You may have legitimate reasons for monitoring some of your employees’ communications at work, particularly emails generated on company servers. Creating a policy to monitor such activities requires a delicate balancing act to protect your company and gain access to the information you need, without violating employees’ legal privacy protections.
Reasons to Monitor Emails
Why would an employer need to monitor employees’ communications at work? Valid reasons for such oversight include:
To assess productivity. If an employee is missing deadlines or underperforming, you might want to evaluate how much time he or she is spending browsing the Internet and social media sites.
To detect leakage of intellectual property and other confidential information. Keeping proprietary company data from falling into the hands of competitors is a high priority. An employee bent on corporate espionage isn’t likely to deliberately disseminate secrets in emails. However, inadvertent leakage, or a lack of awareness of the sensitivity of certain company information, can be addressed with specific content-flagging technology.
To safeguard against reputational damage. Employees may disseminate false, potentially incriminating or defamatory information about your company.
To prevent legal claims. Monitoring systems may help catch emails or instant messages containing inappropriate messages. By flagging language in messages that’s associated with sexual harassment, bullying and hostile work environments, employers can identify and correct problematic behavior before legal claims are made.
Internet Red Flags
Monitoring employee activity on your network isn’t limited to their communications and productivity, nor is it all retrospective. Today’s software solutions can make it easy for you to monitor employees’ computer activity by generating reports of daily Internet activity and providing archives of the contents of draft emails that were never sent.
Monitoring software typically allows employers to designate words, phrases and websites that, when detected, identify potential problems and violations of company policies and procedures. Other solutions can be customized to block sensitive data from escaping, whether it’s transmitted via email or Web forms or saved on remote laptops. Activity reports can be customized to your specifications and sent to you automatically.
The legal standards for monitoring employee communications generally give employers the upper hand, particularly when company-owned computers are used. Most employees know that they can’t expect email messages on employer computers to be private. In fact, many computer systems require employees to acknowledge that monitoring may occur each time they sign in.
Employers are on the strongest legal ground when they warn employees, in writing, that their emails are subject to monitoring. If such warnings aren’t part of your computer systems, these warnings may be published in the employee handbook or sent via email, or be part of an employee training session in which the employee acknowledges and accepts the monitoring policy.
Before warning employees, employers need to outline valid business reasons for monitoring communications. If your policy sounds arbitrary and intrusive, it could adversely affect employee morale, causing more damage than whatever you might turn up with your policing efforts.
One category of employee communication that employers can’t monitor or interfere with is protected speech around potential union organizing efforts or discussions about terms and conditions of their employment. The National Labor Relations Board has declared that employees with access to email at work are presumed to have a right to use systems after working hours for communications protected by the National Labor Relations Act.
The laws are murkier, and can vary from state to state, when communications are made via employees’ personal email accounts that are accessed on company-owned computers. The details of the situation might dictate what’s permissible. One standard used by some courts is whether such an intrusion would be “highly offensive to a reasonable person.”
Room for Interpretation
Courts sometimes disagree on cases involving monitoring employee communications, despite similar fact patterns, due to state laws. For example, a court in one state faulted an employer for violating an employee’s privacy rights by reading a communication between the employee and his attorney. But, in a similar case in another state, the court dismissed the employee’s complaint.
The nature of what’s discovered by monitoring employee communications could play a role in a court’s decision. For example, a Georgia employer was cleared of a privacy violation charge when its review of an employee’s personal email account accessed via a company-owned computer revealed that the employee was running a private side business during working hours.
These gray areas demonstrate that it’s prudent to consult with your attorney and HR advisors when developing or revising sensitive personnel policies.