United States: E-Mail Monitoring In The Workplace - An Overview

"Gentlemen don’t read each others mail." - Henry L. Stimson
Explaining (some say facetiously) the decision of War Department to close its decoding office.

"The joke around here is, ‘why did it take you 1700 pages to say: The employer can do it?’" - Professor Camille Hebert, Law Professor. Ohio State University, Author of Employee Privacy Law West, 1993.
As quoted in "High Tech, Low Privacy," Michael Higgins, ABA Journal, May 1999.

The Environment

If e-mail is not already the most frequently used means of communicating in the workplace, it is close and gaining on its only rivals, face-to-face meetings and telephone conferences. It is expected that, in the year 2000, forty million e-mail users the world over will transmit over 60 billion electronic communications.¹ Many of these will be sent from, to and within the American workplace. According to a 1998 survey conducted by the American Management Association, twenty percent of companies monitored their employees' e-mail.² This was an increase of five percent from the 1997 survey.³ Presumably, 1999 results will be even higher. These survey results epitomize why employer e-mail monitoring and employee privacy rights are significant and timely issues facing the nation’s workplaces.

This article explores the issues surrounding employer e-mail monitoring, including the rights and needs of companies to protect their property and themselves from liability, particularly with respect to harassment suits. The rights and needs of the workplace must be balanced against the privacy rights of employees. Do employees have a legitimate expectation of privacy with regard to e-mail and Internet use? The article also examines the constitutional, statutory and common law origins of privacy protection for employees, along with applicable case law that has examined privacy issues in the workplace, including e-mail monitoring. The case law and statutes have yet to keep pace with the changing technologies. Currently, there are no clear guidelines with respect to these monitoring issues, but it is evident that employers have the proverbial "upper hand", at least for the time being. The best defense for an employer in light of the case law and statutory ambiguities is to have a clearly written, uniformly enforced e-mail policy that is disseminated to all employee e-mail users.

For most of us, e-mail is a relatively new phenomenon. It was not so long ago that e-mail was as foreign a concept as that "information superhighway." E-mail’s days of anonymity are long gone. Today, email is a common, if not necessary tool used to facilitate communication, particularly in the workplace. According to some, e-mail has revolutionized the workplace.⁴

E-mail use has exploded, primarily because it is fast and easy to use. In our world of increasing workloads and decreasing available time, e-mail provides a way to manage the burden. If we need an answer to a question, we can just "shoot an e-mail" to our more knowledgeable co-worker. No need to worry about listening to voicemail, or worse, listening to our co-worker pontificate about that subject on which he or she is a self-proclaimed expert. We do not have to worry about the formalities that a letter requires. E-mail is at once less formal and, potentially, more personal.

These attributes may also be some of e-mail’s biggest shortcomings. Less formal means less attention focused on what is being written. More personal means we may include confidential, offensive or sensitive information, believing that we are sending a private, intimate message for the recipient’s eyes only.

E-mail has the added benefit of being more direct. There is no lag time between composing the electronic message and having it arrive at the receiver’s computer terminal. We expect and usually receive a faster response to our e-mail than telephone messages and formal written correspondence. We can relay a detailed message with relative ease and, best of all, save time doing it. Today, we do not ‘think twice" about e-mail. That may be a problem.

Less caution and care can lead to litigation. E-mail can take on a life of its own. It can be distributed, copied and read without the sender’s knowledge once he or she hits that "send" button. We have all heard of that poor soul who inadvertently sent that presumably private e-mail complaining about his boss to everyone in the office, including the inhuman boss. In addition, because email is often used in conjunction with a computer network system, it is stored "on the system," even if the individual user has deleted it from his or her in or out box. A supervisor can simply have the stored messages printed for his review.

On the other hand, e-mail can be an invaluable legal tool. It provides a "written record" with which to support allegations or defend allegations. This is particularly true in an employment situation where there may be allegations regarding harassment or discrimination. The electronic "paper trail" can be used to show what exactly was "said." In addition, e-mail messages may be admissible at trial.

However distasteful Secretary Stimson might find such monitoring, employers have some compelling reasons to monitor the e-mail of their employees. The reasons can run the gamut from simply monitoring employee productivity and quality control to more serious issues of protecting proprietary data or the rights and safety of employees. Employers have, in one fashion or another, always performed these oversight functions. The need for employers to enhance their ability to carry out these responsibilities has never been greater.

