Yet, when the employer Imposes rules or monitoring, employees resist, or sue, over invasion of personal use of “their” computer. Further, e-discovery and public record requests are eroding the concept of personal use in favor of the “right to know. This is not an article on discovery. Electronic discovery is a huge and growing issue. E-discovery deserves mention, though, because it is a driving force In changing employers’ computer policies and practices. It used to be privacy cases and harassment claims which were the Impetus In workplace computer practices.
Now, electronic discovery concerns are becoming the driving force. Employers lose cases and are sanctioned by the courts because they did not preserve email. A sanction of $175,000 was imposed for deleting emails after the company should have been on notice of a potential claim (legal counsel, HRS and IT failed to effectively communicate). Kabul v. UBS warbler LLC, 217 FRR 309 (S. D. NY, 2003). The defendant may have to bear the full cost of retrieval and restoration of improperly deleted electronic records. [$236,000 In BOB GREGG is a partner with Birdman & Clark ALP, Madison, Wisconsin.
He has over 30 years of experience in the area of employment relations and has conducted over 2,000 seminars on employment law. Bob litigates employment cases. His main emphasis Is to help employers Identify and resolve problems before they turn Into lawsuits. Copyright 2009 by Robert E. Gregg. All rights reserved. Rowe Entertainment v. William Morns Agency, 205 FRR 421 (S. D. NY, 20021; over $1 million in Medication sofas or Danker. Michelson, 229 F. R. D. 550; 2003 U. S. Didst. Lexes 14447 (W. D. Teen. , 2003). ] Absence of computer records creates the appearance that one Is trying to did the truth.
It can create the presumption that any unpronounced record should be viewed as an admission of fault. This created a $2. 1 million verdict against the employer in Arrant v. First unto sank, 613 s. E. Ad 274 (N. C. CT. APP. , 2005). Archiving overkill? The general rule is that records should be preserved once there is reason to know of or “anticipate” a claim might ensue. Some organizations are now taking extra precautions and archiving all emails for the full statute of limitations period for any possible sort of claim. This can be six years, or more In some states.
Say nothing-? liability defense attorneys, advised that there should be no emails, text messages or e]urinal/planner notes made during or immediately following an emergency event. The warning was that all of this is discoverable. In the height of the moment, those involved may tend to put down first impressions and unfounded opinions which later turn out to be inaccurate. However, once in the system, they become “evidence” and possible admissions. The advice was that there should be only official communication on the systems and that reviewed by a coordinator in advance; no personal messages r notes. Emergency Response Team Coordination, For the Defense Journal, Defense Research Institute, July 2006. ) This advice seems almost impossible to follow in today’s electronic environment, where everyone has computer access and most communication is electronic. Routine communications between field and central office is usually by email or electronic testing and a “clearance” process would slow this down in an emergency situation. The article does illustrate the issue of electronic discovery.
Plaintiff attorneys now acquire reams of “informal” testing and emails and mob through them for anything which might support a case, no matter how “off the cuff’ the message may have been. Once in the email “record,” the comment has a life, far more significant than oral stray remarks. So, defense attorneys are now advising a process which protects against that problem, but might also impair the effectiveness of responders. EMPLOYEE USE OR ABUSE Use Whose system is it anyway;ay? The computers were purchased using the employer’s budget. 2 They are labeled as “property of” the company or public agency. UT The computer sits on the desk of an individual, who has a personal email address. The Constitution, U. S. Electronic Communications Privacy Act, and other state and local laws can provide expectations of privacy and restrictions on “invading” the employees’ usage. And In the public sector, the public owns the system. All government property and systems are for the people and ultimately belong to the people. The public has rights to know what is going on in the government system, with their tax dollars. Anyone can make a “public records request. ” Public Records/Freedom of Information Requests Private romance or public scandal?
