Employee-privacy rights. Compensation-based jealousy. Bitter co-workers. Electronic monitoring. Gender discrimination. Clash of the Gen X and Baby-Boomers, even? The continuing saga involving former news anchors Larry Mendte and Alycia Lane has all of the makings of an employment-law thriller. Continue reading
The lines of privacy in the workplace are blurred, at best. There are lots of questions about the limits placed on employers when it comes to monitoring their employees’ technology use. We do know that employers should notify employees if the company wants to reserve the right to monitor e-mails, voicemail, and internet access. In Delaware, this notice is mandatory. But it is not clear whether this notice can extend to web-based, personal e-mail accounts, like G-Mail or Yahoo!, when the accounts are accessed by employees during working time on a company-provided computer, accessing the internet through the company’s server. (See my previous post, Suit Raises Tough Questions About Privacy Rights of Former Employees for a case involving these facts; and if you’re still not sure, just ask the Mayor of Detroit, Is It Time to Update Your Electronic Communications Policy? If you’re the Mayor of Detroit, the answer is “Yes”).
And that is just the tip of the iceberg.
A recent decision from the Ninth Circuit Court of Appeals has added another layer of complexity. In Quon v. Arch Wireless Operating Company, the court found that the employer-defendant violated its employee’s rights by reading his text messages without his consent. The case was brought by a police officer, whose text messages were reviewed by his boss, who had obtained them from the internet service provider. The reason given by the officer’s supervisor was fairly innocuous–to determine whether the officer was using his city-issued pager for personal communications.
The important take-away from this case is consent, consent, consent. The court found that the officer had a reasonable expectation of privacy in the text messages. Had the employee consented to the employer’s search, the whole suit would have been avoided.
And how can you get an employee to consent, you ask? Easy. By having all employees read and sign a comprehensive electronic-monitoring policy at the time of hiring.
Already doing that? Great. Now get a Gen Y to read it. Have him or her tell you about all of the types of technology you’ve missed. Does your policy even cover text messages? Now’s the time to check.
Employer monitoring of employees’ e-mail and internet usage is on the minds of many. In order to monitor lawfully, employers must notify employees of their intent to monitor so that the employee does not have a legitimate expectation of privacy when sending e-mails and browsing the web at work.
Delaware employers must give such notice by law. But the N.Y. Times reports about a suit that raises a tougher question–a case in which a former employee alleging that his former employer read his private Yahoo! e-mails after the employee had been terminated.
This case, recently filed in federal district court in Connecticut, raises two fairly novel issues: (1) can employers lawfully read their employees’ personal e-mails if the e-mail accounts were accessed on company time on a company computer; and (2) assuming they can, are employers able to do so after an employee has left the company–in other words, how far will that notification protect employers?
Web-based email, like Yahoo! and G-Mail, are not controlled directly by the employer. But the employer does own the computer used to access the internet, which weighs in favor of the right to monitor personal accounts.
Perhaps the bigger question in this case is how the employer accessed the former employee’s account? They claim that he used a company computer without authorization after he was fired to send trade secrets and confidential information to his Yahoo e-mail account. The information, according to the company’s lawyer, included customer contact lists, terms of deals, brokers who’d sent business to the company, and personal employee data. All of which, says the company, would be in violation of his employment agreement.
It seems that there are multiple possible claims that could arise from these facts:
- Employee vs. Employer for breach of privacy;
- Employer vs. Employee for breach of contract (his employment agreement);
- Employer vs. Employee for trade secret violations
- Employer vs. Employee for violation of the Computer Fraud and Abuse Act, which has been used when employees wrongfully access their company’s computer network and cause harm as a result;
3 for the Employer and 1 for the Employee, according to my count. Of course, I could be missing some, so let me know if you think of others and I’ll include them in the tally.
We’ll keep you posted on what could be an important decision in the new legal territory of employees’ privacy rights.
Other Posts on Electronic Monitoring in the Workplace:
Employees’ privacy rights. They’re everywhere. Lately, they’ve been in the KYW-3 TV Newsroom. Two former Philadelphia co-anchors have put e-mail privacy in the spotlight. Larry Mendte, who is accused of reading and leaking Alycia Lane’s private e-mail account, was fired today. His termination comes in the middle of a federal investigation, which involved a raid of Mendte’s home and office and the removal of “computer equipment,” and follows just days after Lane filed her long-threatened suit against their shared former employer.
