There are many good business reasons to monitor employee
communications. These reasons include measuring productivity, maintaining
confidentiality, and limiting employer liability for employee misconduct. For
example, some employers want to measure employee output (such as keystroke
counts) or assess the quality of customer contacts (particularly by telephone
and e-mail). Many also monitor to ensure their communications systems are being used
according to policy and are not compromised by viruses or inappropriate
personal use.

Still, monitoring can be controversial because employees
often view it as invasive, distracting, and stressful. And, if done improperly,
you may violate federal and state laws that limit your ability to monitor
employee telephone and computer communications. Below is a discussion of the
legal issues and a practical guide on how to reduce both legal and employee
problems when implementing monitoring policies.

Laws governing electronic monitoring

Interestingly, even though employees may feel that telephone
and computer monitoring violates their privacy, the law does not entirely
support these concerns. Under federal law, employers have the right to monitor
work-related use of telephone, e-mail, and other computer-generated
communications, if certain conditions have been met. Title III of the Omnibus
Crime Control and Safe Streets Act (commonly referred to as the Wiretap Act),
found at 18 U.S.C. §§2510 et seq., generally prohibits the intentional interception
of any wire, oral, or electronic communication. (Note that the Wiretap Act
initially primarily covered telephone conversations, but was amended by the
Electronic Communications Privacy Act (ECPA) to include all electronic and
computer communications, including e-mail.)

However, the Wiretap Act contains two exceptions to its
interception prohibition:  (1) when at
least one party to the communication performs the interception, or has
previously consented to the interception; or (2) when the interception is by an
employer with a legitimate business-related reason for the interception (the
“business extension” exception).

1. Consent. To qualify, consent may be expressed, as in a
written agreement, or implied from the circumstances, as when an employee is
informed that all calls and e-mail will be monitored for quality assurance or
training purposes. So, for example, in Griffin v. City of Milwaukee, 74 F.3d
824 (7th Cir. 1996), the court found no violation of the Wiretap Act because
the employee had given implied consent to systematic interception of telephone
conversations. She worked in the police division that handled all incoming
emergency calls, she was informed that calls might be monitored for supervision
and training purposes, and the recording equipment was conspicuously placed in
the middle of the work area.

However, it is not sufficient notice when an employer
informs employees that it might start monitoring calls. Thus, in Deal v.
Spears, 980 F.2d 1153 (8th Cir. 1992), the court did not consider the
employer’s remark that he might monitor calls, if abuse of personal calls
continued, to be notice sufficient to create the needed implied consent.

2. The business extension exception. Under the “business
extension” exception, an employer, within certain limitations, may monitor an
employee’s telephone calls and e-mail without the employee’s consent. The
exception allows an employer, in the ordinary course of business, to intercept
communications if it uses equipment or a component that it furnishes or that is
furnished to it by a provider of wire or electronic communications service in
the ordinary course of the provider’s business (usually, the telephone company).
So, under the Wiretap Act, you may monitor and even record an employee’s
telephone calls without consent as long as you can show a normal
business-related reason for doing so and use equipment allowed by the Act.

For example, in Watkins v. L.M. Berry & Co., 704 F.2d
577 (11th Cir. 1983), the court determined that a supervisor could monitor the
telephone solicitation calls of sales employees by means of a standard
telephone extension that shared lines with the telephones used by the employees.
In contrast, in Sanders v. Robert Bosch Corp., 38 F.3d 736 (4th Cir. 1994), the
court rejected the employer’s contention that the business extension exemption
applied to its 24-hour a day, 7-day a week recording of telephone calls. The
court concluded that there was no business justification for such a drastic
measure, despite the employer’s assertion that it feared bomb threats. No
threats had been received during the monitoring.

Generally, the business extension exception also does not
apply if the employer listens to a personal conversation beyond the point
necessary to determine that it is personal. For example, in United States v.
Murdock, 63 F. 3d 1391 (6th Cir. 1995), cert. denied, 517 U.S. 1187 (1996), the
court found that the business extension exception did not apply when the
funeral home owner intercepted the co-owner/ex-spouse’s personal calls.

However, most courts also have recognized that certain
employers may have legitimate business reasons to monitor personal calls. So, for example, in Arias v. Mutual Cent. Alarm Serv., Inc., 202 F.3d 553 (2d Cir. 2000), an employer, that
provided a central alarm notification service responsible for monitoring
customer fire and burglar alarms, properly recorded all incoming and outgoing
calls, including employees’ personal calls. Legitimate business reasons
supported the monitoring, including that 24-hour recordings are standard in the
industry, are recommended by the employer’s insurers, and help ensure that
employees are not divulging sensitive information that could facilitate access
to customer’s homes.

