Technological Surveillance in the Workplace
During the past several years, there has been a growing trend among employers to monitor the actions and performance of their workers. Concerns about employee productivity, quality of work, employee theft or misuse of company property, unlawful drug use, and other factors potentially affecting employee productivity, combined with technological developments, have increasingly led employers to use new ways to monitor employee performance. A survey of 301 businesses by Macworld magazine published in its July 1993 issue found that about 22% of the businesses have searched employee computer files, voice mail, e-mail, or other networking communications. The percentage jumped to 30% for businesses with 1,000 or more employees. This paper discusses the legality under federal and Colorado law of various forms of technological surveillance of employees.
II. FEDERAL AND COLORADO "WIRETAP" STATUTES.
Although often referred to as "wiretap" statutes, federal and Colorado laws on this subject cover much more than tapping onto telephone lines, including eavesdropping on oral conversations and intercepting or accessing phone or electronic communications. Employers considering technological methods of monitoring employee communications should first carefully examine whether the contemplated actions would be lawful under these statutes. This is not a simple task, since both statutes are quite complex. One federal appellate court called the federal statute an "amorphous Congressional enactment" and stated, "Our search for lightning bolts of comprehension traverses a fog of inclusions and exclusions . . ."
The federal statute was enacted in 1968, amended in 1986 to cover electronic communications, and amended again in 1994 to protect cordless telephone communications. It has two chapters, one governing "interception" of communications (codified beginning at 18 U.S.C. Section 2510), and one governing access to electronically stored communications (codified beginning at 18 U.S.C. Section 2701). It provides both criminal penalties (fines and imprisonment) for violations and a private civil action to recover damages. A person whose communications are unlawfully intercepted may sue for injunctive relief, the greater of actual damages (including any profits made by the violator) or statutory damages of either $10,000 or $100 for each day of the violation, punitive damages, and attorney fees and costs. If the violation consists only of accessing an electronically stored electronic or wire communication, punitive damages are not available, and statutory damages are limited to $1,000. The Colorado statute (codified beginning at C.R.S. Section 18-9-301) provides only criminal penalties. These statutes will be explained in the context of looking at various types of covered communications.
Telephone conversations constitute "wire communications" under the federal statute, since they are "aural" (containing the human voice) and are transmitted over wire, cable, or similar facilities. With certain exceptions, it is unlawful to "intercept" wire communications. The term "intercept" is defined to mean the acquisition of the contents of the communication through the use of any "electronic, mechanical, or other device." It is also unlawful to use or disclose the contents of any wire communication which was unlawfully intercepted. The statute's definition of "electronic, mechanical, or other device" excludes telephone equipment furnished by the provider of the communication service (e.g., the phone company) or by the user for connection to the facilities of the service and used in the ordinary course of business. This is commonly referred to as the "business phone extension" exclusion. There have been numerous court decisions addressing this exception, some finding it applicable and others not.
Two decisions by the Tenth Circuit Court of Appeals, which is the federal court of appeals for Colorado and several other states, have found employer monitoring of phone calls lawful under the business extension exclusion.
In James v. Newspaper Agency Corp., 591 F.2d 579 (10th Cir. 1979), the employer had monitoring equipment installed by the Bell system, and it informed its employees in writing that phone calls in certain departments (particularly those dealing with the public) would be monitored, both for quality control purposes and as some protection for employees from abusive calls. The Tenth Circuit noted that the monitoring was not done surreptitiously, and the court affirmed the lower court's summary judgment ruling in favor of the employer, concluding that the business extension exclusion applied.
In Simmons v. Southwestern Bell Telephone Co., 611 F.2d 342 (10th Cir. 1979), the Tenth Circuit again affirmed summary judgment in favor of the employer. The Simmons case was similar to the James case, except that the employee specifically alleged that his private conversations were monitored, as well as business calls. The court noted that the monitoring was done both for quality control purposes and to prevent use of the monitored lines for personal calls, that a separate non-monitored phone line was provided for personal calls, and that the plaintiff had been warned in the past about excessive personal calls on the monitored lines. The court concluded that the monitoring activities were reasonable and in the ordinary course of business, qualifying for the exclusion.