In the case of In re Petition of the Bad. Of Commissions of Arapaho County 95 P. Ad 593, 2003 Cool. App. Lexis 1151 (Cool. Ct. App. , 2004), the lower court ruled that 101 romantic and sexually explicit email messages between a county clerk and his girlfriend can be released to the public. They were sent or received on the county’s computer system during the course of the work week. Therefore, the messages can be “public records” subject to public information requests and public disclosure. [This case was later reversed on appeal and remanded to classify some of the emails as “private. Denver Publishing v. Bad. Of County of Arapaho, 121 P. Ad (90 Cool. S. C. , 2005). ] Busted by your Blackberry? In Consumer Federation of America v. Dept. Of Agriculture, 2006 U. S. App. Lexis 16446 (D. C. , 2006), the court ordered all contents of several FDA officials’ electronic calendars released pursuant to a Freedom Of Information request, even though the calendars contained personal and family information, as well as work appointments. Industry lobbyists resulting in “watering down” regulations on Listserv (a dangerous food toxin). The staff calendars might show those meetings.
The court ruled the calendars to be public records, including all personal contents. Bach v. City of Reno, 932 F. Sup. 1232 (D. Never. , 1996) involved city employees pocket pager messages which were then retrieved and stored in the computer system records. This was under the Fourth Amendment (search and seizure rules), not a public records case, but it shows how all phone messages, pagers and other “personal” devices can get incorporated into the “public record” and became fair game for discovery or disclosure. The Consumer Federation of America v. Dept. F Agriculture case was under the Federal OFF Act, which does not generally apply to state and local government. Each state’s public records 3 laws differ. For instance, the Florida courts give more protection to employee personal usage. In State of Florida Times Publishing Co. V. City of Clearwater, 863 So. Ad. 149; 2003 Flam. Lexis 1534 (Flam. , 2003), a newspaper requested all personal emails sent or received by two employees for a 12-month period. Using the Florida statutory definition of Public Record, the court held these were not “public records … Made or received in connection with public business. The court rejected the argument that anything placed or stored in a publicly-funded system is a “record. The court also found that the city employment policy on rights to access employee computers still did not convert personal messages into “in connection with public business … Records. ” A similar decision was made in Grief’s v. Final County, 2 CA-C.V.-2006-052 (Az. Ct. App. , 2006). [For more discussion, and how Wisconsin might address this issue, request the article Is Your Email System Waiting to Become The Next Government Scandal by Bob Gregg at [email protected] Com. So, be careful in mixing your personal life with your office calendar and email. The public may discover your favorite liquor store, restaurants, children’s soccer schedules, proctologist appointments, and your bookie’s number. The divorce attorneys may find out who is meeting whom on all those “honey, I had to work late” occasions and the email details. ABUSE-?PRIVACY, PIRACY & PANDERING Laws. A number of federal and a growing number of state laws cover employers obligations in privacy and confidentiality. They obligate employers to keep some information secure, and monitor for illegal use.
Yet other laws restrict employers rights to investigate workers use of the system. Among the federal laws are: U. S. Constitution: First Amendment. Rights of expression, public employees may have protection to express themselves on matters of public concern, on the employer’s system. Fourth Amendment. Public employees have more protection than those in the private sector from “unreasonable search and seizure,” including use and contents of the electronic system. Omnibus Crime Control Act/Electronic Communications Privacy Act, Electronic Communications Storage Act, 18 U.
S. Code 52510 et see. (52701 tsetse. ) prohibits the unauthorized interception and disclosure of wire, electronics or oral communications through the use of electronic, mechanical, or other devices. The federal act gives both civil and criminal penalties for violations. The Act does give employers the right to access email and biochemical in the employer’s system, but not a system provided by an stored in an electronic communications service (I. E. , yahoo. Com, etc. ) and obtaining, altering or blocking access to the information while it is in 4 storage.
The employee must consent (actual or implied) to access of their Internet usage. Health Insurance Portability Accountability Act, 42 U. S. C. 263, Patient Health Care, and Health Insurance Privacy and Confidentiality. HIPPO protects the privacy of medical information. Requires an information management process to assure privacy and prevent improper use. The law provides for civil penalties of $25,000 per year, per violation and criminal liability. [The DAD and FEM. also require “segregation and security’ of employees’ medical information. ] Family Educational Privacy Act, 20 U. S. Code SSL 232.
Confidentiality of records of participants in educational programs receiving government funds (can include Job training programs conducted in the work place), and a variety of state, county, and municipal educational activities not connected to schools. National Labor Relations Act, 29 U. S. Code 51 51 et. see. (and many state labor laws). Protects employees concerted activities. Under the ANAL the electronic systems and email are treated the same as verbal discussions and hallway bulletin boards for purposes of distribution and postings of “concerted discussions” and union literature.
