Can you spy on your employees? Is it spying if they consent? Does an employer have to give notice before monitoring employee phone and computer use? Well, it depends on who owns the accounts and equipment and what the employer’s policies are.
Here’s a breakdown.
Overview by Device/System
Employer Phones: Employers generally can monitor, listen in and record employee phone calls on employer owned phones and phone systems. This includes cell phones, voice mail and text messages provided to employees.
For example, in City of Ontario v. Quon (2010), the US Supreme Court found that a police officer’s personal text messages on a government owned pager were not private and the employer/police department had the right to view the messages—even though public employees (unlike private employees) have 4th Amendment rights against unreasonable search and seizure since their employer is the government.
Personal Phones: Employers generally cannot monitor or obtain texts and voicemails on an employee’s personal cell phone. But if you’re spending a lot of time at work loudly talking about your weekend plans, there is a good argument that it wasn’t private and you can be disciplined for not working.
Employer Computers- Again, if the employer owns the computers and runs the network, the employer is generally entitled to look at whatever it wants on the system, including emails.
Personal Accounts: It depends on the circumstances—whether the use is at work and on employer equipment. The employer should not look at private emails on a private email account that is password protected by the employee because the employee has a reasonable expectation of privacy, the account is the employee’s, and computer hacking laws provide protection against viewing personal emails without consent.
However, employees should be careful about using those accounts and passwords on employer owned equipment, because that information can be stored in backups, is visible to monitoring software and may not really be private at all.
Several cases involving private emails on employer time and equipment have gone against the employee and determined that the employer’s interception or use of an employee’s personal emails was permitted because of policies that allowed it and implied consent and because the employee was using employer owned computers or sending the emails from work.
Even cases of employees contacting their attorney have gone both ways. In Stengart v. Loving Care Agency, Inc. (New Jersey 2010) an employee emailed her lawyer on a company laptop, but through her personal password protected Yahoo account. The court held the emails were protected by the attorney client privilege, but did not really address the privacy issue.
In Holmes v. Petrovich Development Company LLC (California 2011) an employee contacted her attorney on a company computer with a company email account. The court found the emails were not protected by either a right of privacy or the attorney client privilege. Using the company account and system waived the privilege, and company policies precluded any expectation of privacy. The employer had issued policies that company machines could only be used for business and gave notice that employees had no rights of privacy in their use of company equipment.
In Sitton v. Print Direction, Inc. (Georgia, September 2011), an employer did not violate an employee’s privacy rights by accessing an employee’s personal laptop to print out personal email messages. The employee had been using his personal laptop at work to help his wife run their printing business. The boss came into the employee’s office and saw the computer screen that had a non-work email open. Both the trial court and the court of appeal found that the employer had a legitimate interest in investigating whether or not the employee was running another business from the employer’s worksite on the employer’s time and found that printing out the emails was proper. The employee had to pay the employer damages for breach of the duty of loyalty.
I am not familiar with Georgia law and the duty of loyalty there. But I anticipate there might be a different result in right to work states and states like California, where there is also a Constitutional Right to Privacy.
Surveillance Cameras & Video Monitoring: An employer can monitor its property with surveillance cameras, especially in public and common areas. However, certain areas such as locker rooms, changing areas and bathrooms are generally considered private and not subject to monitoring. Private offices may or may not be protected depending on the circumstances. (See tomorrow’s piece on Common Law Privacy Rights.) Some states, such as Connecticut, have specific laws restricting how and for what purpose employers can videotape employees. And state laws on recording conversations apply to video surveillance.
Laws on Phone and Computer Surveillance:
1. Electronic Communications Privacy Act of 1986 (part of the Omnibus Crime Control and Safe Streets Act, 18 USC sec. 2510 et seq.). This federal law generally prohibits unauthorized “interception” or access to electronic communications and would include telephone, email and computer use. However, there are several huge exceptions that basically allow an employer to monitor anything on its own systems.
- Business Exception: There is a business exception that allows an employer to monitor employee use of its own systems for “legitimate business needs.” This includes improving customer service, preventing harassment and making sure that people are actually working.
- Consent to Monitoring: If one party to the communication consents to the monitoring, then monitoring is permitted even if the business exception does not apply. “Consent” requires the employer to give advance notice of its policy to monitor—it does not require the employees to agree. Consent is implied from the fact that they learned about the policy and decided to keep working there.
- Employer Owned Systems: The owner of the email, IM and phone message systems is also allowed to access the communications even if they are personal.
- Limitations on Employer Monitoring: No continuous monitoring. If the call is obviously personal, the employer has to stop listening. However, the employee can still be disciplined for making personal calls on company time.
2. Computer Hacking Laws. Using employee passwords to sign-in to their personal or social media accounts can violate state and federal computer hacking laws and constitute identity theft. All 50 states have laws that prohibit someone from unauthorized access to another person’s computer and online accounts, especially if the intent is to change or modify access or content. This would include deleting an inappropriate post.
In Pietrylo v. Hillstone Restaurant Group (New Jersey 2009), two employees set up a password protected MySpace account where employees could vent about working at the restaurant. A manger got a hold of the password and logged into the site to discover disparaging and sexual remarks about management and references to illegal drugs. The restaurant fired the employees who sued under the computer hacking laws. The court found for the employees because the restaurant’s employee monitoring policy did not extent to private online communications on a social network outside of work.
3. State Laws on Recording Conversations—States are permitted to make more restrictive laws that protect employees and the public from monitoring, even if the federal law would allow it. In Maryland, everyone in the conversation must consent before the conversation can be recorded. California requires that any monitored phone conversation have a beep at certain intervals or there must be a message informing the caller that the conversation may be recorded. Other states, including Connecticut, New York, Pennsylvania, Colorado and New Jersey, also have laws relating to when a conversation may be recorded.
If the employer owns the system, hardware or both, the employer can monitor employees’ use of it, including personal files and communications.
If the employee owns the system and hardware, the employer’s ability to view and obtain personal files depends on the whether the employee is using it at work, whether the employer has a legitimate interest in viewing the communication, what the state’s laws and employer’s policies are, and what the employee’s objective expectations of privacy are.
With the blending of work and personal lives on social media and through initiatives to improve employee engagement and create a friendlier, more personal culture at work, it’s essential that employers look this issue. Just because you can legally monitor something doesn’t mean that you should or that it is good management practice. If you want a relaxed work environment where employees are trusted and treated as grown-ups, monitoring and discipline over personal phone and computer use will not promote your cause. But if you are dealing with sensitive information that requires higher levels of security, then you may need to monitor to protect the business. But you can’t have it both ways.
Tomorrow-Common Law and Off Duty Privacy.