The Tenth Circuit's decisions in James and Simmons do not indicate whether monitoring of personal calls continued even after it was apparent the calls were personal in nature, and other court cases have found this issue important. Indeed, in a 1974 decision that did not involve the employment context, the Tenth Circuit stated:
"We hold as a matter of law that a telephone extension used without authorization or consent to surreptitiously record a private telephone conversation is not used in the ordinary course of business."
United States v. Harpel, 493 F.2d 346 (10th Cir. 1974). Other courts have indicated that employers who wish to utilize the business extension exclusion may not monitor personal phone calls any longer than necessary to determine that the call is personal in nature, since to do so would not be in the "ordinary course of business" as is required for the exclusion to apply. Examples include:
Briggs v. American Air Filter Co., 630 F.2d 414 (5th Cir. 1980) (Employer lawfully monitored one employee's business conversation with a particular individual on a surreptitious basis, where employer had reason to believe employee was divulging trade secrets. The court commented that interception of non-business calls would be unlikely to qualify for the business extension exclusion, except possibly where the employer had difficulty controlling personal calls through warnings.)
Deal v. Spears, 980 F.2d 1153 (8th Cir. 1992) (Employer violated the statute by tape recording and listening to all calls, including personal calls, even though the employer's suspicions of theft were a valid reason to monitor calls to the extent necessary to determine their nature. A judgment for $40,000 was affirmed.)
Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983) (The court reversed summary judgment in favor of employer and remanded the case for trial. Because employees were told that personal calls would not be monitored except to the extent necessary to determine whether call is personal or business, a supervisor may have violated the law by listening to a conversation in which the employee discussed seeking a job elsewhere. The Court ruled that this was a personal conversation, rejecting the notion that "in the ordinary course of business" includes anything of interest to the employer. The court stated that the business extension exclusion does not apply to the interception of personal calls except to the extent necessary to guard against unauthorized use of the telephone or to determine whether a call is personal or business, and the supervisor was required to cease listening as soon as she determined the call was personal.)
Sanders v. Robert Bosch Corp., 38 F.3d 736 (4th Cir. 1994) (Employer violated the law by installing equipment on certain security telephone lines which recorded all telephone calls, purportedly to guard against bomb threats. Recording all calls in their entirety is a "drastic measure," and there was no business reason for employer's failure to notify its security guards of its actions if bomb threats were the purpose behind the monitoring.)
Aside from the requirement that the monitoring be "in the ordinary course of business" in order for the business extension exclusion to apply, that exclusion also requires that the monitoring equipment be telephone related equipment supplied by the service provider or user for connection to the phone system. Three recent cases have found the exclusion inapplicable on the basis that the monitoring was accomplished by means of equipment that was not normal phone equipment:
Sanders, supra (The court ruled that a reel to reel tape recorder that continuously recorded seven phone lines did not qualify for the exclusion, since it did not further the plant's communication system.)
Williams v. Poulos, 11 F.3d 271 (1st Cir. 1993) (A custom designed system of alligator clips and microphone wire that could be attached to any extension line, leading to recording devise in an unused bathroom, cannot be considered telephone equipment.)
Deal, supra (A recorder purchased at Radio Shack which connected to an extension phone line and automatically recorded all conversations was the device that intercepted the phone calls, not the extension phone, and the recorder did not qualify as telephone equipment for purposes of the exclusion.)
In contrast to the Deal decision, the Tenth Circuit has ruled that a recording device placed next to, or connected with, a telephone receiver is not the intercepting device, but is simply a means of preserving the conversation that is intercepted through the use of the telephone equipment. Harpel, supra.
Aside from the business extension exclusion, employer monitoring of its employees' telephone calls is also allowable under the federal statute if there is employee "consent." Court decisions make clear that consent need not be explicit consent to have a particular phone call monitored, but can also include acquiescence to a known system of monitoring calls. As is the case with the business extension exclusion, however, issues of consent are not always clear cut. Court cases include the following:
Griggs-Ryan v. Smith, 904 F.2d 112 (1st Cir. 1990) (This case did not involve the employment context, but the court ruled that where the plaintiff had been previously informed that all incoming calls were tape recorded and the plaintiff had no reason to believe that fewer than all calls or something less than all parts of all calls were recorded, the plaintiff in effect consented to the recording by taking the call and continuing the conversation.)
Watkins, supra (The court noted that the business extension exclusion can potentially apply without regard to consent, and that the consent exemption can potentially apply regardless of whether personal as well as business calls are monitored. The court ruled, however, that the company's announced policy of monitoring business calls (but not personal calls once they were determined to be personal) resulted in employee consent that was limited to the scope of the company's policy and did not include consent to monitoring of personal calls.)