This scandal is a big deal in the Philadelphia local news. And perhaps that has something to do with the fact that Lane had lost her sugary-sweet charm after the third or fourth scandal. Or maybe it’s because Philly is known equally just as much for relentlessly jeering unpopular sports figures as it is for brotherly love. But maybe it’s because this is a story that so many people already know. They’ve lived it themselves.
Mendte is suspected of accessing Lane’s account “possibly hundreds of times” and then leaking the information to their boss, the news station, or the press.
So what happens to Mendte if it’s later found out that he did secretly sabotage his former partner at the news desk? Not much. Mendte isn’t a supervisor so, unless the station is found to have known about the snooping or somehow endorsing it, the station will not be held responsible for the acts of Mendte. Obviously, losing his long-time job, where he spent many years enjoying the favor of Philadelphians, is a big deal and probably one of the most severe consequences he could face.
And Lane could certainly sue Mendte, as well as the station. It’s unlikely that she will, though, given the low value of any possible recovery for privacy claims brought against an individual, as opposed to an employer.
But the real question is not who will be victorious in the media or in the courtroom. The real question is whether your organization faces similar risks to the potential espionage of trade secrets and confidential information or to a Jerks-at-Work campaign where a bully secretly accesses a target-coworkers’ emails with bad intentions.
What safeguards do you have in place to automatically monitor technology use of company computers?
What policies do you utilize to ensure employees’ data is protected with regular password changes and by communicating that an employee who shares her password with another may be subject to serious discipline?
What about the specifics of what an employee may and may not take from the workplace, which includes sending it out of the organization and into the world wide web? Have you expressly told employees about the consequences of such action? Do you know what the consequences are?
Take the Mendte-Lane debacle as a cue for you to review your policies, practices, and how those messages are communicated to employees.
Michael Klein and John Shiffman at the Philadelphia Inquirer, have more on this story.
Prior Related Posts:
Can I read my employees’ e-mails? Labor and employment attorneys get this question often. It’s not as common, though, that the possible cyber-sleuth is a co-worker rather than a member of management. Recent drama at the news desk of Philadelphia’s CBS 3 fits this unusual profile.
The First of the Fallen Anchors
Long-time CBS news anchor, Larry Mendte, is under federal investigation. He is suspected of reading the e-mails of former co-anchor, Alycia Lane. After Lane was involved in several scandals of her own, her employment contract was terminated after she allegedly assaulted a plain-clothes police officer in New York City, and using a homophobic slur. See my earlier post, Bad Boys, Bad Boys, Whatcha’ Gonna Do When They Work for You?, for more details on the Alycia Lane scandal.
The Cyber-Scandal Spreads
And now attention has been turned to Lane’s former colleague, Larry Mendte. Late last week, Mendte and CBS News learned that he was being being investigated for snooping through Lane’s e-mail. Reading others’ e-mails without permission or privilege is a federal crime. (Last week we discussed Delaware’s state law, which requires employers to provide written notice of their intent to monitor employees’ e-mails. See Employers’ Policies on Technology in the Workplace).
Mendte’s home computer was seized by the FBI as part of the probate. CBS 3 issued the following statement yesterday:
Late last week, CBS 3 became aware of an investigation by the U.S. Attorney’s Office regarding anchor Larry Mendte. CBS 3 is cooperating fully with that office in this matter. Mr. Mendte will not be on CBS 3’s broadcasts pending further investigation.
While the investigation is ongoing, Mendte has been dethroned. It doesn’t seem so positive. Mendte’s lawyer said yesterday, “We hope to work together with CBS 3 to reach a mutually agreeable resolution as to his status.”
That does not sound good.
Get Consent to Monitor Employees’ E-Mails or Risk a Mendte-Style Result
Let this be a word of warning to any employer who may be inclined to search their employees’ e-mails without complying with state and federal notice requirements. Cyber-sleuthing has serious consequences.
And if you learn that another employee has been snooping through a co-workers electronic data, including e-mails, act quickly and seriously. Take a page from CBS 3 and consider suspending the employee until your investigation is complete.
Employers know that e-mail between employees can be dangerous. Employers know that the Internet can all but eliminate the productivity of their employees. But what do employers know about Instant Messaging, weblogs, chat rooms, and wikis? And, more importantly, what are they doing about it? HR Hero’s survey gives some insight into the answers to these questions.
Survey Says . . .
HR Hero has released the results an interesting survey on policies (or lack thereof) for workplace technology. There is a link to the full survey below but here are some highlights:
Policies for Technology Use. Not surprisingly, most employers (89%) have policies both on employees’ internet and e-mail usage. What was surprising, to me anyway, is that there are still employers (5%) with essentially no policies on workplace technology.
