The prime law in this area is the Electronic Communications Privacy Act of 1986, an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, commonly known as the "wiretap law." The ECPA was adopted initially to govern third-party interceptions of electronic communications, not to govern employers' rights to monitor their workers. (All states have their own wiretapping” statues that either mirror the federal law or provide their own unique spin in the federal law.)
The ECPA provides civil and criminal penalties for any person
who intentionally intercepts, uses, or discloses "any wire, oral, or
electronic communication." The term "electronic communication"
is defined as "any transfer of signs, signals, writing, images, sounds,
data, or intelligence of any nature transmitted in whole or in part by a wire,
radio, electromagnetic, photo-electronic or photo optical system that affects
interstate or foreign commerce."
Essentially, the ECPA prohibits the interception, use or
disclosure of electronic communications to which the interceptor, user or
person making the disclosure is not a party – it requires the involvement of a
third-party. This is called the “one consent rule.” One party to the communication can give their
consent to its interception, use or disclosure, without violating the ECPA.
Exceptions
The two prime exceptions to the ECPA afford employers broad rights to monitor their employees: An employer may monitor an employee's conversations if the monitoring occurs in the ordinary course of business or with the employee's implied consent.
The two prime exceptions to the ECPA afford employers broad rights to monitor their employees: An employer may monitor an employee's conversations if the monitoring occurs in the ordinary course of business or with the employee's implied consent.
Most of the cases developed under the ECPA involve criminal
justice and investigatory wiretaps of telephone and e-mail communications.
Until recently, most of the case law in the civil application of the ECPA
involved monitoring telephone communication.
The ECPA also contains a "business exclusion
exemption" that exempts interceptions made by equipment "furnished to
the subscriber or user by [a communications carrier] in the ordinary course of
its business [and being used by the subscriber or user] in the ordinary course
of its business." Under this exception, an employer may monitor phone
calls made on an employer-supplied telephone system by attaching a device
supplied by the employer. The courts look to whether a reasonable business
justification exists for the monitoring, whether the employee was informed
about the employer's right to monitor, and whether the employer acted
consistently in connection therewith.
Additional federal and state legislation have been introduced to
afford employees improved rights and weapons in the battle for more privacy.
But, so far there's no federal law that requires employers to notify employees
that their communications are being monitored. (Union members have protection
not afforded to non-unionized workers. The NLRB ruled that the monitoring of
employee digital communications and activities. Os a collective bargaining
issue.)
Many states have adopted their own version of the ECPA, and some
require the consent of both parties for non-exempt interceptions (as opposed to
the one-consent ECPA rule). In addition to the state versions of the ECPA,
state laws include constitutional provisions, statutes and common law (law that
has been developed through case-by-case review and, in the United States is as
much part of the law as a statute).
Common Law And Invasion Of Privacy
Given the lack of protection afforded by the ECPA against employee monitoring, the few state-adopted privacy statutes, and the failure of states to adopt legislation protecting employee privacy rights, many employees are seeking recourse under common-law rights of action. Typically, they seek relief under the common-law tort of invasion of privacy. Invasion of privacy laws don't exist in all states, and in some cases, statutes labeled as "privacy invasion" laws do not deal with privacy matters at all. In New York, for example, the privacy statute deals with protection of celebrities and others rights against the commercial exploitation of their images.
Given the lack of protection afforded by the ECPA against employee monitoring, the few state-adopted privacy statutes, and the failure of states to adopt legislation protecting employee privacy rights, many employees are seeking recourse under common-law rights of action. Typically, they seek relief under the common-law tort of invasion of privacy. Invasion of privacy laws don't exist in all states, and in some cases, statutes labeled as "privacy invasion" laws do not deal with privacy matters at all. In New York, for example, the privacy statute deals with protection of celebrities and others rights against the commercial exploitation of their images.
In the states that recognize the tort of invasion of privacy, a
violation generally requires an intentional intrusion, "physical or
otherwise, upon the solitude or seclusion of another upon his private affairs,
or concerns if the intrusion would be highly offensive to a reasonable
person."
One of the key conditions to successfully prosecuting an action
for invasion of privacy is whether the person has a "reasonable
expectation of privacy." Courts across the country are finding with more
and more frequency that no reasonable expectation of privacy exists with e-mail
or employee online communications. When the privacy policy or electronic use
policy that we all click without reading explains their practices and that
users have no expectation of privacy, it is hard to prove that your expectation
was reasonable.
Conclusion
Whether they have a right to privacy under employment circumstances or not, many employees find the intrusion of digital surveillance and monitoring offensive. This makes it a practical problem, not a legal one.
Whether they have a right to privacy under employment circumstances or not, many employees find the intrusion of digital surveillance and monitoring offensive. This makes it a practical problem, not a legal one.
Many employers are choosing to notify employees in advance that
their activities may be monitored. These notices can be contained in a written
e-mail policy or within an employee handbook. Under all circumstances, the
employee should acknowledge them in writing and the employer should retain
those written acknowledgements.
An employer simply can't let employees communicate on an e-mail
system unmonitored–too many litigants will seek to hold the employer
responsible for what is said and done. Employers should monitor, but do it
wisely and consistently, and adopt a policy that works for them. They should
also find a lawyer who can craft one, just for their business, rather than
using one off the shelf. A carefully written, well-enforced policy is smart
employee relations–and smart preventive law practice.
