Client Alert - Is Your Electronic Communications Policy Up-to-Date?
Does your company have a well-drafted electronic communications policy? If not, now is the time to create one. If your company has an electronic communications policy, this may be the time to make sure it is up-to-date and consistently enforced.
Why Your Company Should Have an Electronic Communications Policy
Electronic communications, such as e-mail, have become the chosen, if not the principal method of communication for companies throughout the U.S. and around the globe. More and more employees have Internet access to the world wide web and the ability to send rapid electronic communications to a potentially limitless audience at the click of a mouse. With the advent of this technology, companies are discovering that they must confront, as never before, an array of legal and technological challenges.
Inappropriate use of electronic technology exposes companies to sexual harassment, discrimination and hostile work environment litigation, as well as costly intellectual property infringement claims. In lawsuits, e-mail often contains crucial evidence of wrongdoing that can be searched rapidly and that is hard to defend. To make matters more problematic, companies are struggling to ensure that their electronic systems remain free of harmful computer viruses, that sensitive information remains secure and that valuable company time and resources are not wasted.
A well-drafted electronic communications policy will inform employees of company policy on the use of electronic communications technology, give them advance notice of electronic monitoring and limit the company's exposure to burdensome litigation.
Has Your Company Updated Its Electronic Communications Policy?
Recent legislation and cases involving electronic monitoring of employee e-mail and Internet use, and the threat of possible litigation, are forcing companies to reexamine their electronic communications policies and to ensure that such policies are enforced in a prudent and consistent manner that does not violate Federal and state legislation or their employees' privacy rights.
Current Law: The Electronic Communications Privacy Act
The Electronic Communications Privacy Act of 1986 ('ECPA') prohibits intentional interception and disclosure by employers of the contents of wire, oral and electronic communications of employees. Under ECPA, employees can sue employers who improperly intercept employee communications for actual damages, punitive damages, reasonable attorneys' fees, and equitable relief.
ECPA allows employers to intercept employee communications in certain situations. In particular, employers can intercept employee communications if they occur in the ordinary course of business or the employee supplies express or implied consent to the interception.
Pending Legislation: The Notice of Electronic Monitoring Act
The Notice of Electronic Monitoring Act ('NEMA'), which was introduced last session with bi-partisan support in Congress, is likely to be reintroduced with various changes in the 107th Congress and to become law this year. NEMA will require organizations to provide their employees with advance notice of electronic monitoring, such as monitoring of wire, oral or electronic communications or other computer usage. Keystroke monitoring, programs monitoring e-mail and Internet use, monitoring of telephone calls and voice-mail, and similar surveillance techniques are all covered by NEMA.
Under NEMA, organizations will have to provide clear and conspicuous notice of (1) the form and type (i.e., work-related, personal) of communication or computer usage that will be monitored, (2) the frequency of such monitoring, (3) the means by which such monitoring will be accomplished, and (4) how information obtained by such monitoring will be stored, used, or disclosed. Organizations also will be required to provide additional notice of such monitoring at least one year after first providing such notice, and thereafter on a yearly basis, and as soon as the monitoring practices are materially changed. NEMA will allow organizations to conduct electronic monitoring without notice in special situations when an organization has reasonable grounds to believe that a particular employee is violating the rights of the employer or another person and the electronic monitoring will provide evidence of such harmful conduct.
NEMA will permit employees to sue their employers for significant civil damages for electronic monitoring without the required notice, including $5,000 liquidated damages per violation, punitive damages, reasonable attorneys' fees, and equitable relief (monetary damages are capped at $20,000 per employee and $500,000 in cases involving several employees).
State Law
Some states, such as Connecticut, Massachusetts, North Carolina and California, have enacted or are in the process of enacting statutes similar to ECPA and NEMA.
Electronic Monitoring and the Courts
There have been relatively few cases involving electronic monitoring of employee e-mail and Internet use. Courts in various jurisdictions have generally found that the employer's business interest in monitoring e-mail and Internet use outweighs employees' privacy interests. However, in light of new Federal and state legislation on electronic monitoring and increased efforts to protect individual privacy rights, employers need to be more vigilant about how they formulate and enforce their electronic communications policies.
Guidelines for an Effective Electronic Communications Policy
Formulate a Written Electronic Communications Policy
If your company does not already have one, now is the time to prepare a clear, comprehendible Electronic Communications Policy. The policy should at a minimum:
- Note that the company owns its electronic information and communications
systems and that there is no individual right to privacy in connection with the
use of the electronic communications systems. Describe the extent
to which employees may use the systems for personal use. - Indicate what types of electronic communications are clearly prohibited by the company.
- Explain why the company may conduct monitoring, what systems and
types of communications will be subject to electronic monitoring and the
approximate frequency of such monitoring. Emphasize that electronic communications
are no different from paper correspondence on the company's letterhead, and should be treated with the same level of professionalism. - Clearly mention that the policy will be enforced and what actions will be taken against those employees who violate the policy.
Establish an E-mail Retention Policy
Establish a policy for deleting e-mail that the company is not legally required to retain. For example, the policy could state that e-mail that is not archived or moved to a specific location will be deleted after a certain amount of time. No company should delete e-mail that might be relevant to an ongoing litigation.
Make Sure Employees Have Reviewed and Consented to the Policy
The Electronic Communications Policy should be incorporated into the company's employee handbooks and should be circulated to employees on a regular basis (at least once a year), and before the company engages in monitoring. New (and existing) employees (including all managers, supervisors and staff) should review and acknowledge in writing, or on-line, that they consent to the Electronic Communications Policy. The company should retain documentation of such consent, and should inform employees as soon as any changes have been made to the policy.
Designate Specific Persons Who Are Authorized to Enforce the Policy
The company should designate specific persons who will enforce the policy and inform employees of the importance of the policy.
Do Not Conduct Monitoring that Detects Union Activity
Companies that have employees who are affiliated with unions should consult counsel before implementing monitoring practices and should not conduct monitoring that targets union activity.
Our firm's Information Technology Group has experience developing effective electronic communications policies for public and private entities. If you seek advice on how to prepare and enforce a policy that suits your company's needs, or if you want to ensure that your company's policy complies with legal requirements, please contact us.
For more information on this Client Bulletin, please contact Joel Karni Schmidt.
Copyright 2001
Cowan, Liebowitz & Latman, P.C.