Workplace Privacy

With smart phones and the internet, employees have more ways than ever to communicate from work. Although these increased modes of communicating have brought many benefits to employers, they carry with them a host of legal issues.

As a general rule, employers have a legitimate interest in knowing how employees spend their days. For example, employers aren’t going to want employees surfing the internet for pornography from work or engaging in any number of inappropriate activities. As a result, employers are allowed (within limits) to monitor the communications of its employees and to take appropriate action in response to what’s discovered.

Why might an employer want to monitor employee communications? Perhaps it’s because an employer can be held liable for an employee’s harassment of another worker via the email system. Or, perhaps it’s to find out if employees are dishing out the company’s trade secrets? Or, perhaps it’s to make sure that employees don’t visit web sites that will subject the company’s network to malware and viruses. There are a whole host of reasons for employers to monitor the following:

Blogs.  Obviously a blog is intended to be read by the public. But, like the Microsoft employee who blogged about his employer purchasing Apple computers for use at work, your employees may not be saying the nicest things about their employer. Although this is a developing area of the law, the current trend seems to support the firing of an employee who engages in blogging that’s detrimental to the employer. Employers are generally given great latitude in terminating disloyal employees.

Voicemail.  Unless an employer has given the employee reason to believe that voicemails will remain private (for example, allowing an employee to password protect voicemail), an employer will generally have the right to monitor and access such information. And even with password protection, the employer may still have the right to access voicemails if there’s a compelling work-related reason. 

Email.  For the most part, courts have upheld an employer’s right to read employee email – especially if there’s a sound reason such as investigating harassment or the improper use of company intellectual property and trade secrets. As with voicemail, there may be a heightened expectation of privacy if the employee is allowed to password protect his or her email.

Internet.  Employers may not only monitor employee internet usage - they can also block access to certain sites and can even limit the time that can be spent online.

What can an employer do to protect itself if it chooses to monitor its employees as described above? First, it should inform employees that they will be monitored, even when communications are password protected, such that the employee has no legitimate expectation of privacy. Employees should be told that they can be disciplined or fired for using any form of work technology for non-business matters.

Second, it’s probably a wise move to have employees sign a consent form indicating that they understand the company’s monitoring policies. Alternatively, although not as good as a written consent, make sure that your policy contains language that an employee’s use of any communications system constitutes his or her consent to the company’s review and monitoring.

Finally, an employer should only monitor for good cause. Good cause could include keeping track of productivity or monitoring customer service. Good cause would not include reading emails to find out about your new hire’s romantic life. As with so many things in life, just exercise common sense.

Employee Protection.  Employers also need to know that there are certain protections afforded employees.  Under the Illinois Right to Privacy in the Workplace Act.  Among other things the act prohibits employers from:

• Requiring employees to disclose usernames and passwords for social media accounts.
• Requiring an employee to access his/her social media account in the employer’s presence.
• Requiring an employee to invite the employer to join the employee’s social media group (e.g. friend on Facebook).
• Requiring an employee to join an employer’s own social media group.

The Act does allow an employer to require an employee to share content from his/her social media account when required by law or when related to investigations of workplace misconduct or employee theft.  And, as discussed above, even though employers can monitor employee internet use, an employer can run afoul of the Act if information protected thereunder is discovered.  For this reason, employers should have a policy to handle such situations.

In addition, if an employer uses biometric identifiers (retina scan or finger prints) for timekeeping or for security purposes, a 2008 law requires the employer to have a written policy that discloses how long that information will be stored and describes how it and when it will be destroyed.  Further, an employer can only use biometrics with the written consent of its employees.