Employers wanting to be in compliance with employee privacy laws should ensure that employees understand that e-monitoring policies affect the employee’s reasonable expectation of privacy. In other words, if employees are told that their electronic communications will be monitored, then they cannot reasonably expect that they will be private. In a CER webinar titled “HR’s Monitoring Rules and Rights In California: Master E-mail, IMs, Blogs, and Social Networking,” Marc Jacuzzi outlined some tips for creating effective e-monitoring policies.
“If you intend on monitoring employee’s computer usage, emails, text messages, put video cameras in the workplace, you must have a policy,” Jacuzzi confirmed. “You want to make sure that the employees are all put on notice that there is no reasonable expectation of privacy in these matters.”
Compliance with Employee Privacy Laws: How To Create an E-Monitoring Policy
So, how do you stay in compliance with employee privacy law when creating your policy? Here are some key pieces that Jacuzzi noted should be part of your e-monitoring policy:
- Statement that there should be no expectation of privacy. Sample policy language: The company respects the individual privacy rights of its employees; however, employee privacy does not extend to the employee’s work-related conduct or to the use of company-provided equipment or supplies.
- Examples of legitimate business reasons for policy. Sample policy language: The company operates under this policy for several reasons including: (1) to ensure that these systems are only used for business purposes; (2) to follow-up on departing employees’ work-in-progress; (3) to ensure that the confidentiality of its trade secrets is being preserved; (4) to monitor employee performance; (5) to maintain the systems; and (6) to monitor our customer service and relations with outside businesses.
- Reasons for surveillance. If planning on conducting video surveillance or GPS tracking, make sure you articulate legitimate reasons for doing so in policy. Also reference all other areas subject to inspection. For example, if you plan to install video cameras (without audio – as that would require individual consent to comply with employee privacy law), state that cameras will be used and identify the areas that will be videotaped. Remember that some areas legally cannot be videotaped—such as employee changing areas. If you will use GPS to monitor employees, include that specifically in the policy.
- Description of basic usage policy. For example, should employer-provided technology (such as computers, PDAs, telephones, etc.) only be used for business purposes? Are employees permitted to make personal calls, send personal emails, etc., on employer-provided equipment when on break? Are employees permitted to send personal emails from work computer, but only from personal email accounts? These questions are important to answer to comply with employee privacy law because they outline where the employees should have – or not have – any reasonable expectation of privacy.
- Reference of all employer-provided devices and modes of communications. Add some “catch-all” terms and update policy regularly so your policy will not become outdated with advances in technology. Sample policy language: This policy describes the company’s guidelines with regard to the use of the company’s electronic mail, instant message, text message, voice mail, internet access and computer systems, as well as company-issued cellular and camera phones. The policy also describes guidelines with regard to personally owned computers, electronic devices, and cellular and camera phones used at the company or for company business.
- Explanation that the company can and will access electronic communications. This also aids compliance with employee privacy law by outlining where employees should not have any expectations of privacy.
- Statement that employees should warn family and friends not use systems for personal communications. This helps minimize risk of third-party claims for invasion of privacy. Sample policy language: Employees should inform family members and friends not to use the systems for any confidential messages (e.g., confidential voice mail, e-mail messages, instant messages or text messages).
- Explanation that passwords, codes, etc. must be disclosed and can be overridden.
- Reference of any other relevant policies, such as policy protecting confidential company information.
- Acknowledgement of receipt, with signature. May want to include acknowledgment of receipt of policy, especially if a stand-alone policy.
Jacuzzi explained that “it’s a good idea to have a policy in place, even though you may not implement the policy or use the policy. You may not even e-monitor. You still want the ability to e-monitor because the case may come up where somebody’s claiming that they’re getting harassing or intimidating or bullying-type emails and you want to go in and monitor it. So, do make sure that you have a policy in place, because it affects the reasonable expectation of privacy – i.e. if employees are told that their electronic communications will be monitored, then they cannot reasonably expect that they will be private.”
The above information is excerpted in part from a CER webinar titled “HR’s Monitoring Rules and Rights In California: Master E-mail, IMs, Blogs, and Social Networking,” with expert Marc Jacuzzi. To register for a future webinar, visit CER webinars.
Marc L. Jacuzzi, Esq., is a shareholder in the law firm of Simpson, Garrity, Innes & Jacuzzi. He advises clients regarding all aspects of the employer/employee relationship including hiring and termination, wage and hour requirements, employee classification, civil rights and discrimination issues, employee investigations, commission plans, employment contracts, employee handbooks and policies, confidential information agreements, reductions in force, leaves of absence, employment audits, M&A employment issues, violence in the workplace, and international employment issues.
I wonder if other people have noticed a generational difference in terms of privacy expectations. It seems like younger employees are much more accepting of e-monitoring, and almost “expect” it. Older employees are more resistant or surprised by it.
I wonder if other people have noticed a generational difference in terms of privacy expectations. It seems like younger employees are much more accepting of e-monitoring, and almost “expect” it. Older employees are more resistant or surprised by it.