The employer may commit an unfair labor practice in curtailing this protected speech. Digital Millennium Copyright Act. 17 U. S. Code 5512 limits service providers liability for copyright infringement by users. Includes electronic information under the copyright protection. Communication Decency Act, 47 U. S. Code 5230 insulates the Internet service provider from liability for messages sent on its system. Computer Fraud and Abuse Act, 18 U. S. Code 51030 prohibits a range of acts, including destruction of records, identity theft, unauthorized entry of systems, altering records, etc.
Transmission of Wagering Information, 18 U. S. Code 51084 prohibits use of wire communications for betting. Other causes of action exist under state laws or tort action for invasion of privacy, defamation, theft of trade secrets, and negligent supervision (I. E. , Wise. Stats. 968. 31 , Interception and Disclosure of Wire, Electronic or Oral Communications). Harassment/Office Gossip/Discrimination Most office gossip is now conducted via email. In states or situations in which Workers Compensation preclusion does not nix tort actions, this can lead to defamation and privacy cases. For more information, request the article Office Gossip by Bob Gregg at [email protected] Com. ] 5 Office gossip can result in EYE harassment cases which are not precluded by Worker’s Compensation. The gossip far too often focuses on sexuality, sexual orientation, race, religious morality (or lack thereof), and rumors of diseases or psychiatric conditions that other people are alleged to have. These create “hostile environment” cases under Title VI’, the DAD and state equal rights laws. Strauss v. Microsoft, 814 F. Sup. 1186 (SYDNEY, 1993) [e-mails about the “spandex queen”].
The loose email comments of supervisors often become evidence in discrimination cases. Satsuma v. McLeod USA Telecoms serve. , Inc. , 317 F. Sup. Ad, 334 (D. Utah, 2004) or 154 Fed. APPC. 715; 2005 U. S. APP. Lexis 25567 (10th Cirri. , 2005). Pornography on The Office Computer Most harassment and computer use policies prohibit viewing splicing or discharging the employee who violates. United States v. Simons, 206 F. Ad 392 (4th Cirri. , 2000) [government worker fired after employer intercepted pornography on the office computer]. Duty to report illegal use to police?
Third-party action/negligent supervision. In Doe v. EX. Corp.. 382 N. J. Super. 122 (N. J. S. Ct. , 2005), the court found liability because the employer disciplined when it found child pornography on the office computer, but did not report the matter to the police. In the following months, that individual sexually abused his teenage stepdaughter. The departure later sued the employer. The court ruled that a prompt report of illegal child pornography by the employer to the police would have resulted in an arrest, and either prevented or shortened the abuse of the stepdaughter.
Therefore, the employer was liable for the harm she suffered. Breach of Confidentiality-?lunation of Privacy The public can get almost everything about government employees in a records request. However, the government employee cannot reveal many things about others without fear of being sued. Governments have sensitive records of both employees and the public. In the private sector, federal and many state laws protect confidentiality of information. These include: DAD, FEM., HAIFA and the Immigration Reform and Control Act.
Employees who improperly access and reveal this information subject the employer and themselves to liability. Personal use. Even though one may have Job-related access to records, it is not an employee’s personal right to access, use or reveal that same information for non-Job related reasons. 6 Curious George gets fired! An employee accessed the confidential, personal salary and investment account information of co-workers in the company computer system. She was fired, and then filed a race and age discrimination case.
The plaintiff admitted that she looked into other employees’ records because it is “my nature to be curious. ” The court dismissed the case, finding that the company had a legitimate reason to fire the employee. Albany v. J. P. Morgan Chase U. S. Didst. Lexis 5363 (S. D. , NY, 2005). Demand a raise-?get fired. A male manager demanded a raise. He believed that women were favored, and presented evidence that his pay was discriminatory low. The evidence he produced was records of the salaries and fringe benefits of male employees. Rather than getting a raise, the manager was fired for violating confidentiality rules.
The court ruled that using confidential information for personal purposes was a serious violation that warranted discharge, regardless of the manager’s underlying concern about discrimination. Copper-Riviera v. Fogbound 414 F. Ad 124 (1st Cirri. , 2005). A Confidentiality Policy Can Provide A Defense Not all on-the- job activity is Job related; employee was outside scope of employment. An employer was successful in getting dismissed from a privacy case by showing that, though the invasion of privacy occurred on the Job, it was not Job related.