Deal, supra (The employer's statement to employee that he might have to monitor calls if there were continued use of store's telephone for personal calls could not be the basis for employee consent, since no notice was given of actual monitoring.)
Williams, supra (In a case involving a battle for control of the corporation, the CEO's knowledge that some employee phone calls were monitored did not give rise to consent for his calls to be tape recorded, since the CEO was not informed of the manner of monitoring, nor that his calls might be monitored.)
While the federal wiretap statute is complex and convoluted, the Colorado statute is an example of poor draftsmanship which raises several unanswerable questions. Colorado lawmakers chose to copy much of the federal statute, including many of its definitions, but then proceeded to use different language to identify prohibited acts. Colorado law defines the terms "intercept," "wire communication," and" "electronic, mechanical, and other device" nearly the same as federal law, including the business extension exclusion in the definition of "electronic, mechanical, and other device." Under federal law, however, that exclusion works because it is unlawful to "intercept" a communication by an "electronic, mechanical, and other device," and a business extension used in the ordinary course of business is not such a device. Even though Colorado law includes all of these definitions, the section which states prohibited acts does not refer to "intercepting" a communication (or disclosing or using the contents of a communication which was unlawfully "intercepted"), but rather states that it is unlawful wiretapping if one:
"knowingly overhears, reads, takes, copies, or records a telephone, telegraph, or electronic communication without the consent of either a sender or a receiver thereof . . ."
Read literally, this language completely sidesteps the business extension exclusion that is found in the definition of "electronic, mechanical, or other device." Indeed, since it does not use the term "intercept," which is limited to acquiring the contents of a conversation through the use of "any electronic, mechanical, or other device," the Colorado law would technically consider it unlawful wiretapping if one were to stand outside an office door and listen to a phone conversation without the consent of one of the parties to the conversation. The fact that Colorado law includes the federal definitions certainly suggests that the legislature intended to incorporate the business extension exclusion into Colorado law, albeit unsuccessfully. Thankfully, no private right of action is given by the Colorado law. (An individual cannot use the statute as the basis for a private suit). Hopefully a district attorney would decline to commence a criminal prosecution of acts that would qualify for the federal business extension exclusion, or a court would rule the statute unconstitutionally vague, but employers should be aware of the risks that this poorly written law creates.
As quoted above, Colorado law excludes from its definition of wiretapping instances where the consent of either a sender or a receiver of the conversation is obtained. No Colorado cases have been found deciding whether consent may be implied from knowledge that phone conversations are monitored, but it seems likely that on this issue Colorado courts would reach a conclusion similar to that of the federal courts under federal law, as discussed above. The Colorado statute also has a separate exception which states that the statute does not prohibit any person from using wiretapping or eavesdropping devices on his own premises for security or business purposes if reasonable notice of the use of such devices is given to the public.
To summarize, federal and state wiretap statutes allow monitoring the number of phone calls, the duration of calls, or the numbers to which calls are placed because such monitoring does not acquire the content of the calls. Monitoring the content of calls should be lawful under the federal business extension exclusion provided: (1) the monitoring is for a reasonable business purpose; (2) personal calls are not monitored beyond the time necessary to determine that the calls are personal in nature; (3) the monitoring uses regular phone equipment (the Tenth Circuit appears to allow connection of a recording device to phone equipment), preferably supplied by the telephone company; and (4) the scope and manner of monitoring is not unreasonable (avoid tape recording of all calls if relying only on the business extension exclusion). Colorado law is unclear on the business extension exclusion, but strong arguments can be made that the legislature must have intended it to apply. Under both federal and Colorado wiretap statutes, monitoring the content of phone calls is also lawful if one party to the conversation consents to the monitoring. Federal law will find implied consent if employees know that their conversations are being monitored and the scope and manner of monitoring. Employers who wish to rely on the consent exclusion should notify their employees in writing of their monitoring practices, including which lines or employees are monitored, the manner in which the monitoring is done, and whether both personal and business calls are monitored. Obtaining a written acknowledgment that employees are aware of this practice or the employee's explicit consent to this practice should provide even greater protection.
