E-mployment Law:  Internet Issues In The Workplace: The Need For An Internet Policy

What do the following subjects all have in common: sexual harassment; defamation; disclosure of trade secrets; copyright infringement; pornography and other addictions; fraud and misrepresentation; right to privacy; negligent hiring and training; overtime exemptions; ergonomics; and union organizing? Each of these subjects (and more) is implicated by the ability of employees to access the Internet in the workplace. It is imperative that employers recognize the impact -- both negative and positive -- the Internet can have on their business, and take steps to maximize the benefits of the Internet while minimizing its litigation-creating potential. The best way to be pro-active in this area is to develop an Internet and e-mail usage policy that provides guidance to both employees and supervisors. This Update explains why such a policy is necessary, and provides suggestions for drafting the policy.

It is an understatement to say that today's workplace is technology-driven. On the one hand, it is critical for a company that desires to stay on the cutting edge to make use of the available technology. On the other hand, however, the unrestricted ability of employees to access -- and misuse -- such technology in the workplace also can have a dramatic effect on companies. Consider the following:

Statistics show that a high number of employees access the Internet while at work. One study found that 55% of employees use the Internet for personal e-mail, and 46% use it for personal surfing.² Another author suggests that employees typically spend five to ten hours per week sending personal e-mail and searching the Internet for non-job-related information.³ The reality is, of course, that it is not uncommon for employees to use their employer's technical resources for personal reasons during working hours, leading to a loss of productivity. Moreover, this loss of production results not only from a loss of employee work-time, but also from the types of activities in which employees are engaging while accessing the Internet. In addition to sending and receiving personal e-mail (which can come attached with crippling viruses), employees are able to download large files such as music, images and software, the result of which is a strain on the company's network.

In addition to innocent (while disruptive) activity, employees also may use the Internet to access harmful or illegal information. Many employees, for example, access sexually explicit material on the Internet, some of which contains child pornography. Other employees may access information on how to commit crimes. It is common for copyright laws to be violated when employees download and use articles, photographs, and computer programs without proper licensing. When the access to such information is gained in the workplace, the employer may be held liable for the employee's actions.

Unfortunately, employee dissatisfaction is not uncommon, and numerous web sites have been created for the purpose of allowing employees to "vent" about their employers. One such site is "disgruntled.com," on which employees can post stories and complaints about their jobs and bosses. Employees also may engage in anonymous "cyberdefamation" or "cyberlibel" by posting false statements about their company over the Internet. Another way dissatisfied employees can harm a company is by posting truthful information about a company, such as company trade secrets and proprietary information.

Finally, it is increasingly common for evidence of harassment or other discrimination to come in the form of e-mail messages, jokes, and cartoons. Such e-mails may contain graphic images or derogatory and offensive jokes, which are sent from one employee to another or posted on the company bulletin board. Employees may also download pornography from the Internet and leave it in visible areas in the workplace. Employers who fail to prevent or curtail such conduct or who unreasonably fail to learn that it is occurring may be sued and held liable for hostile environment harassment or discrimination.⁴

Given the above, it is clear that employers must take steps to limit their exposure to company harm and liability due to employee access to the Internet and use of company e-mail systems. Such limits can be achieved through the implementation and enforcement of a detailed Internet and e-mail policy. Some employers choose to ban completely any personal use of the company e-mail system or access to the Internet. While such a ban may be permissible, it may not, as a practical matter, be enforceable or advisable. The effect on employee morale surely would be negative, and enforcement would be a full-time job. Thus, employers must weigh the benefits of permitting employee access to computer technology with the potential downside of such use when developing Internet and e-mail policies.

Employers should consider addressing the following topics in an Internet and e-mail policy:

