Corrections or additions?
This article by Teena Chandy was published in U.S. 1 Newspaper on June 2, 1999.
All rights reserved.
E-Mail Policy Be Careful
For most computer users, electronic mail has fast
become the primary medium for business and personal communication.
It is cheap, fast, and so convenient that in many circumstances E-mail
has replaced letters, telephone calls, and even face to face conversation.
Many even assume that E-mail, like the spoken word, is private, fleeting,
and does not leave a trace. But this ephemeral nature of E-mail is
deceptive, because in reality E-mail more resembles the letter. In
many ways it is even more permanent and risky. Not only does it leave
a written record and can be delivered to the wrong address, it can
also be retrieved. It can even be subpoenaed in a court case. You
can tear up a letter or burn it but no matter how diligently you "delete"
them, almost all E-mail messages are saved somewhere by some backup
So it should come as no surprise that authorities were able to quickly
track down the instigator behind the infamous "Melissa" computer
virus. Or that officials at Raytheon were able to identify 21 employees
who allegedly divulged company secrets in an online business forum.
Or that a plot to distribute fake E-mail messages is at the heart
of a personnel controversy at Morgan Stanley Dean Witter.
More and more employees are finding out that the E-mail messages they
send or receive at work are not considered private at all and that
they could be used against them. The legal and ethical issues of cyber
communication — employers’ right to know versus employees’ right
to privacy — are being debated vigorously and companies are faced
with precedent-setting decisions.
An American Management Association (AMA) survey shows that 45 percent
of major U.S. firms record and review employee communications and
activities on the job (including their phone calls, E-mail, and computer
files) and 27 percent record and review employee E-mail messages.
Since most employers screen employee E-mail randomly, more companies
are reading personal E-mail as opposed to work-related E-mail. Personal
accounts are not totally safe either. An employer cannot be prohibited
from requiring an employee to print out messages from their personal
accounts accessed by a company-owned computer.
The result? An increasing number of resignations, terminations, and
employment-related lawsuits. An employee can be fired for insubordination
or similar charges that originate from an E-mail message. "Most
employees do not understand E-mail yet and use it in a way that is
far too risky in the current business environment," says Lewis
Maltby, director of the workplace-rights office of the American
Civil Liberties Union (ACLU).
Many courts have ruled against employees in recent E-mail related
cases. A state court in California and a federal court in Pennsylvania
ruled that employers have the right to use surveillance. Maltby points
out that in the Smythe versus Pillsbury case in Pennsylvania, the
company had promised its employers that their E-mail would not be
monitored, yet fired an employee who vented to his co-worker about
his boss in an E-mail message. The court ruled against the employee
who sued the company for breaking its promise.
"The rationale for both these court decisions is that the equipment
used by employees to send and receive E-mail messages is owned by
the employer," says John MacDonald, an attorney at Stark
& Stark, the Lenox Drive law firm. "Accordingly the employer has
the right to determine how and when its property is used."
But when does an employer’s right to know become an
invasion of personal privacy? "Employers have no business reading
the private E-mails of their employees," says Maltby. A survey
on E-mail privacy, conducted by Opinion Research Corporation as part
of Accountants on Call’s ongoing "Profiles of the American Worker"
series, revealed that more than half of employed Americans feel that
the E-mail they compose and receive at work should be private between
the writer and the recipient.
Nonetheless, court rulings so far have only indicated that employee
wishes do not necessarily prevail over employer decisions. "People
like to believe their conversations over the phone are private, that
they are entitled to privacy, and expect the same kind of privacy
when they are using E-mail," says MacDonald. "However, courts
have ruled that an employee has no `reasonable expectation of privacy’
in interoffice E-mail communications." As for personal E-mail
sent from the office, MacDonald says, "that is still an open issue."
ACLU’s Maltby also agrees that, unless it is an outrageous situation,
an employee cannot do anything against an employer who used information
from an intercepted E-mail message against the employee. The employment-at-will
policy allows employers to fire employees for little or no reason
at all and monitoring E-mail communications gives employees yet another
reason to feel insecure about their jobs.
Monitoring, most companies are saying, is necessary to protect corporate
interests. It can expose an employee’s plan to leave the company and
take proprietary information, it can restrict employees from conducting
personal business on office time, and it can help track down sexual
harassment or other similar abuse. Chevron Corporation, for instance,
settled a sex discrimination lawsuit for $2.2 million in 1995. Among
the evidence was an E-mail message titled "25 reasons why beer
is better than women" retrieved from corporate computers.
Most companies, therefore, have adopted formal E-mail policies for
its employees. Almost all of the dozen companies that U.S. 1 surveyed
had an E-mail policy for their employees in place. "Any policy
should state that employees’ electronic communications are not private;
that the communications devices are employer property and that communications
shall or may be monitored," says Steven M. Berlin of the
law firm of Buchanan Ingersoll at 500 College Road East. "Policies
should also restrict employee use of electronic communication systems
to business purposes."
they should have no expectation of privacy for any Internet use via
the firm’s facilities, whether business or personal."
the company’s policy is that E-mail is for business use and it is
communicated to all employees. "If E-mail is used inappropriately
we have a talk with that employee."
E-mail is company owned and not private: "We have a legal and
an ethical obligation to protect the company and its employees, and
to prevent abuse of the system."
there is no legal requirement to monitor employee E-mail. "It
is the duty of the company to investigate a complaint," says MacDonald,
"but it has no other legal obligation to monitor its employee’s
Companies that do monitor should probably say so. The AMA survey reveals
that 84 percent of companies that monitor employee E-mail do notify
their employees. Such a policy would make it easier for the company
to defend itself in the event of a lawsuit, says MacDonald.