Both federal and Colorado law also provide protection to "oral communications" that are not transmitted over phone lines. As with "wire communications," federal law prohibits only unlawful "interception" (or use or disclosure of contents of a communication that was unlawfully intercepted), and "interception" must involve the use of an "electronic, mechanical, or other device." Further, federal law defines protected "oral communications" as including only those "uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation." Consent is also a lawful basis for interception. Thus, if an employer wishes to eavesdrop on an oral conversation, under federal law it must do one or more of the following:
(a) avoid the use of any electronic, mechanical, or other device;
(b) only eavesdrop in situations where the conversants could not reasonably expect not to be overheard; or
(c) obtain the consent, express or implied, of one of the parties to the conversation.
Under Colorado law, the situation again is complicated by faulty drafting of the statute. The law includes the same federal definitions of "oral communication" and "intercept" (which requires use of a device), but the prohibition section states that any person not visibly present during a "conversation or discussion" commits unlawful eavesdropping if he knowingly overhears or records such conversation without the consent of one of the parties, or attempts to do so. By using the terms "conversation or discussion" instead of the defined term "oral communication," the prohibition section technically does not bring into play the issue of whether the parties speaking justifiably expected that their talk could not be overheard. One Colorado court decision, however, applied the definition of "oral communication" nonetheless and found that a person speaking in a motel room could not have had a justifiable expectation that the conversation would not be heard in an adjoining room, and therefore no unlawful eavesdropping occurred. People v. Hart, 787 P.2d 186 (Colo. App. 1989) The court did not specifically note the discrepancy between the definitional sections of the law and the prohibition sections of the law, other than to state that a "conversation or discussion" is synonymous with the term "oral communication." While this ruling in effect makes Colorado law closer to federal law, one clear difference remains: under federal law one could eavesdrop on any oral conversation as long as no device is used; under Colorado law, hidden (non-visible) eavesdropping without consent would appear to be unlawful if the parties had a reasonable expectation that they would not be overheard, even if no device is used.
Surveillance limited to video images, without sound acquisition, would not be subject to either the federal or Colorado wiretap statutes if the surveillance does not acquire the "contents" of any communications. The term "contents" is defined to include "any information concerning the substance, purport, or meaning" of a communication. If a hidden video camera observed two employees speaking and then exchanging cash for drugs, it might possibly be considered to have intercepted some of the "contents" of the communication, although an argument could be made that it only observed an act, and did not acquire the contents of what was spoken. An "interception" would definitely occur if the video images were actually used to acquire a communication through lipreading, or perhaps if it were feasible to do so. If video surveillance is found to have acquired the contents of communications, it would likely be unlawful unless there were implied "consent" by virtue of an announced policy of video surveillance in specified areas.
E-Mail and other electronic communications which do not include the human voice constitute "electronic communications" under the federal and Colorado wiretap statutes. The 1986 amendments to the federal law added a new chapter which prohibits, with certain exceptions, accessing wire or electronic communications that are in electronic storage. Because the exceptions under this chapter differ from those in the chapter which prohibits intercepting communications, and because the legal remedies for a violation are not as broad, some commentators have questioned whether accessing e-mail messages would constitute violations of both chapters. A very recent court decision, not in the employment context, addressed this issue. In Steve Jackson Games v. U.S. Secret Service, 36 F.3d 457 (5th Cir. 1994), the court noted that the definition of "electronic communication" does not include the content of such communications while in electronic storage. The court therefore ruled that the chapter prohibiting interception of electronic communications would only apply if the communication was acquired while it was in transit. If e-mail messages are accessed while stored electronically, that will not constitute an "interception" and the legality of that action will be determined only under the 1986 chapter of the law addressing access of electronically stored communications.
That chapter of the federal law contains a broad exception, which provides that accessing stored electronic communications is not unlawful if authorized by the person or entity providing the wire or electronic communications service. This exception should allow employers free access to e-mail messages stored on e-mail systems provided by the employer, although there may be some question as to the lawfulness of access to e-mail messages delivered to the workplace through an independent service such as Prodigy or Compuserve. A cautious employer will publish a policy informing employees that the company reserves the right to access and monitor all e-mail messages stored on its computer system, regardless of their origin or content, in order to be able to establish implied consent to such access on the part of employees. In addition, an employer who obtains the written acknowledgment or consent of its employees to such a practice should have even greater protection.
