1. Electronic Issues: E Mail Monitoring, Telephone Monitoring and Employee Blogging (a) E-mail Privacy in the Workplace Introduction Applicable Law: The Electronic Communications Privacy Act The federal Electronic Communications Privacy Act (ECPA) generally prohibits the interception of electronic communications and unauthorized access of electronic communications. “Interception” is defined as the real time acquisition of communications, e.g., the monitoring of employee email as it is actually being sent or received. “Unauthorized access” is defined as the access of an electronic communication in electronicstorage, e.g., the monitoring or accessing of emails after they have been sent or received, and arestored on a server or other database Electronic communications include email messages.To “intercept” or “access” means to monitor or review -- so we start from the point that monitoring employee email is generally prohibited. There are three important exceptions to this prohibition that essentially permit an employer to monitor (“intercept” or “access”) an employee’s email:
What does all this mean? Here are a few examples of email monitoring practices that are clearly within the bounds of the law:
(b) Composing and Enforcing an Electronic Communications Policy: Best Practices While no all encompassing checklist of concerns can encapsulate what an electronic privacy policy should include for every employer, the following is a list of “must haves” that all policies should include in some fashion:
(c) Benefits of a Policy
(d) Telephone Privacy in the Workplace The Federal Wiretap ActThe Federal Wiretap Act utilizes many of the same definitions as the Electronic Communications Privacy Act. A company’s approach to telephone privacy should involve application of many of the same definitions as in the ECPA, such as communication” and “interception,” to oral, rather than electronic, communications. In addition, the two Acts share the same exceptions: provider, ordinary course of business, and consent. The Wiretap Act defines an “oral communication” as one that one made in circumstances indicating that the individual uttering the communication expected it would be private. As under the ECPA, a communication may not be intercepted unless an exception is available. So, what does this mean for employers? If and when are they permitted to monitor their employees' telephone communications? Outside of the three statutory exceptions, there are certain factors and considerations to be considered in determining whether telephone monitoring is permitted:
Pennsylvania Wiretap Act (1) That he or she engaged in a communication;(2) That he or she possessed an expectation that the communication would not be intercepted;(3) The expectation of privacy was justifiable under the circumstances; and(4) That the defendant attempted to, or successfully intercepted, the communication, or encouraged another to do so. Note that the oral communication may be a telephone conversation, or an overheard officeconversation -- as long as the person making it had a justifiable expectation that thecommunication would not be intercepted, an employer (or anyone else) may not legally monitor the conversation. Note also that the Pennsylvania law has a series of exceptions, some of which are similar to the
This is a somewhat murky legal area. However, it is clear that the monitoring of the following types of employee conversations are likely permissible:
When the employer informs all employees, through an employee manual, separate written policy, or otherwise, that all conversations on company property are not private and should not be treated by employees as private or confidential, the employer may monitor and/or record any such conversation. (e) Common Law Invasion of Privacy Tort Claims as a Limitation on the Employer’s Right to Electronically Monitor their Employees Workmen’s Compensation ProtectionIn Pennsylvania, the Workers’ Compensation Act is generally the exclusive means by which employees may recover from employers for injuries arising out of the scope of employment. Only in cases where the injury is a) personal in nature and b) not part of the normal course of employment is an employer subject to suit by his employee. Thus, as a starting point, many employers may be protected by the Workers’ Compensation Act from invasion of privacy claims brought by their employees. The Invasion of Privacy Claim If an employee is able to show that electronic or telephonic monitoring by the employer falls outside the protection of the Workers’ Compensation Act, the employee may be able to assert a tort claim against an employer for invasion of privacy. The most likely claim is for “invasion of privacy.” To establish this tort, the employee must show that the employer: (1) intentionally intruded, physically or otherwise,(2) upon the solitude or seclusion of the employee or his private affairs or concerns. The employer will only be subject to liability to the employee for invasion of the employee's privacy if the intrusion would be highly offensive to a reasonable person. Note that at least one court has found unauthorized email monitoring to be highly offensive, and thus actionable under this tort.
a) by physical intrusion into a place where the plaintiff has secluded himself on a conversation;b) by use of the defendant's senses to oversee or overhear the plaintiff’s private affairs, or c) some other form of investigation or examination into plaintiff’s private concerns.” (f) Workplace Blogging What is a “blog?” How popular is blogging? Why is this important to an employer? Consider these examples:
These are just a few examples of how employee blogging can adversely affect an employer. At the rate blogging is growing, cases such as these are sure to increase in the future. Many large employers, including IBM and Sun Microsystems, have addressed the blogging issue by formulating a written blogging policy. If you are going to permit employees to maintain blogs, here are some of the issues a blogging policy should address:
Advantages/Disadvantages of Allowing Employees to Blog Or, a blogger using the corporate banner may be able to improve his employer’s image if his blog is smart and insightful. Each employer should consider blogging an important issue, and give it the appropriate consideration. 2. Non-Electronic Employee Privacy Rights: Background Checks, Drug &Alcohol Testing, “Lie Detector” Tests, Credit Checks, Employee Access to Personnel Files, & HIPAA (a) Background Checks Background checks, if used appropriately, can be an effective tool for employers to use in evaluating prospective and current employees. Because no single central “background check” repository exists , conducting a background check necessarily involves inquiries to several different agencies -- for example, a state criminal record repository, a credit bureau, or previous employers. Some of the most common types of background checks include:
Laws limit two fundamental aspects of background checks: collection of the information about the individual and use of that information in making employment related decisions. The Fair Credit Reporting Act and the Americans with Disabilities Act, which we will briefly discuss today, each affect what information can be collected for a background check. For instance, the Fair Credit Reporting Act requires that you obtain written consent by the applicant and advise the applicant of the ability to correct possible inaccuracies. The release of medical records is strictly regulated by HIPAA. While collecting information and then using it to help make employment related decisions, you need to be aware of not only the restrictions that exist by way of state or federal law on the use of this information, but remember that much of this information is sensitive and needs to be maintained on a confidential basis, both within and outside of the company. Privacy concerns should be most heightened when handling any type of medical reports, drug tests, credit checks and criminal background information. (b) Drug & Alcohol Testing Substance abuse in the workplace is an issue of much concern to many employers. One way that employers have sought to prevent this problem is to require current employees or prospective employees to submit to a drug and/or alcohol test as a condition of employment. If administered appropriately, a drug testing policy is an effective way to prevent substance abuse in the workplace. If administered in the wrong way, drug testing can create liability for the employer based on an invasion of privacy (see above for additional information on this popular employee claim).
