Are your managers spying on employees?
April 27, 2009 by Sam NarisiPosted in: Communication, Employee computer use, Special Report
Many employers monitor employees’ e-mail use to prevent data leaks, harassment and other legal problems. In one recent case, a manager went a step further, putting his company on the hook for a violation of privacy.
An employee was involved in a legal battle with her former employer after she was terminated. She filed three discrimination and harassment claims against the company.
At the same time, the company took her to court, alleging breach of contract, misappropriation of trade secrets and other claims. During the trial, the woman’s former boss, the company president, presented as evidence e-mails sent and received by her personal e-mail account.
He admitted to stealing the woman’s password and reading the e-mails for the purpose of “monitoring and documenting her personal business activity.”
After she found out he was spying on her, the woman sued the president and the company for violating the Electronic Communications Privacy Act.
The company argued it couldn’t be held liable because it didn’t know about or authorize the snooping. But the court disagreed. Since the boss was acting to “further the interests” of his employer, the company was on the hook.
The case went to a jury, and the woman was awarded a total of $400,000 from the company and its president.
Watch privacy rights
This case provides a stern warning to managers who suspect an employee of wrongdoing. While its OK to monitor an employee’s use of the company’s e-mail system, courts have drawn the line at accessing info stored by a third party.
Supervisors need to understand what actions do or don’t violate employees’ privacy rights — and that both they and the company can get in deep trouble when they snoop where they shouldn’t.
View all the Latest Stories
April 28th, 2009 at 2:32 pm
How about an email system that is hosted off site? We subscribe to a web based email system (similar to hotmail or gmail). Would monitoring the use of such a service constitute a violation of privacy?
Jon
April 28th, 2009 at 7:16 pm
Having an acceptable use policy is imperitive — in this situation, it should have prohibited the use of personal e-mail for company business (requiring the use of company resources for company business), as well as limiting the use of personal e-mail altogether.
That said, these actions are appropriate and would probably have yielded the same findings:
- Monitor incoming / outgoing e-mail from the CORPORATE mail system
- Monitor web activity using a proxy server
- Make a forensic image of the employee’s hard drive, and look for cached e-mails and other items such as sensitive documents that the employee would not normally need to store locally.
Most people, through ignorance or ego, will take the easiest path until they know they are being monitored. Once they suspect they are under scrutiny, they take more devious approaches to hide their activity, but this can be prevented by taking a “business as usual” approach, and working with IT to build the case against them.
April 29th, 2009 at 2:50 pm
Jon:
If your company owns the contract, then you have the right to read the hosted e-mail.
If individuals sign up for their own accounts (e.g. free Yahoo accounts) then, no, you don’t have the right to read the e-mail.
Best practice is to have a boilerplate acceptable use policy stating that the company has the right to monitor all communications, and that company business is required to be performed on company-approved e-mail systems.
If you have a contract, e.g. with G-Mail, this serves for both e-mail archiving (FRCP rules for e-mail retention) as well as provides the company with the ability to monitor that traffic.
If you are using a free service, even if the company set up the account, the terms not as clear cut.