If for some reason an employer wishes not only to access stored e-mail messages, but also to intercept them while in transit, the interception chapter provides an exception for a provider of a wire or electronic communications service to intercept communications as necessary to the rendition of the service or the protection of the rights or property of the provider. If that exception is not broad enough to cover the desired scope of e-mail interception, the employer should take all necessary steps to publish its policy of intercepting messages while in transit and thereby obtain implied consent of employees. The business extension exclusion for voice communications over telephones, discussed above, presumably would not apply if the interception is not accomplished through use of "telephone equipment" used in the ordinary course of business.
Although Colorado law prohibits reading or copying an "electronic communication," that term is defined the same as by federal law to be the transfer of data by electronic or photooptical means, and does not include electronic storage of such communications. Since the Colorado statute has no counterpart to the federal chapter on accessing stored electronic communications, presumably Colorado law does not prohibit such access. Copying, reading, recording, or taking an electronic communication while it is in transit would constitute wiretapping, however, unless it is with the consent of one of the parties to the communication, or necessary for the providing of the service or to protect the provider against fraud.
In summary, it is safer for employers to access stored e-mail messages than to intercept them while in transit. Access to stored internal e-mail messages on a company's computer system should be lawful. For extra protection, or if interception of e-mail messages in transit is desired, employers should publish their policy of monitoring e-mail messages.
A voice mail message containing the human voice is a "wire communication," not an "electronic communication." Under the chapter of federal law governing access to electronically stored wire or electronic communications, the legality of accessing electronically stored voice mail messages would be the same as discussed above for e-mail. Unlike the definition of "electronic communication," however, the definition of "wire communication" includes such communications while in electronic storage. Therefore, the chapter of federal law that prohibits "intercepting" wire communications would also appear to apply to acquiring electronically stored voice mail messages, unless the business extension exclusion discussed above in the section concerning phone conversations applies. To avoid being held liable for an unlawful "interception," the cautious employer will publish a policy sufficient to satisfy the requirements for valid implied consent. Under the Colorado statute, voice mail messages would apparently be treated the same as live telephone calls.
Computer files that do not contain the human voice cannot be "wire communications." Since the definition of "electronic communication" is limited to "any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectric or photooptical system," computer files that are created and then stored on a computer would generally not constitute "electronic communications," since there is no "transfer" or "transmission." If that is the case, access to computer files is not restricted by either the federal or the Colorado wiretap statutes. To the extent that a computer file is a transferred communication, for example, a computer file attached to an e-mail message, the analysis above concerning access to or interception of e-mail messages would apply.
Computer tracking systems.
Computerized systems that track, for example, the number of keystrokes or errors by an employee, or the number and duration of customer service phone calls handled, would not be subject to the federal or Colorado wiretap statutes, since such systems do not acquire the content of any communications.
III. CONSTITUTIONAL AND COMMON LAW PRIVACY RIGHTS.
Constitutional rights to privacy.
While the United States Constitution contains no express privacy provision, decisions of the United States Supreme Court beginning with its opinion in Griswold v. Connecticut, 381 U.S. 479, 85 S.Ct. 1678 (1965), have recognized the existence of an implied right of privacy. Most of the protections for individual rights and liberties afforded by the United States Constitution only apply to actions of local, state, or federal governments, or a branch or arm of a local, state, or federal government. Acts of such a government or governmental branch or agency are referred to as "state action." Generally speaking, in the absence of "state action," a cause of action cannot be maintained for deprivation of rights under the U.S. or state constitutions. Private employers are generally not arms of a local, state, or federal government and their employment practices do not generally constitute "state action." Consequently private employers generally are not required to afford employees' protections granted exclusively under the U.S. and state constitutions (however, at least one state, California, has ruled that private employers must comply with the state constitution's protection of privacy rights).