E-mail Usage Policies. Only a fraction of respondents (3%), did not put any limits on employees’ use of the company’s e-mail systems. Nearly all (80%) have policies expressly prohibiting inappropriate e-mails. And more than half (61%) permit personal e-mail so long as it is not excessive. A surprisingly large number (34%), of employers do not permit employees to send any personal e-mails.
Internet Usage Policies. Like e-mail policies, nearly all employers (82%) prohibit employees from visiting websites. 28% of employers limit employees’ internet access to approved websites only. A small number of employers had either no internet usage policy at all (3%) or put no limitations on usage (3%).
Internet & E-Mail Monitoring Policies. Just over half (58%) of employers that responded monitor internet use but only if they suspect abuse. Almost the same amount (61%) did the same for e-mail. Less than one-fifth of respondents regularly monitor e-mail use (19%) but internet monitoring seems to be more common (27%).
Blogging. Most employers have not started to use blogs as part of their business activity. Of those who have (12%), approximately equal numbers are putting blogs to work as part of their marketing (4%), and public relations (3%), efforts. Others are blogging to communicate both internally within the company (3%), and externally with clients (1%).
The entire survey, Technology and HR 2008, can be seen at the HR Hero website.
Special Note for Delaware Employers
Delaware employers should be aware that state law mandates that notice be given before monitoring employees’ internet or e-mail usage. The law is specific in the way that notice must be given. Although there are alternatives, the most common way is with a written consent form signed by each employee.
Among Delaware employers and in the world of employment law nationally, there has been much talk about Web 2.0 and the power of social networking tools. Delaware businesses, like employers across the country, are worried about what is being said about them online. They should be.
Many of you already know about the impact weblogs and online social networks can have on a business. Of course, these impacts can be both good and bad. If it were all bad, I wouldn’t be blogging on our department’s firm-sponsored blog. Many businesses have begun to embrace these new mediums to reach a broader audience. They’ve turned to social networking to communicate with a broader audience in an effort to maximize exposure to their products, their message, or their brand.
Other businesses have felt first-hand the negative impact of Web 2.0 communications. For example, some companies felt massive financial reverberations because a popular blogger posted about his or her negative experience with the company’s product or services. The comments can spread uncontrollably on the web and employers are left without any real recourse.
Another common scenario involves blogging employees. With the explosion of the blogosphere, employees have taken to the web to share their personal stories of triumph and tragedy. Sometimes their stories include not-so-nice commentary about their workplace. The employer is put into a very difficult situation. If they terminate the blogger, they may be able to at least cut off the blogger’s supply of “material” that can be put online. But termination is not without risk. The terminated employee may respond with more hostile posts than ever before. And, as newly unemployed, the blogger has plenty of time on his hands to post, and post, and post.
So what to do? We counsel our employment-law clients to institute a blogging policy if they haven’t done so already. This is not to say that, as employment lawyers, we advocate for a flat-out ban on employee blogging. But, at the very least, there should be a policy in place providing that any employee whose blog posts include the company’s confidential information or trade secrets, will be subject to discipline, up to and including termination.
A different approach used by some employers could be described as the, “If you can’t beat ’em, join ’em policy.” Some companies may go so far as to hire a Chief Blogger In Residence. The CBR’s job is to post like crazy about the positive aspects of the company, its employees, or its products. The Chief Blogger also scans the web to monitor what others are saying and provide an appropriate response.
Given the cost, CBRs are not exactly commonplace., As an alternative, an employer can use online notification tools like Google Alerts, which will search the web for your company’s name. When new “hits” are discovered, you recieve an e-mail alert with a link to the site where the company’s name was found. Searching for yourself or your company is known as a “reputation search.”
There is now a new product designed to do conduct “professional” reputation searches. Trackur promotes itself as an “online reputation monitoring and brand tracking tool. It has been described as “Google Alerts on steroids,” according to the Trackur website. And what makes this pay-for-play, subscription-based tool better than the free Google one? Having not tried it myself, I’ll leave it up to you to decide.
The plans are not cheap. A monthly subscription to have just one search saved and run twice daily is $18 per month. Jump to 5 saved searches and you’re up to $88 per month. I have no experience with Trackur so I can’t say what value it actually has. But even if Trackur isn’t met with fabulous success, I’d be willing to wager that similar monitoring tools are not far behind. Any employer concerned with what its employees are saying about the company, and any business concerned with its online reputation would have good reason to consider an “online reputation-monitoring tool.”
***Prior posts on blogging include: Blogs In the Workplace and Somebody’s Watching You: New Data on Employers’ Electronic Monitoring