Electronic
Mail Privacy in the Workplace: Issues & Policy
Introduction
With the usage of technology as a
standard for much of Americans continuing to rise, so do the issues
surrounding lacking policy to protect employee's from electronic
workplace surveillance. To date, there is not much out there in the
way of legislation to regulate how much privacy an employee is
entitled to regarding electronic mail in the workplace. In most cases
people have both an email for work and a separate personal account
and many have social networking pages which are also used to send
e-mail. The question is: if messages have been sent with a
company-owned computer, smart-phone, or on through the company
server, are they fair-game to be viewed by employer's?
Currently there are only a handful of
states that have adopted legislation to define how e-mail and
Internet communication privacy should handled in the workplace
(State).
In Delaware and Connecticut if an employer wishes to monitor Internet
activity of any of their employee's, they must give notice to do so.
However, Tennessee and Colorado require companies to develop a
standard procedure regarding monitoring and have the policy signed
off by the employee.
Delaware law states that an employer
cannot monitor or confiscate an employee electronically without first
giving a written warning to the employee regarding plans to do so.
The only exception to this rule is if the actions taken by the
employer are maintenance or system protection related, and if the
monitoring is court ordered (State).
Failure to comply with this law leaves the employer vulnerable a $100
fine per violation (State).
Connecticut is similar to Delaware in
that written notice is required to electronically monitor an
employee, however, if the employer believes an employee is
participating in illegal acts that could be proven with evidence
obtained by monitoring, than that is acceptable (State).
The penalty for violating this law begins with the first offense
resulting in a $500 fine, doubling for the second offense, and
finally tripling for the third offense (State).
Finally, Colorado and Tennessee both
require a written, public company policy. The law in both state
requires the policy to be clearly defined and issued to the employee.
The policy should define exactly to the extent that they are
vulnerable to monitoring. This policy should be made a public record
and could be “subject to public inspection” (State).
Federal Law: Electronic
Communications Privacy Act (ECPA)
The ECPA was put
into act in 1986 and is in great need of an update especially
considering the legislation was put into effect around the birth of
Internet. The ECPA includes: Wiretap Act, Stored Communications Act,
and Pen-Register Act. The idea behind the creation of the ECPA was to
protect citizens against law enforcement obtaining wiretaps and
eavesdropping unless the need to do so was legitimate (Epic).
ECPA was launched
in a time when if you had an email address and wanted to save an
email, you must download it to your hard drive because the email
provider only alloted a small amount of space for an account and
frequently deleted people's emails to free up their server (Sledge).
ECPA said that if an email was unopened and less than 180 days old,
than the authorities needed get a warrant to read it. But if the
e-mail is at least 6 months old or opened than all they needed was an
administrative subpoena, declaring its need for an investigation
(Sledge).
There have been
several court rulings in favor of fourth amendment rights in recent
years, suggesting that change is coming and the ECPA will be updated
to clearly require law enforcement to obtain a warrant to access your
email. But it is suggested that the best way to protect yourself is
to delete everything off the cloud as far as email's go and store it
to your hard drive to protect yourself further.
This
is the closest federal law in place that has guidelines on handling
electronic monitoring, but it only applies to law enforcement and is
need of updating. There have been several updates to the act proposed
to congress but there has yet to be anything agreed upon.
Conclusion
It is reasonable to assume that if the
laws are beginning to change for law enforcement and their rights to
your electronic mail, than workplace rights are coming too. In the
court of law, if law enforcement is required to obtain a warrant to
access your information in private emails than your workplace should
too.
Thus far, workplace privacy regarding
electronic mail, other than the few states that have defined
otherwise, is not illegal or a violation as long as they can argue
they had a valid reason to do so (Guerin).
As long as the company has a policy in place and has a record of the
employee receiving the policy, the company is free to monitor in any
way they have defined. In many cases, even if the company does not
have a policy pertaining to monitoring, they may still have the right
to do it, especially if it is e-mail sent on there devices and via
there email servers (Guerin).
The courts have recognized that this is
a growing issue that needs addressing and further agree that it would
be best to come up with a federal law rather than leave it the states
to enforce. If the states are left to handle protecting their
residents, than the laws would vary significantly and would be more
challenging to enforce. Especially with the increase in mobile
working situations: would it be the state they reside in or the state
the company is licensed through? One thing everyone seems to agree
with is that there is a problem that needs to be addressed regarding
electronic mail policy in the workplace, now they just need to agree
on something long enough to put it into action before it also becomes
obsolete. Until something changes, it is recommended that employees
keep a healthy separation between their work and personal life in
terms of Internet communications to protect themselves against the
blurry lines of privacy they are entitled to in the workplace
(Vaksdal).
Works Cited
Connors, Gene. "Hatchet Job or
Scalpel Stroke: Should Employers Block Employee Access to Personal
Email Accounts to Protect Company Network? - Forbes."
Information for the World's Business Leaders - Forbes.com.
Forbes.com LLC, 19 Apr. 2013. Web. 6 May 2013.
<http://www.forbes.com/sites/theemploymentbeat/2013/04/19/hatchet-job-or-scalpel-stroke-should-employers-block-employee-access-to-personal-email-accounts-to-protect-company-network/>.
"EPIC - Electronic Communications
Privacy Act (ECPA)." EPIC - Electronic Privacy Information
Center. N.p., n.d. Web. 11 May 2013.
<http://epic.org/privacy/ecpa/>.
Guerin, Lisa. "Email Monitoring:
Can Your Employer Read Your Messages? | Nolo.com." Lawyers,
Legal Forms, Law Books & Software, Free Legal Information -
Nolo.com. Nolo, n.d. Web. 6 May 2013.
<http://www.nolo.com/legal-encyclopedia/email-monitoring-can-employer-read-30088.html>.
Sledge, Matt. "ECPA Amendment
Passes, As Senate Judiciary Votes To Require Warrant For Email
Snooping." Breaking News and Opinion on The Huffington Post.
N.p., 29 Nov. 2012. Web. 11 May 2013.
<http://www.huffingtonpost.com/2012/11/29/ecpa-electronic-communications-privacy-act_n_2211889.html>.
"State Laws Related to Internet
Privacy." NCSL Home. National Conference of State
Legislatures, n.d. Web. 8 May 2013.
<http://www.ncsl.org/issues-research/telecom/state-laws-related-to-internet-privacy.aspx#employee>.
Vaksdal Smith, Diane, and Jacob Burg.
"What Are the Limits of Employee Privacy? | Solo, Small Firm and
General Practice Division." American Bar Association.
Version Volume 29, No 6. National Conference of State Legislatures,
n.d. Web. 8 May 2013.
<http://www.americanbar.org/publications/gp_solo/2012/november_december2012privacyandconfidentiality/what_are_limits_employee_privacy.html>.
No comments:
Post a Comment