The following is a list of “best practices” that an employer should consider while formulating a drug testing policy, or as a checklist to review their current policy:
Note that federal employers, such as government agencies, are subject to the Drug Free Workplace Act of 1988. Private employers are not subject to this law. (c) “Lie Detector” Tests In the event that an employer decides to use a “lie detector” test (a/k/a polygraph examination), it is important to know that there are limitations on the permissible use of these exams in the workplace. Federal Law
There are several relevant exceptions to these prohibitions, i.e., factual scenarios where an employer is permitted to require an employee to submit to a lie detector test. These exceptions include when the employee: (1) has access to the employer's property and is reasonably suspected of theft;(2) is a prospective employee of a security firm; or (3) is a prospective employee of a pharmaceutical company or other firm allowing access to controlled substances. If any of these limited exceptions are met, then the employer may require the employee to submit to a polygraph test. Any employer who violates this law is subject to suit by the offended employee and/or the U.S. Department of Labor, and may be held liable to either for damages. Pennsylvania Law Note that Pennsylvania has nearly the same exceptions as the federal law, with the only difference being that there is no exception for employees suspected of theft. In addition, the use of similar tests, such as psychological stress evaluators, audio stress monitors, or similar devices that measures voice waves or tonal inflections to judge the truth or falsity of oral statements are also criminally prohibited in Pennsylvania if undertaken without the employee's consent. (d) Credit Checks: The Fair Credit Reporting Act The FCRA requirements for employers are relevant in the context of personnel decisions concerning hiring, promoting, and firing. Although it uses the word “credit” in its title, the FCRA governs any type of third party background investigation that may be used to make an employment decision, not just credit checks. Facts obtained through a third party investigative agency are covered by the FCRA, as well as credit reports. There are several steps an employer who wishes to use a consumer or credit report in making a personnel decision must take: (1) The employer must notify the individual in writing, before the report is acquired, that a report may be used.(2) The employer must get the individual's written authorization to request a copy of the person's credit report.*Note that notification and authorization can both be done as part of the initial application process.(3) If the employer relies on the report in taking an “adverse action” -- defined as denying a job application, making a job reassignment, terminating an employee, or denying a promotion, the employer must:a) Give the individual a disclosure, prior to taking the adverse action, that includes a copy of the individual’s credit report and a copy of the document, “A Summary of Your Rights Under the Fair Credit Reporting Act;” and b) After taking the adverse action, give the individual notice that the action has been taken. This notice must include certain specific information, including the name of the credit bureau that supplied the credit report, and a notice of the individual's right to dispute the finding of the report. (e) Right of an Employee to Inspect His or Her Personnel File In Pennsylvania, an employee’s right to inspect her personnel file is governed by the Pennsylvania Personnel Files Act. The following is a brief summary of the right of employees to inspect their personnel file. Who has the right?
has a right to inspect his or her personnel files. Former employees have the right only when they are laid off with reemployment rights, or are placed on a leave of absence. Remember, if an employer sues/is sued by a current or former employee, the employee will likely be able to discover most or all of his or her entire personnel file under the rules of civil procedure. What information does the right encompass?
What information is not covered by the right?
What is the right exactly?
The employer:
(f) Employer Record Keeping and Retention Requirements There are numerous federal statutes that require an employer to retain employee personnel files for a period of time after they have been created and/or the employee's discharge. Below is a brief summary of three federal laws that require an employer to retain records in some way. Age Discrimination in Employment Act (ADEA)
Title VII of the Civil Rights Act of 1964 & the Americans With Disabilities ActThese two federal laws impose identical record keeping requirements. Employers are required toretain the files for a period of one (1) year from the date the personnel record was made or personnel action was taken (whichever was later):
Fair Labor Standards Act
Wage and Hour Administrator, individual employment contracts, and collective bargaining agreements, must be kept from three (3) years. (g) Quick Note on HIPAA The Health Insurance Portability and Accountability Act (HIPAA), and regulations issued pursuant to it by the US Department of Health and Human Services, create standards for the electronic exchange, privacy and security of health information. While many of the procedures and policies required by HIPAA affect only medical care providers, there are mandatory procedures and policies that must be implemented by all employers. For example, employers must develop policies and procedures regarding:
Clearly, a detailed discussion of HIPAA requirements is beyond the scope of today’s presentation. This brief summary is meant only to flag HIPAA compliance as an important privacy area for all employers. |