Section: HUMAN RESOURCES REPORT

When a small-business owner in Texas suspected an employee of stealing, the solution seemed obvious: monitor the worker's telephone conversations for evidence. The employer recorded 22 hours of the worker's phone conversations during normal business hours, and the tape proved that the owner was right about the employee. She had been paying fake invoices in a scheme to drain money from the business.

That should have signaled a happy ending for the owner, right? Wrong. In a surprise twist, the employee sued for invasion of privacy--and won a $40,000 reward.

What went wrong? The court ruled that the business owner had not adequately informed the employee that personal telephone calls were subject to monitoring. As a result, her "natural expectation of privacy" had been violated.

So should business owners back off from monitoring the activities and communications of their workers? No, because employers have plenty of legitimate reasons to monitor the workplace, such as the need to:

• Assess job performance

• Protect company secrets and assets

• Reduce company liability for employee wrongdoing

• Control telephone and e-mail communications costs

Despite these laudable goals, employers need to realize that there's a downside to the advent of new technologies: The public believes that privacy rights are under attack. So just how far can you go before workplace monitoring becomes invasion of privacy? Employers need to make doubly sure that company policies don't spark costly lawsuits

"The right to privacy has grown into a real employee right," says Milton Bordwin, senior partner in the Boston law firm Rubin and Rudman, which defends companies in such lawsuits. "Employers face costly penalties when they fail to realize that in many areas of the workplace, employees have the right to be left alone."

And those areas are legion.

"Even the smallest employers store information in a multitude of areas," says Robert Stevenson, a labor and employment lawyer at Akin, Gump, Strauss, Hauer & Feld, San Antonio. "And in all of these areas, there are privacy concerns."

Stevenson notes that lawsuits have been filed for invasion of privacy in telephone conversations, voice mail, e-mail, postal mail, and messages stored on computer hard disks, as well as in file cabinets and desk drawers. Further, the law often protects your employees when they communicate face-to-face in workplace situations where they might expect privacy--such as an office with a closed door. "And often the most thorny issue is monitoring telephone conversations with customers," says Stevenson.

While the federal Electronic Communications Privacy Act, passed in 1986 and toughened since, affords considerable legal protection, it's by no means the only source. "For the most part, privacy law is state law," says Alfred G. Feliu, employment law specialist at the New York law firm Paul, Hastings, Janofsky & Walker.

Making it even tougher, the law varies substantially among states. California, for example, protects employee privacy more stringently than does New York. Many states recognize a common law right of privacy, which can swing court decisions in favor of plaintiffs. There is little guidance for employers, however, since there are so few cases on record. That's because, on the state level, most such lawsuits are settled out of court.

The lack of firm guidelines increases risk enormously. "The state common law right of privacy is a real crapshoot," says Louis Maltby, director of the Workplace Rights Office of the American Civil Liberties Union, New York City.

So how can you protect your business from lawsuits for invasion of privacy? Attorneys who specialize in employment law say employers make a number of common errors that land them in hot water. Let's take a look at what these errors are, and how you can avoid making them.

Mistake #1: no communications monitoring policy. Draw up a workable policy that defines the right of your business to monitor workplace communications. This includes telephone calls, e-mail, voice mail and other problem areas. "Don't wait until an emergency crops up to create a policy," says Marguerite S. Walsh, partner in the Philadelphia office of Buchanan Ingersoll.

In drafting the policy, owners must avoid any conflict with state employment law, so it's a good idea to consult with your attorney on the exact wording.

Some companies have established policies to the effect that "all communications using company property (for example, telephones and computers) must be of a business nature."At first, this seems like a smart policy. If you find out that an employee is stealing from the business but do not want to confront the employee with a potentially explosive charge, you instead dismiss him for sending personal messages that you discovered while monitoring e-mail or the telephone.

"I caution against such policies, because they are impractical to enforce," says Stevenson. "Are you going to say that people can't call home from their business phone if a family member is sick?"

If you do allow exceptions, you can run into problems down the road. If you discharge someone based on that policy, the individual can claim discrimination if other individuals were allowed to make personal calls.

The same scenario can occur with e-mail messages. Some employers do insist that all e-mail be of a business nature, since personal business can be conducted by telephone. Even so, problems can crop up if any of your staff falls into the habit of sending personal e-mail.

At the very least, inform employees that all e-mail is subject to monitoring. "Employees may have an expectation of privacy for e-mail," says Hugh Webster, an attorney with Chamberlain & Bean, Washington, D.C. "So put in the employee manual that all e-mail messages are considered property of the employer."

Mistake #2: failing to inform employees of your policy. Writing a policy is a good first step, but make sure you communicate it to employees. Your goal must be to diminish any expectation of privacy on the part of employees. "Removing the expectation of privacy goes a long way toward protecting yourself," says Webster. Why? Here's the bottomline message from court cases across the country: If employees expect privacy, they are entitled to it.

Employees should read and sign the policy document. This will provide good evidence later that the employee should not have expected privacy. Further, you can remind employees in certain situations. Your e-mail program, for example, can display this notice on its opening menu: "All messages sent over this system may be reviewed by managers."