• Appropriate business uses of the Internet, such as for research, periodic updates of business information or news, or for specifically approved projects.
• Appropriate business uses of e-mail, such as for communications with supervisors and co-workers relating to business activities.
• Permissible personal uses of the Internet and e-mail. Employers must decide whether they will permit occasional personal use of the Internet, including access for such activities as amusement, on-line shopping or participation in "chat groups" or bulletin boards. Employers may also decide to place restrictions on when the Internet may be accessed for personal use, such as during breaks or on lunch hours. Similarly, employers must decide whether employees may receive and send personal e-mail from company computers.
• Appropriate use of passwords and access codes.
• Importance of maintaining the confidentiality of company information.
• The unauthorized use of company computers for engaging in activity that is not permissible under the company's general discrimination and harassment policy, such as sending inappropriate, offensive, racist, sexually suggestive, or insulting messages or material.
• The unauthorized use of company computers and e-mail systems for solicitations, or for the posting of personal news.
• The unauthorized copying of copyrighted materials and other intellectual property, including music and third-party computer software.
• The disruption of the company's computer network, by such actions as turning off virus detection devices, saving non-essential e-mail messages, and downloading large files.
• The use of company technology for personal profit or gain, or for any illegal activity.
• Employee expectation of privacy in any conduct in which they engage on company computers, including e-mail. Employees should be informed that they should not have an expectation of privacy in any such conduct. Moreover, if an employer intends to monitor employee use of company technology, employees should be informed that such monitoring will occur. (The United States Senate and House of Representatives are both currently considering the "Notice of Electronic Monitoring Act" (the "Act") (S. 2898 and H.R. 4908) which, if enacted, would require employers to provide notice to employees before using electronic means to monitor electronic, wire or oral communications. The proposed notice to employees would need to include information regarding the form, means and frequency of the employer's monitoring. Subcommittee hearings regarding the Act were held by the House of Representatives on September 6, 2000. A future Update will contain information about the fate of this bill.)
• A procedure for reporting employee misuse of the Internet or e-mail system.
• Disciplinary measures for violations of the policy, up to and including termination.
• Responding to Violations of the Internet and E-mail Policy
• As with general employee policies, employers must decide how they will enforce and respond to violations of an Internet and e-mail policy. As mentioned above, enforcement may come in the form of periodic monitoring of employee use, such as by reading employee files, e-mail, and web site traffic logs.⁵ Company harassment and discrimination policies should be made applicable to Internet and e-mail use.
• Discipline resulting from violations of the Internet and e-mail policy should be tailored to the violation, and should be similar to the discipline which results from violations of other company policies. As always, any disciplinary policy should be applied consistently among employees. Supervisors should be trained in proper enforcement of the Internet and e-mail policy, to ensure non-discriminatory enforcement.

While the benefits of technology to businesses are enormous, employee access to such technology can yield problems for employers. As a result, employers who have not adopted an Internet and e-mail policy are encouraged to do so, using the above suggestions as minimum guidelines.

^1.This article is the first in a series of articles that will cover various topics implicated by the accessibility and use of technology in the workplace.

^2.See PR Newswire, "Almost Three-Quarters of Workers Say It's Okay For Employers To Monitor Their Internet Activities On The Job--Angus Reid Survey," PR Newswire Association, Inc., May 2, 2000 (visited June 27, 2000) http://www.prnewswire.com.

^3.See Amy Harmon, "On The Office PC, Bosses Opt For All Work And No Play," New York TIMES, September22, 1997, at A1,C11.

^4. For examples of cases in which e-mails have been used as evidence of harassment or discrimination, see Blakey v. Continental Airlines, Inc., 751 A.2d 538 (N.J. 2000) (concluding that if an employer has noticed that employees are engaging in harassment via the employer's electronic bulletin board, the employer has a duty to remedy the harassment); Irvine v. Video Monitoring Services., 2000 WL502863 (S.D.N.Y. April 27, 2000) (age discrimination claim based on e-mails deriding plaintiff's appearance); Coniglio v. City of Berwyn, 1999 WL 1212190 (N.D. Ill. December 16, 1999) (causing an employee to receive pornographic e-mail may constitute hostile environment sexual harassment); Spencer v. Commonwealth Edison Co., 1999 WL14486 (N.D. Ill. January 6, 1999) (hostile environment sexual harassment claim based on e-mail); Comiskey v. Automotive Indus. Action Group, 40 F. Supp.2d 877 (E.D. Mich. 1999) (use of e-mails to disprove reverse sex discrimination claim); Daniels v. Worldcom Corp., 1998 WL91261 (N.D. Tex. February23, 1998) (racial discrimination based on racist e-mail jokes); Owens v. Morgan Stanley & Co., 1997 WL403454 (S.D.N.Y. July 17, 1997) (same).

^5. While privacy issues must be considered, several courts have upheld an employer's right to monitor employee use of company technology. See, e.g., Bohach v. Reno, 932 F. Supp. 1232 (D. Nev. 1996); Smith v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996). The privacy implications of employee Internet and e-mail use in the workplace will be addressed in a future Update.

First published in September 2000