Most states also have statutes prohibiting electronic
eavesdropping, many of which are modeled closely on the federal Wiretap statute.
 A few states, such as California,
Illinois, and Michigan, are more restrictive and require the consent of all
parties before monitoring. The Illinois law allows monitoring when at least
one-party consents in limited circumstances, such as for monitoring
telemarketing solicitations. Others also have enacted laws that specifically
regulate monitoring computers and e-mail. For example, Delaware requires
employers to provide written notice of any monitoring of telephone, Internet,
or e-mail use. Connecticut also requires written notice of any electronic
monitoring, but exempts employers that use the monitoring to collect evidence
of unlawful activity or hostile workplace harassment.

Access to stored electronic communications

Employer monitoring of stored e-mails and voicemails is much
less regulated and generally allowed under federal law. Under the ECPA sections
codified at 18 U.S.C. §§2701, et seq., employers that provide electronic
communication service may access messages once they are stored in their
computer or telephone systems, without notifying employees of the access. So, for example, in Fraser v. Nationwide Mut.
Ins. Co., 352 F.3d 107 (3d Cir. 2003), the court determined that the employer
did not violate the ECPA when it accessed an employee’s e-mail after the
messages were transmitted and stored on the employer’s system.

Best practices include reasonable policy and selective monitoring

As discussed above, the law allows employers to monitor when
certain conditions are met, and most businesses find there are legitimate
business reasons to retain the right to do so. However, any type of
surveillance can cause serious morale problems if not handled appropriately. No
one likes to be spied on, particularly when engaged in personal, nonwork-related activities, even if these activities occur at work. To reduce these problems, your best bet is to be up front–
communicate your policy carefully and clearly, and then monitor only to the
extent necessary. The following five strategies will help your organization
prevent abuse while promoting positive employee relations.

1. Develop a policy specifically addressing monitoring of
employee communications and educate your employees about it. The policy should:

  • Clearly state that the computer system and communications
    services are the property of the employer;
  • Reserve
    the right to monitor employees’ electronic communications;
  • Explain
    the business-related reasons for the monitoring;
  • Describe
    permissible work-related and personal telephone, e-mail, and Internet use;
  • —Prohibit
    inappropriate use, including: excessive personal use; sending, accessing,
    or storing discriminatory, harassing, defamatory, or pornographic
    material; duplicating or distributing copyrighted material without
    permission; and transmitting confidential, proprietary, or trade secret
    information; and
  • Include
    penalties for policy violations, up to and including termination.

2. Keep the monitoring work-related. If you offer employees
a sound and positive business rationale for monitoring, they are more likely to
accept it as a legitimate work-related tool rather than an intrusion. Acceptable
reasons include monitoring to respond to a complaint regarding policy
violations or to improve employee performance, customer relations, and the
quality of products and services.

3. Make it reasonable regarding personal use. A policy that
prohibits all personal use is usually both impractical and virtually impossible
to enforce in many employment environments. Similarly, draconian punishments
for a relatively minor policy violation will understandably be viewed as unfair
by many of your employees.

4. Check state law. If you are in a state that requires the
consent of all parties to monitor telephone calls, consider adding a
prerecorded message to all incoming and outgoing calls to inform nonemployees of potential monitoring.

5. When in doubt, give notice and get consent. Remember,
monitoring is always legal when you get consent, so if you are going to monitor
employees, have them sign off on it when they are hired or when you start
monitoring.

Monitoring is a tool to be used carefully

There’s no doubt about it–employee monitoring has become
more commonplace and has many legitimate uses. However, overly intrusive
practices can create the negative perception that Big Brother is watching. The
solution, therefore, is to balance your need for protection with your
employees’ desire for as much privacy as possible. A policy that embraces the
five components discussed above is a good place to start.

Robin Thomas, J.D., is Managing Editor for Personnel Policy
Service, Inc., 159 St. Matthews Avenue, Suite 5, Louisville, KY 40207, and can
be reached at editor@ppspublishers.com, or 1-800-437-3735. Personnel Policy
Service markets group legal benefit services and publishes HR information
products, including a free Internet/email communications policy that covers
electronic monitoring available at http://www.ppspublishers.com/dcinternet.htm
.