Suppose an employee refuses to sign the policy document. Are you justified in taking punitive action? "This will be governed by state law," says Stevenson. "Most states allow you to discharge an employee for any reason. In this case, you may state that it is a condition of employment that messages will be monitored. In many states you would be allowed to discharge a noncooperating employee."

Mistake #3: going too far. How much should you monitor? All business communications? Personal communications? Conversations at meetings?

"You must reach a balance between your right to have employees who assist in properly conducting business, and the employee's right to privacy in areas in which the employer is not entitled to pry," says Walsh.

Look at each activity in your business and ask whether there is a legitimate basis for monitoring communications. You will need to produce explanations for monitoring communications in:

• Telephone conversations

• Voice mail messages

• Written letters

• E-mail messages

• Computer disk data

• Private offices

• The workplace, meeting rooms, cafeterias and other nonprivate places

Similar rationale must be presented to defend against searches of desks, filing cabinets, briefcases and purses.

When you have established a policy stating, "All communications are subject to monitoring by management," can you then monitor personal phone calls, or e-mail messages?

"I do not advise listening in to personal calls," says Stevenson. "There are state common law rights of privacy to consider. A court may well ask why you decided to listen to the conversation."

In fact, prudent managers will cease to monitor any communication that is obviously nonbusiness, Stevenson says. Some states have laws that explicitly deny employers the right to listen in on personal phone calls. Check with your attorney!

Mistake #4: creating expectations of privacy. Sometimes employers create reasonable expectations of privacy by employees. You need to know when this happens and to recognize that you may be limited in monitoring communications in such cases. Here are some common areas for concern:

• Assigning computer passwords. Employees may believe that any messages sent using passwords are private. Says Stevenson: "If you create passwords, you have to tell employees that you reserve the right to defeat those passwords."

• Providing an office with a closed door. The employee may expect privacy there. You may be over the legal boundary if you monitor activity with hidden tape recorders or cameras, without justification.

• Giving desk keys to employees.

• Allowing employees to use computers for personal work.

• Providing storage areas with locks.

This brings up a sticky point: Do employees have reasonable privacy expectations about their filing cabinets, briefcases, purses and shopping bags? Attorneys say that the answer is often yes, unless you have explicitly stated that the company has the right to inspect such areas. Include this in your written policy statement that employees sign.

"Employers must be careful of common law claims," says Jon Howard Rosen, partner in the employment law firm Frank & Rosen, Seattle. "Where there is a reasonable suspicion of wrongdoing, then you have more rights to search."

Nevertheless, avoid overreaching when it comes to searching personal belongings, says Feliu. "Searching briefcases and purses is more defensible if you have a good reason to believe they are stealing."

Mistake #5: letting personal mail fall into the wrong hands. Personal postal mail and faxes should be shuttled to their intended recipients without monitoring by managers. "Mail poses a special problem today because of the greater mobility of employees," says Bordwin. "If you receive mail addressed to a departed employee, and the sender is a known business connection, you can dearly open the envelope. But if the address is handwritten to the individual and the envelope has a regular postage stamp, forward the mail to the addressee."

Go over your options with your attorney. Forge a solid business policy on communications, make sure employees understand it, and you can avert lawsuits for invasion of privacy.

"Privacy is a right that has been recognized in more workplace areas," says Bordwin. "To a great extent, the courts are saying that employees have the right to be left alone."

Policy averts employee lawsuits

1 Draw up a policy stating that all communications are subject to inspection by management.

2 Inform employees of the policy.

3 Monitor only what you need for legitimate business purposes.

4 Don't monitor the personal communications of your employees.

~~~~~~~~

By Phillip M. Perry

Phillip M. Perry is a freelance writer based in New York City.

 

Trying to come up with an e-mail policy for your facility? Then check out Access to and Use of Electronic Mail on Company Computer Systems: A Tool Kit for Formulating Your Company's Policy. The 36-page booklet moves users through a series of key questions and suggests, policies to suit all types of business environments.

 

Prepared by David R. Johnson and John Podesta, the booklet is available from Electronic Messaging Association, 1655 North Ft. Meyer Dr., #850, Arlington, Va. 22209, (703) 524-5550, or info@-ema.org. $45 for nonmembers.

 

Employers are screening new personnel more carefully, but they should make sure that interview questions do not intrude on a prospect's privacy. Interview questions that probe the individual's personal life in some cases can spark lawsuits for discrimination and might deemed by a court as invasion of privacy.

 

"Stick with questions that are relevant to the available position and the experience required," says Hugh Webster, an employment law attorney with Chamberlain & Bean, Washington, D.C. The danger is even greater for written personality tests. Use only tests that the publishers say do not trespass beyond the needs of specific job descriptions. "Don't make up a personality test," says Webster. "It can easily get into areas that you shouldn't."

 

When firing an individual, avoid overly broad dissemination of the reasons for the termination. "If you disclose information that injures a person's reputation, the individual may sue for defamation," says Alfred G. Feliu, employment law specialist at the New York law firm Paul, Hastings, Janofsky & Walker. "If the former manager says his subordinate was crazy and should have been locked up, that is defamatory. If it's true that the person went to a psychiatrist, it could be invasion of privacy."