In O'Connor v. Ortega, 107 S.Ct. 1492 (1987), the Supreme Court recognized that public employees may have a legitimate expectation of privacy at their place of employment and that they do not lose their fourth amendment rights against unreasonable searches and seizures merely because they work for the government. Ortega involved a university hospital physician's suit against the hospital and various individuals who conducted a search of his desk and file and cabinets while he was away from the office. While noting that a public employee could have a legitimate expectation of privacy, the Court held that in determining the appropriate standard for a search conducted by a public employer in areas in which an employee has a reasonable expectation of privacy, what is a reasonable search depends on the context within which the search takes place, and requires a balancing of the employee's legitimate expectation of privacy against the government's need for supervision, control, and the efficient operation of the work place. The Court reasoned that requiring an employer to obtain a warrant whenever the employer wishes to enter an employee's office, desk, or file cabinet for a work related purpose would seriously disrupt the routine conduct of business and would be unreasonable. Moreover, the Court noted that requiring a probable cause standard for searches of the type at issue there would impose intolerable burdens on public employers. Consequently, intrusions on the constitutionally protected privacy interests of government employees for non-investigatory, work related purposes, as well as for investigations of work related misconduct, should be judged by the standard of reasonableness under all the circumstances. Under this standard, the Court concluded, both the inception and the scope of the intrusion must be reasonable.
Cautious public employers wishing to monitor their employees should generally publish their policy on such monitoring. If employees know that their phone calls, e-mail messages, voice mail messages, and computer files are subject to monitoring, a court would be much less likely to find any reasonable expectation of privacy, without which there can be no violation of constitutional rights. Public employers should also try to keep monitoring activities within reasonable limits that are related to legitimate organizational needs and goals. This will also make it more difficult for an employee to prove a constitutional violation.
Common law invasion of privacy.
Aside from the Constitution, both public and private employers may be subject to liability under state judge-made law (i.e., the "common law"). While Colorado has not codified a "right to privacy" as such, the Colorado Courts have adopted the Restatement (2d) of Torts, Section 652 (1977), which sets forth four different forms of invasion of privacy, three of which are relevant in the employer surveillance/monitoring context. They are:
The unreasonable disclosure of personal facts.
This form of the tort of invasion of privacy envisions the circulation and unnecessary disclosure to the public of those matters that concern the private life of another, where the publicity is highly offensive to a reasonable person and is not of legitimate concern to the public. Under this form of the tort, it is irrelevant that the facts disclosed may be true. The tort is based on the personal nature of the facts disclosed by the wrongdoer.
The unreasonable intrusion into the private affairs of another.
An employer may be liable under this branch of the tort if he intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or on his private affairs or concerns if the intrusion would be highly offensive to a reasonable person. The tort is based on the psychological distress caused by the intrusion itself and it is not necessary that the wrongdoer (i.e., employer) learn anything embarrassing or private about the person harmed or that the employer wrongfully disclose that information.
Publicity that unreasonably places another person in a false light.
This form of the tort occurs when the employer instigates publicity that unreasonably places the employee in a false light before the public. Liability occurs if the false light in which the other was placed would be highly offensive to a reasonable person, and the employer had knowledge of or acted in reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed.
A cautious employer should follow the same recommendations given at the end of the discussion on constitutional privacy rights, above, to reduce potential exposure for violation of common law privacy rights.
The tort of outrageous conduct (also known as intentional infliction of emotional distress) has been recognized by the Colorado courts. Liability under this cause of action only arises where a plaintiff can show that the defendant's conduct was not merely wrongful or unjustified, but that it went beyond the bounds of human decency. The tort of negligent infliction of emotional distress, meanwhile, requires that the defendant's conduct cause the plaintiff physical manifestations or mental illness and that such conduct subjects the plaintiff to an unreasonable risk of bodily harm. Most forms of employer surveillance and monitoring would not subject employees to an unreasonable risk of bodily harm, but employers should take all precautions necessary to assure that such surveillance/monitoring is performed safely. Moreover, employers should be aware that certain employees, because of their physiological or psychological make-up may be more susceptible to physical and emotional injury from routine surveillance than others. The recommendations given above for protecting against invasion of privacy claims should reduce the risk of liability for outrageous conduct.
IV. OTHER RESTRICTIONS ON MONITORING.
Federal law prohibits employer surveillance of union activity. Employers conducting monitoring activities must not only not target such activity, but should cease any monitoring that detects union activity. An Associated Press news article dated June 19, 1995, reported that Kmart Corp. had reached a settlement with the Teamsters over the union's complaint that the company had spied on union activities. Kmart reportedly agreed to instruct outside agencies that it uses to investigate employee theft or drug use not to observe union activities, and also agreed to post notices that the company would not observe union activities. Where employees are represented by unions, employers wishing to implement new monitoring practices should first consult legal counsel to explore whether the employer may first have a duty to bargain with the union over the proposed monitoring.
