the access. So, for example, in Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107 (3d Cir. 2003), the court determined that the employer did not violate the ECPA when it accessed an employee's e-mail after the messages were transmitted and stored on the employer's system.
Best practices include reasonable policy and selective monitoring
As discussed above, the law allows employers to monitor when certain conditions are met, and most businesses find there are legitimate business reasons to retain the right to do so. However, any type of surveillance can cause serious morale problems if not handled appropriately. No one likes to be spied on, particularly when engaged in personal, nonwork-related activities, even if these activities occur at work. To reduce these problems, your best bet is to be up front— communicate your policy carefully and clearly, and then monitor only to the extent necessary. The following five strategies will help your organization prevent abuse while promoting positive employee relations.
1. Develop a policy specifically addressing monitoring of employee communications and educate your employees about it. The policy should:
- Clearly state that the computer system and communications services are the property of the employer;
- Reserve the right to monitor employees' electronic communications;
- Explain the business-related reasons for the monitoring;
- Describe permissible work-related and personal telephone, e-mail, and Internet use;
- —Prohibit inappropriate use, including: excessive personal use; sending, accessing, or storing discriminatory, harassing, defamatory, or pornographic material; duplicating or distributing copyrighted material without permission; and transmitting confidential, proprietary, or trade secret information; and
- Include penalties for policy violations, up to and including termination.
2. Keep the monitoring work-related. If you offer employees a sound and positive business rationale for monitoring, they are more likely to accept it as a legitimate work-related tool rather than an intrusion. Acceptable reasons include monitoring to respond to a complaint regarding policy violations or to improve employee performance, customer relations, and the quality of products and services.
3. Make it reasonable regarding personal use. A policy that prohibits all personal use is usually both impractical and virtually impossible to enforce in many employment environments. Similarly, draconian punishments for a relatively minor policy violation will understandably be viewed as unfair by many of your employees.
4. Check state law. If you are in a state that requires the consent of all parties to monitor telephone calls, consider adding a prerecorded message to all incoming and outgoing calls to inform nonemployees of potential monitoring.
5. When in doubt, give notice and get consent. Remember, monitoring is always legal when you get consent, so if you are going to monitor employees, have them sign off on it when they are hired or when you start monitoring.
Monitoring is a tool to be used carefully
There's no doubt about it—employee monitoring has become more commonplace and has many legitimate uses. However, overly intrusive practices can create the negative perception that Big Brother is watching. The solution, therefore, is to balance your need for protection with your employees' desire for as much privacy as possible. A policy that embraces the five components discussed above is a good place to start.
Robin Thomas, J.D., is Managing Editor for Personnel Policy Service, Inc., 159 St. Matthews Avenue, Suite 5, Louisville, KY 40207, and can be reached at firstname.lastname@example.org, or 1-800-437-3735. Personnel Policy Service markets group legal benefit services and publishes HR information products, including a free Internet/email communications policy that covers electronic monitoring available at http://www.ppspublishers.com/dcinternet.htm.