Although the law may allow an employer to monitor electronic communications
in certain ways, the decision to do so must remain a business decision,
says Berlin. The phrase "Big Brother is watching you" has
acquired frightening significance in today’s workplace. While employer
concerns for such monitoring are often legitimate, this could also
create an "us versus them" attitude, says Berlin.
Only three of the Princeton companies surveyed said that they had
a specific hands-off policy. Dow Jones, Church and Dwight, and Neostrata
reserve the right to monitor if a situation warrants it, but otherwise
they say they trust their employees to use their best judgment and
their policy is to not monitor any employee E-mail.
"Dow Jones does not have an E-mail policy, but it is assumed that
E-mail will be used for company business," says Richard Tofel,
spokesperson for Dow Jones. "Of course we know our employees have
personal lives, and just as they may use the telephone to call their
children in the middle of the day, they might also E-mail their children."
"We have a written policy that is communicated to our employees,"
says Mark Bilawsky, vice president of Church and Dwight. "Our
employers are also aware that we do not eavesdrop or conduct any kind
of spot checks as regular procedure."
While most companies feel that monitoring is necessary "in the
best interests of the company," the decision to not monitor —
or as in the case of Dow Jones not having an E-mail policy at all
— could be in the best interests of the company too. As Berlin
of Buchanan Ingersoll points out, monitoring could have an impact
outside the workplace as well. For instance, a lawyer representing
an employee suing the company for sexual harassment can demand to
see all the E-mail communications of the alleged perpetrator. "A
monitoring policy may strengthen an argument that an employer had
notice of the wrongful or discriminatory acts of its employees or
managers," says Berlin.
MacDonald of Stark & Stark says that E-mail may play a large role
in discriminatory and wrongful discharge cases in the future. MacDonald
predicts a rise of cases where groups may feel that they were discriminated
against and that their actions were unreasonably monitored by their
So what E-mail policies should bosses and workers adopt? "If the
decision is to monitor, use the least intrusive monitoring measures
necessary," says Berlin of Buchanan Ingersoll. He suggests monitoring
employee communications only during probationary or review periods.
As for employees, "Never say on E-mail anything that you would
not want your boss to read," says Maltby. "What is amazing
is that even in companies where employers have told their employees
about their E-mail policies, they are awfully casual about using E-mail."
Maltby says that the ACLU will continue to work to update privacy
laws: "Law always lags behind technology but in the case of online
privacy, the law is lagging far too much behind. The last time the
issue was brought up in Congress was in 1994 and the original sponsors
have not reintroduced it."
Maltby encourages employees to write their representatives. "We
are still a democracy, and if enough employee citizens write to their
congressmen maybe something will change." And until that happens,
Maltby warns, "be very careful."
— Teena Chandy
Tales abound of E-mail disasters resulting from the
inadvertent use of E-mail. You type a cheeky note to your colleague
in private and your boss could be reading it. The mouse pointer in
the wrong spot could get your message to the wrong person, and worse
still, a lot of wrong persons. CNET has posted some instances of E-mail
disasters at http://www.cnet.com, and also offers some tips
for safe and effective E-mail use:
for a set period of time before you send them. That gives you a chance
to double-check the addresses before they go on their way.
however, encrypting a message ensures that only the intended recipient
can read it, even if other people accidentally get the message.
for personal messages ensures private messages do not get mixed up
with business ones. You won’t have access to any company-wide aliases
from your freemail account, and your messages won’t be stored in your
company’s mail server.
E-mail aliases to make mass communication easier. So, when you open
a message that was mailed to the alias, the sender’s name shows up
in the From field — but the Reply To field is often set to the
company-wide alias. That means clicking "Reply" will send
the message to everyone. When you reply to a message, always make
sure the right address is in the To: line before you click Send.
work. Your employer may be monitoring your incoming and outgoing mail.
Send E-mail from home, use the phone, or have the conversation in
feature when posting to a mailing list. It generates useless traffic
that could slow down or shut down your E-mail system.
Anonymity on the Web is a rather fragile issue, as shown
by the just-settled lawsuit by the engineering company Raytheon against
its employees who participated in a business forum on the Internet.
Raytheon — a global company with 875 employees at the Carnegie
Center — obtained court motions against Yahoo!, America Online,
and the other Internet services to obtain the identities of 21 participants
who Raytheon alleged were using aliases to divulge company secrets.
The Raytheon employees participated in forums provided by mainstream
Internet companies, but the Web also offers other such "business
forums." Vault Reports, a New York based company, has posted the
"Electronic Watercooler," an online network of uncensored
bulletin boards, at http://www.vaultreports.com to attract employees
and job seekers from more than 800 companies. "Feel free to gossip
about your co-workers, share salary and bonus information, inquire
about the hiring process, chat about company culture quirks, and much
more" the website says. Usually anonymous, the messages on these
boards include everything from general workplace gripes to "insider
But how anonymous can you be on the Internet and are employees participating
in such chatrooms putting their jobs on the risk? Yes, if the Raytheon
incident is any indication. John Jessen, president and chief
executive of the Seattle-based Electronic Evidence Discovery Inc.,
says that they track down senders of anonymous E-mail all the time.
The Raytheon employees, who were generally exchanging gossip and chatting
about Raytheon’s stock price and business deals, used aliases to protect
their identities. Last week, after Raytheon had discovered all 21
identities, it dropped the suit against the employees. That prompted
countercharges that Raytheon used the legal system merely to discover
the identities. Four of the employees have since quit, and the others
have entered "corporate counseling."
Corrections or additions?
This page is published by PrincetonInfo.com
— the web site for U.S. 1 Newspaper in Princeton, New Jersey.