Email is the fastest and least expensive means of communication but also the one that creates a large threat to a business. Employers have legitimate concerns regarding employee use of email. Generally, email policies have been implemented such policies to protect against employee abuses such as:
- Employee “theft” of sensitive and confidential information.
- The employee lost productivity.
- The transfer of viruses from employee emails to company computer systems.
While the above policy considerations are important, businesses must be equally cognizant of the fact that email policies can protect businesses against liability in legal actions brought by employees and outside third parties. This article explores the issues with email usage as well as suggestions to prevent your business from becoming involved in similar situations.
Discrimination issues are frequent topics of litigation in which emails play a prominent role. In one case, an employee filed a sex discrimination case against her employer. The employer moved to preclude the employee from offering certain sexually offensive e-mail messages at trial. The court found that certain e-mail messages offered by the employee were admissible and could be used by the employee in her lawsuit. Similarly,
African American employees sued their employer after the racist e-mail was sent within the company’s internal e-mail system. Racist jokes sent over the employer’s system were permitted to be used as evidence in the employees’ discrimination suit.
Generally, in these instances, the emails were personal rather than business-related. In writing a policy you should completely prohibit personal e-mail on employer systems or provide for reasonable personal use within specified limits. At the very least, the policy should forbid the use of e-mail to transmit sexual, pornographic, racist, or other offensive materials in messages.
Expectation of Privacy Issues
Despite the fact that employees are using an employer’s email account and not their own personal accounts, the courts have found that an employee will have an “expectation of privacy” in their e-mails absent evidence or policy to the contrary.
In a federal court case, the employee was an independent insurance agent for the employer. He claimed he was wrongfully terminated and entitled to damages under federal law after the company searched its main file server and learned that the employee’s e-mail showed improper behavior such as criticizing the company and revealing company secrets to competitors. The particular law in question prohibits the intentional or willful interception, disclosure, or use of a person’s wire, oral or electronic communication, including the monitoring of employee phone calls, voice mails, and e-mails but only at the time, those communications are made. The Court ruled that while federal law prohibits interceptions, the employer did not intercept them at the time they were made and as such, the employer did not violate the law and the employee’s claims were dismissed.
While there was a timing issue in the above case which fortunately protected the employer. The federal law does provide absolute protection when one of the parties to the communication gives consent to the interception and/or monitoring. Pennsylvania has a similar law that more or less mirrors the federal law, except that the consent provision is stricter. Pennsylvania law requires the consent of all of the parties to communication before that communication can be intercepted and/or monitored.
Notwithstanding the above law, Pennsylvania courts have recognized some employer rights. In one action, an employee filed suit for invasion of privacy after he was fired for making inappropriate comments using the employer’s e-mail system. Although the employer assured the employee that all emails were confidential and would not be used as a reason to fire someone, the employer did review the employee’s emails a fired him based on their content. The employee argued that his termination was improper because it was based on an invasion of his privacy. The court ruled that there is no reasonable expectation of privacy where the employee transmitted e-mails to his supervisor using the company e-mail system regardless of any statements that the emails were confidential and would not be intercepted. The court also stated that even if there was a reasonable expectation of privacy, the employer’s interception did not overstep the line and the lawsuit was dismissed.
Practically speaking, a detailed comprehensive and clear e-mail policy is the best way for an employer to limit potential legal liability while protecting legitimate business interests in e-mail monitoring. An adequate e-mail usage policy must inform employees that all e-mail is subject to monitoring. The policy must be in writing and fully explained to all employees. Employees should sign these policies indicating that they understand and consent to all measures contained in the writing. The policy should also clearly explain that the company e-mail system is the property of the company and is intended for business purposes. It should state the company reserves the right to monitor the use of e-mail at its discretion in order to ensure against misuse. Finally, the policy should make clear that employees have no expectation of privacy in any matter contained in an e-mail sent or received, even if deleted, over the employer’s system.
Attorney-Client Privilege Issues
Most recently, the courts have decided cases dealing with emails sent by an employee to his or her attorney and whether attorney-client privilege is waived. Generally, with limited exceptions, any and all communications between a client and his or her lawyer is confidential and any information coming from these communications cannot be disclosed or used at trial by the opposing party. New York and New Jersey have recently dealt with these issues.
In New York, the employee filed a lawsuit against his employer. The employee sent emails to his attorney discussing the case but used the employer’s computer system to do so. The employee tried, unsuccessfully, to assert that the emails were confidential and could not be disclosed to the employer. The court found that because the employer had a policy limiting emails to business only, the attorney-client privilege was waived. The employer’s email policy even trumped the now nearly standard language found at the bottom of emails which sets forth that the email is confidential, intended for the addressee, and should be deleted if directed to the incorrect individual.
In New Jersey, the court addressed this same issue, but with a twist and arrived at an opposite conclusion. The employee used an employer-owned laptop computer but used a personal Yahoo email account to send emails to her lawyer. The court held that the communications were confidential and could not be used by the employer. The court concluded that the computer, although employer property, was nothing more than a file cabinet for personal communications. There was no basis for transforming private emails, especially between an attorney and a client, into an employer’s property.
These cases muddy the waters to an extent. While no court in Pennsylvania has decided a case with similar facts, the New York and New Jersey cases should put an employer on notice that despite a formal policy in place, it may not be able to intercept and access all email communications. Certainly, an employer may want to consider including a provision setting forth personal email accounts, such as “Hotmail” or “Gmail” used on a company system or computer are prohibited.
Overall, employers should review their current email policies to determine if the provisions are such that they will not be on a losing end of a lawsuit like the ones discussed. If employers do not have email policies in place, it is imperative that a policy be drafted, not only to protect against those legal issues but to also protect against general employee abuses.