A health care lab technician accessed the medical records of her husband’s ex-wife and then disclosed the information about the ex to her husband. This resulted in suit of the lab technician personally, and her employer for breaching the laws requiring privacy of medical information, negligent supervision, and failure to maintain proper standards employment for a purely personal purpose. The technician’s actions had no benefit to the employer; the technician had no intent of “serving” the employer when she accessed the records. Thus, the employer could not be held liable.
Cornered, et al. V. Advanced Healthcare, S. C. , 286 WTLS. Ad 499; 704 N. W. Ad 597 (Wise. CT. APP. Didst. 1, 2005). Records policy. An important consideration in this case was the company’s policy on confidentiality of patient records. The policy expressly forbade looking at records of family members or others out of curiosity or for any other non-Job-related reason. The policy was signed by all employees, including the medical tech. This illustrates the growing importance of having some “key’ policies signed individually, with a copy in the personnel record.
Theft/Criminal Activity Employees use the work computer for profit, often by taking business information or trade secrets. Computer crime is a growth industry. The Computer Fraud and Abuse Act and a variety of state laws protect information from theft, misuses, or piracy. 7 Identify theft. Personal information from other employees, clients or public records. * System security is crucial. * Most identify theft from the workplace is still by paper rather than by computer. (Watch your trash. ) Taking home the e-files. People work at home. The laptop is always with them, with all the work data, and with access to the yester.
In 2006, the U. S. Veterans Administration reported theft of two laptops containing personal information of millions of vets. Both laptops were being used at home. Aquifer, whose ad is “protect yourself against identity theft” had to give notice in 2006 of a computer laptop stolen during a business trip. It contained names, social security numbers and other personal identity information on 2,500 employees (52% of the entire workforce). Children of employees use the same laptops, for computer games. Savvy teens can tap into the other information on the computer. They may share it with others. It’s fun!
Personal information rules. In the private sector, the Federal Trade Commission has rules on destruction of sensitive employment data. The rules cover employers of one or more employees. All personal data (including phone number, address, Social Security number) must be properly destroyed when the personnel files are purged. Penalties are $2,500 per violation and a former employee may also bring a private suit. (One wonders how this fits with the increasing duty to archive records for the foreseeable statute of limitations years and years. ) Taking and/or destroying company business information.
An employer may u an employee who intentionally deletes company data from a computer. In this case, the employee’s Job was to go out and identify real estate that the employer might want to acquire. Then, when the employee decided to quit and go to work for himself, he returned the company computer, but first loaded an erasure program onto the computer to delete all of the information he had collected. The court decided that the employer could sue the employee under the federal Computer Fraud and Abuse Act. International Airport Centers, LLC v. Citric 440 F. Ad 418 (7th Cirri. , 2006). Proprietary information” restrictions abound. Copyright, patent, finance, trade secrets, and other laws protect much of the information on both the Internet and not be aware of all the implications of their usage. They may download, use and disseminate protected software. They may violate privacy, finance, health, and “dumpster diving” laws by printing out, using and disseminating confidential information without the proper clearances. The companies or individuals whose rights have been violated, whose “property’ has been pirated, do not like this, so they often sue for damages.
Again, both 8 the individual abuser and the employer who controlled the system may be drawn onto the litigation. The usage policy should inform employees that receiving, downloading, sending or uploading of proprietary information, trade secrets, and confidential information is prohibited without prior management authorization. The policy should mention that they may be personally liable for violation of the various laws protecting this information, and that the employer can also hold them responsible for any damages and legal fees it expends if their improper activities involve the employer in legal or administrative actions.
Gambling Some employees, or groups of employees, spend paid time betting over the Internet. Anyone who uses a wire communication or “assists” in betting using the wires may be fined or imprisoned. Each bet is a prosecutable offense. The law also can hold the “facility owners” responsible for allowing the betting. Is the Internet a “wire connection? ” It is if it uses phone lines. Many state laws prohibit gambling except in licensed premises (I. E. , Wise. Stats. 5945, et see. ). The penalties are much the same as under the federal law.
