While all employees benefit from believing that their companies trust them, they must still accept the modern workplace reality that certain privacy interests must be carefully weighed against protecting valid business interests. Furthermore, employers have a need and a duty to make sure that all employees are putting in their fair share of time while completing assignments. No one should be allowed to waste valuable work time surfing the Internet or responding to personal emails while others are shouldering their proper tasks.
Do many employers regularly monitor computer and Internet usage?
At present, about 80% of large companies carefully monitor how their employees use workplace computers. They also routinely review all company website and social media postings and randomly review email exchanges and software downloads. Internet usage is also closely monitored. These practices can often help businesses avoid future lawsuits and financial losses.
Before addressing other key issues involved with monitoring your employees, it will be helpful to note how many companies provide notice to their workers that their computer usage and Internet activities will soon be regularly reviewed.
When and how do employers bring up computer and Internet monitoring to employees?
- At the time of hiring. You can make this a condition of accepting employment;
- When all periodic performance evaluations are conducted. At the end of these sessions, you can produce a carefully worded document, asking for the employee’s written consent for monitoring their computer usage and business communications. It may be helpful to note how this can help protect some of their own interests — and limit the harassment that some employees might otherwise engage in if no such monitoring existed;
- Include several paragraphs on the topic in your employee handbook. Always be sure that you later ask each new employee if they have any questions about this policy;
- Place a warning above the company’s computer network sign-in page. This warning might reference the employee handbook – or the written consent form you should have already obtained from each employee;
- Include a very clear and obvious “Notice” paragraph at the bottom of each outgoing email. This is an attempt to provide notice to third parties (such as non-business contacts who may include workers’ friends and family members who write to them at work – that any or all such emails are subject to monitoring and review).
Your signed consent forms should remind employees (along with the company employee handbook) that certain types of improper communications and usage of the Internet can result in disciplinary actions – and even firing.
As the following information indicates, your careful review of how employees are using their computers can prevent many serious workplace conflicts.
Harmful activities pursued by some using company computers, email and the Internet
- Harassing behaviors. Making illegal and damaging statements in emails may constitute sexual, racial – or other forms of harassment;
- Likewise, some types of email (or typed letters) may contain defamatory comments or illegal threats against others. No employee has the right to make serious threats against other employees or outside email recipients. These negative communications may simply imply that a specific person may lose his or her job if certain improper demands aren’t met;
- Critical company information (like trade secrets and intellectual property) may be stolen and then shared with others;
- Employees may download and then share copyrighted material or software, allowing others to make additional copies. This can also include the illegal download of porn materials — that are then sent off to others – or stored on your business databases;
- Workers may accidentally share harmful email and general computer viruses while using their computers in unauthorized ways;
- Employees may spend lengthy time periods surfing the net — unrelated to legitimate work assignments. Many companies wind up paying significant amounts of money each year for time that employees spent playing online games or enjoying other unauthorized Internet activities;
- Some workers may maliciously sabotage company files and data for no apparent purpose;
- Other employees may use their work computers and printers to complete tasks for their separate, private business needs.
Do employers have broad rights to monitor all employee activities at work?
Federal, state and even global laws can limit these rights. Also, most employers do not have the right to invade employee privacy by placing intrusive cameras or audio devices in restrooms or lunchrooms. However, they do have some specific rights to monitor how employees use equipment provided to them. And under certain circumstances, companies can even monitor how employees use their own personal computers while logged on to company networks and databases.
In general, any efforts you make to monitor employee communications must agree with the provisions of the federal Electronic Communications Privacy Act (ECPA). Fortunately, it does allow certain types of monitoring that fall within an acceptable “business purpose exception.” In other words, your monitoring efforts must have a direct tie to protecting a “legitimate business purpose.”
As already noted above, it’s crucial to discuss all these matters with your attorney to be sure your approach to computer monitoring will not subject your company to any employee or third-party privacy lawsuits.
What global, federal and Texas laws address all these various legal topics?
Keep in mind that companies regularly interacting with international clients or companies must be prepared to observe all the following types of governing laws.
- The European Union General Data Protection Regulation (GDPR) – and the laws passed by many of its members’ individual states;
- The Electronic Communications Privacy Act (ECPA)
- The Stored Communications Act
- Various federal wiretapping laws
- Texas statutes and case law that your lawyer can review with you
Some general guidance is also available on the Texas Workforce Commission website.
Companies of every size must give all these issues considerable thought before buying any types of computer monitoring software. You’ll also need to decide which DLP (data loss prevention) solutions or strategies are most likely to meet your company’s unique needs. For example, do you want to prioritize software that helps with network traffic monitoring, keystroke logging, natural language processing – or other methods? You’ll also need to consider what types of data encryption practices may be useful to you.
Fortunately, there are many outside consultants who can help you carefully evaluate all the current computer monitoring software that’s available – so you can find the best products that fall within an affordable price range for your company.
Please feel free to contact one of our Murray Lobb attorneys so we can address your current questions about monitoring your employees’ business communications and usage of the Internet. We can also help you draft the types of privacy consent forms and other paperwork that can help you more proactively safeguard your company’s business interests.