Monitoring may also uncover communications among employees expressing dissatisfaction with terms or conditions of employment and discussing possible means of seeking redress. Federal law prohibits retaliation against employees for concerted activity relating to employment, even in a non-union context. Other federal statutes prohibit retaliation for employee actions in opposition to discriminatory practices, unsafe working conditions, and violations of wage/hour laws. Employers who are considering taking action against employees based on information uncovered through monitoring should evaluate whether any state or federal law might prohibit the contemplated action.
Employers conducting monitoring activities should consider appropriate steps to control the dissemination of information learned through such monitoring. As discussed in part III above, certain claims of invasion of privacy can be brought for publication of private information about an individual, even if the information is true. Unnecessary disclosure of information could also give rise to a claim of outrageous conduct. The Americans with Disabilities Act includes provisions governing the confidentiality of medical records and information.
Technological monitoring of employees in the workplace presents both practical and legal issues. On the practical side, employers should consider exactly what they need or expect to gain through monitoring, and what alternatives may exist. Many commentators and organizations claim that employee monitoring may be counterproductive by resulting in lower morale, increased job stress, and perhaps even lower production. "Horror stories" on this subject include testimony before the Senate concerning an express-mail company employee whose computer logged the length and frequency of her trips to the restroom, and who was reprimanded for using the restroom four times in one day. A bill titled "Privacy for Consumers and Workers Act" was considered by Congress in 1993 and 1994, but not passed. The bill was drafted by the American Civil Liberties Union and would have required employers to inform employees as to when and how they are monitored, as well as prohibiting monitoring in certain areas such as restrooms and changing rooms. In a July 3, 1995 article in the San Diego Union-Tribune, an ACLU representative indicated that the prospects for reintroduction of the bill look "very bleak" for the near future. Nevertheless, employers should be aware of the possibility of future legislative action and the negative fallout that can result from employee monitoring.
Employers should consider the expense of litigation, even if it appears likely that no specific law has been violated. The July 1993 issue of Macworld reported on two lawsuits filed in California over employer acquisition of e-mail messages, both of which were dismissed by the trial courts, and both of which were then appealed (a search has not found a reported appellate decision in either case). Another action is pending in federal court in New York by an individual whose voice mail messages to his lover were accessed and then played back for his wife. An article in the January 1995 issue of Security Management reported that a West Virginia jury awarded three employees $75,000 in a case involving video surveillance in locker rooms, commenced after the employer heard rumors of illegal drug transactions. The court in that case also issued a permanent injunction against video monitoring in locker rooms, showers, bathrooms, and other areas where there is a high expectation of privacy. The lesson is fairly simple: the further an employer goes in monitoring employees or in disclosing information obtained through monitoring, the more likely it is that a lawsuit will be filed.
An employer who chooses to proceed with some form of employee monitoring as discussed in this paper should consider the following points:
1. Identify the business purpose for the monitoring, and confine the extent and manner of monitoring to what is reasonable to accomplish that purpose.
2. Avoid recording all communications or otherwise monitoring personal communications, unless there is a strong reason to do so and unless employee consent is first obtained.
3. Unless covert monitoring is both necessary and lawful, inform employees in writing of the company's policy concerning monitoring, specifically identifying what types of communications may be monitored (phone calls, voice mail, e-mail, computer files, etc.), which job positions or other categories of employees are subject to monitoring, what means are used for the monitoring (live monitoring of calls, tape recording, random review of e-mail, etc.), and whether monitoring may include personal as well as business communications. Consider obtaining from each employee a signed acknowledgment that the employee is aware of the company's policy. Also consider obtaining from each employee a signed consent to monitor the phone calls, E-mail, voicemail, etc.
4. Consider adopting and publishing a policy that monitored phone lines and company voice mail, e-mail, and computer equipment are to be used only for business purposes. Inform employees that they should not expect privacy with respect to communications over these systems.
5. Inform employees that any employee passwords for company systems do not guarantee privacy and may be overridden by the company. Consider requiring employees to notify a designated administrator of their passwords to facilitate any necessary company access to these systems.
6. If continuous monitoring or tape recording of customer service phone lines is necessary for quality assurance or other compliance purposes, consider a recorded message announcing to outside parties that calls are monitored.
7. Carefully control the dissemination of information obtained through monitoring.
These suggestions and attention to the other points in this paper should reduce the risk of litigation and legal liability for employers who choose to utilize technological monitoring techniques in the workplace.