Negligent Supervision Employers who know, or reasonably should have known, of illegal activities conducted on their systems, and did not curtail them, may be liable to anyone who is harmed. The employer has the following duties: * Duty to have policies * Duty to monitor * Duty to train supervisors * Duty to report illegal activity to the police Union and Other Concerted Activities The National Labor Relations Act and state labor laws protect employees’ rights to engage in “concerted activity. ” This can include email and electronic postings of union related activity or about common concerns over wages, hours and conditions of employment.
If you allow use for co-workers personal communications on any non work issues, their union related or union organized email may not be prohibited and monitoring must e very careful so as 9 not to be an Unfair Labor Practice or a retaliation claim. In re El Du Pont De Numerous Co. , 311 NELL 88 (1993). The email system is the same as the bulletin boards for postings, but employers can have a bit more control because the electronic system is not a “limited space” such as a break room bulletin board. OTHER ISSUES AND TRENDS Developing Technology Global positioning and privacy (be careful where you call or e-mail from).
Technology now allows employers to track the location of vehicles and employer-provided cell phones and laptops at all times. The boss can tell whether you are at a work site or taking that little personal trip across town. Your claim that you were seeing clients is belied by the record that your vehicle, laptop, and phone were in the vicinity of the horse track all afternoon. That’s not all. The locator records are being subpoenaed in divorce cases for evidence of extramarital that people carry their phones and laptops in their personal vehicles off the Job, and the tracking devices record their evening and weekend whereabouts as well. We can tell who went to the Republican or Democratic fundraiser, the treatment center, or he red light district. ) The Bush Administration, under the U. S. Patriot Act, was pushing for installation of tracking devices in newly manufactured vehicles. This would allow recording of conversations if the government wishes to activate the “listening option. ” [See the case of In re Application of the United States 349 F. Ad, 1132 (9th Cirri. , 2003). ] This effort has been put on hold under the subsequent administration, but is still technologically possible.
Employees may file invasion of privacy cases against employers who track their location without the employee’s knowledge. So, employers should give notice and have a written acknowledgment by the employee who is being tracked. Implants. In 2005, the security firm Cowcatcher. Com became the first company to implant identity chips in employees. The microchips are injected under the skin in the arm and serve as an ID card and key which are read by the company’s security system for access to areas of the premises. Overprice Corp.. As federal approval to market these chips and has now implanted several thousand into employees in various companies. This cutting edge technology makes one wonder how terminations will be handled. [Will the company ruse be present with a scalpel or will this task be delegated to an HRS assistant? ] On June 1, 2006, Wisconsin became the first state to prohibit the involuntary implanting of microchips, with a $10,000 a day fine. Laptop while driving. It’s not Just the cell phone. A surprising number of traffic accidents involve laptop use.
A plaintiffs attorney can get the usage records. If they show work-related 10 use at the time of the accident, then the employer may become a party in the suit. Policies should prohibit unsafe use of the laptops as well as cell phones. Off Duty – Personal Computers and Websites Legal use. Generally, an employer cannot discipline for off-the-Job legal personal use. However, the more identifiable the employee is and the more impact it has on their work role, especially as a public employee, the more there may be a “compelling interest” for employer action.
Sheriffs deputies have no right to be off-duty porn stars. Two deputies were fired when they were seen engaging in off-duty sex acts on a “private” pay-per-view Internet porn site run by the wife of another deputy (who resigned before he was fired). The court upheld the Department’s off-duty conduct rule because their induct “undermined the publics confidence in police operations. ” This compelling interest overcame any constitutional off-duty privacy or free expression interest of the officers. Theater and Moran v. Palm Beach County Sheriffs Office 449 F. D 1342 (1 lath Cirri. , 2006). In San Diego v. Roe, 543 U. S. 77 (2004), the supreme court upheld discharge of a police officer’s off-duty porn activity finding that the off-duty expression was not a protected activity which raised a “matter of public concern. ” Police officers or key officials overt off duty racist behavior or websites may be grounds for discharge. The First Amendment does not require a government employer to sit idly by while its employees insult those they are hired to serve and protect. ” Lockout v. Giuliani 447 F. Ad 159 (2nd Cirri. , 2006).
The off duty activities were Pappas v. Gallivant: 290 F. Ad 143 (2nd Cirri. , 2003), cert.. Dented by 539 U. S. 958. Websites/Blobs/Message Boards/Social Networking Employees have personal websites, where they may trash their employer. In some situations this may involve use of confidential information from the workplace or the employers records. In others it can be defamatory. Does the employer have the right to discipline? Can the employer invade the personal site to discovery what is there? There is no expectation of privacy when one posts items on public display.
So most blobs or social networking are open to view by one’s employer. Nevertheless, there are some protections. The National Labor Relations Act allows employees to openly critique wages, hours, and terms of their employment. The First Amendment protects public sector employees who raise issues of “public concern” (over one’s personal gripes, opinions and displays are generally not protected). Generally, an employer considering discipline or one’s off-duty conduct should consider the following factors: 1 1 Does the employee’s off-duty conduct have a connection to the workplace?
Injury to the employer’s business or operations; Inability to report for work; Unsuitability for continued employment; Other employee(s) refusal to work with the off-duty offender or danger to other employees The Federal Trade Commission is also implementing rules which may make the employer liable for an employee’s off-duty positive statements about a company’s products or services. Overindulged or “false” claims can be viewed as company advertising. The employee may be viewed as an agent of the company. So, there are valid grounds for providing policies and employee education regarding off-the-Job personal and electronic expressions.
These policies and training programs should be carefully crafted to balance the issues of employers’ legitimate concerns with employees’ legal and privacy rights. A breach of confidentiality, if it is covered by policy or law, is grounds for discharge. It does not matter where the employer committed the breach. “Invading” a personal website is another matter. If the site is public then there is no invasion. However if it is private, allowing only restricted entry, it can violate the employee’s rights. Snoop v. Hawaii Airlines, 236 F. Ad 1035 (9th Cirri. 2001). The court found an invasion when the employer used false pretenses to get the access code to an employee’s “restricted” chat room (limited to co-workers and friends). Public chat rooms and e-bulletin boards are often anonymous. The identity of the individuals is not apparent. So how does one root out and stop the illegal defamatory messages? Unlike in print media, you may not Just sue the “publisher. ” The Communication Decency Act insulates the service provider from ability for information sent or posted on its network or message boards.
The individual sender can be sued, but rarely the service provider. If the statements are legally egregious, one may file suit against an “unknown defendant” (A Doe case). Then use the discovery rules to try to force the system provider to cough up the identity of the individual. Mediumistic Inc. V. Doe, 342 NJ. Super 160 (NJ. App. Users do not have to provide the service provider with their true name or email address. Also, the Internet is a public forum, and courts use a heightened First Amendment analysis in deciding whether to allow the discovery or impose liability.
So even a private sector employee gets Constitutional rights. Doe v. The Mart. Com, Inc. 140 F. Sup. Ad 1088 (W. D. Wash. , 2001). 12 Disability/Accessibility Employees sue states over inaccessible computer systems. Employees in several states have sued to block new computer systems which are not accessible. In Arkansas, the state in turn sued the software company, alleging that it failed to deliver a legally viable product.
Have a comprehensive policy which covers the proper use, security measures and improper usages. Personal use: to allow (? ) or prohibit (? ). Some organizations have prohibited all personal use of the computer system. These policies may eliminate the concerns about abuse; they are legally valid and are within the employer’s right. However, they are also difficult to enforce, require extra “policing” which takes more time and effort than a standard “monitoring” policy, and generate resistance by employees. Most employers have a “reasonable usage” practice accompanied by a “monitoring” policy.
The warning that all usage will be monitored and recorded by management usually prevents most improper use and keeps other personal use to a low level. Collateral policies. Also mentioned improper computer use in other relevant policies (I. E. , harassment, records confidentiality, safe driving, security of company property, etc. ). “No privacy’ warning to all employees (and government officials). Give fair warning that any use of the computer system, Internet or intranet, may be subject to discovery and disclosure. For government employees and officials, it can be a “public use” subject to Public Records Requests.
Include a provision that all contents are property of the employer. Include the warning that use of one’s personal home computer, laptop or Blackberry to enterprise with the office computer system may make the content of these personal devices subject to discovery and disclosure. Authorization to monitor. The usage policy should have a user signature (for the personnel file) which authorizes the organization to intercept, monitor, access, retrieve, copy and disseminate any and all information or messages from the individual’s computer system or Internet usage.
This authorization is also important for compliance with the Federal Electronic Communications Act. The authorization should include an understanding that the employer may consent to a police search and retrieval of information at anytime without further notice.