A recent Wall Street Journal article⁵ demonstrates the increasing need for monitoring in the workplace. The article examines the increasingly popular work time "activity" of shopping online. Sometimes covertly, sometimes not, employees spend work time taking care of shopping needs via the Internet. Of course, these employees are using employer owned computers and Internet service to facilitate their online shopping. They do not see the problem with a little lunchtime cyber shopping. Many liken it to personal phone calls or talking to coworkers. Many see it as a trade-off for long hours spent at the office.

The problems arise, however, when the shopping takes place while the employee is supposed to be working rather than at lunchtime and when company resources are expended as a result of the shopping, such as delivery of the packages by the office mail clerks. One administrative assistant interviewed in the article recalled delivering four personal packages to one individual in a single day.⁶ One Internet retailer says 65 percent of its orders are placed between 9 a.m. and 5 p.m. during the week with a significant falloff on the weekends.⁷

"While many companies these days have taken to monitoring their employees’ Internet usage to ensure they aren’t accessing pornography or other questionable content, shopping sites usually don’t come under scrutiny."⁸ Carole Barnes, a labor and employment attorney, warns that companies should "crack down."⁹ She says that excessive junk e-mail created by online shopping could clog a company’s server and cause it to crash.¹⁰ In addition, time spent shopping at work, or any other personal Internet use, still boils down to time diverted from business. Cyber shopping is another area employers will have to address and determine what is reasonable and permitted use.

At a minimum, it is not unfair for an employer to insist that employees use their working hours (to say nothing of the facilities and computer equipment provided by the employer) in furtherance of the employer’s business rather than "surfing the net" to check on their horses, visit "chat rooms" or pique their lust by visiting pornographic web sites. What about the employee who has access to patented designs, customer lists, pricing data, marketing strategies or other trade secrets and is interviewing with a competitor? Or, the first-year law firm associate who is unwittingly transmitting privileged client information beyond the firm? How about the employee who is creating a "hostile environment" in the workplace by sending offensive sexist or racist messages or material over the employer’s e-mail network? Or the same sort of maladjusted employee who transmits defamatory messages about co-workers?

On the other side of the debate over e-mail monitoring are the employees, unions and advocacy groups that fear without some restrictions on an employer’s ability to monitor e-mail, privacy protection will all but disappear from the workplace, resulting in an "electronic sweatshop," where constant monitoring takes place.¹¹ Employer monitoring has strong traditions but the advent of new technologies promises to make the task easier, less obvious, and potentially more intrusive.

Some companies are already taking the offensive (no pun intended) and installing software which will limit an employee’s access to the Internet or will block language that is considered to be racist, profane or otherwise offensive.¹² Michael Bloomberg, founder and chief executive officer of Bloomberg, L.P. had screening software installed on the computers of Bloomberg’s employees and extended it to the company’s customers out of fear that offensive e-mails would lead to harassment suits. Bloomberg’s is an online service that stock traders and others can use to access prices and other information on financial markets, as well as to send and receive messages. On a busy day, approximately three million messages cross Bloomberg’s 120,000 screens.

Wall Street traders, of course, are furious, complaining they are being treated like five-year-olds and that colorful language is sometimes necessary to adequately describe a particularly bad deal, for example. Bloomberg’s unsympathetic response is that the "cowboy atmosphere that used to be a part of newsrooms and brokerage firms is no longer possible in this day and age" and that his company has a duty to protect its customers.¹³

Another Wall Street Journal article reports that companies, such as 20th Century Fox and Image First, a uniform manufacturer, have installed computer-monitoring devices made by Enron Software, Inc. that scans employee e-mail to prevent the transmission of sexually offensive messages.¹⁴ After an e-mail harassment incident, Image First informed its employees that e-mail would be reviewed for violations of the company’s harassment policy. Other employers, including First Union Corporation have fired employees recently for sending harassing e-mail. Kathleen Neville, a sexual harassment consultant warns that "Unlike in-person conduct, e-mail harassment is easy to prove since the electronic trail documents allegations."¹⁵

There are arguments about respecting human dignity and about questionable reasons for employer’s to be monitoring, such as for their own curiosity, rather than to protect the business. In fact, many if not most, employees appear to be naïve about company monitoring practices.¹⁶ One employment survey found that more than 90 percent of the employees surveyed believed that employers collect only information that is relevant and necessary.¹⁷ Some studies have indicated that employer surveillance takes a physical as well as emotional toll on employees, leading to decreased productivity, the very thing employers argue they are trying to increase through the monitoring.¹⁸ Clearly, at the very least, employee education about employer policies is needed.

The fact is, due in part to concerns like these and the increasing efforts of our brethren at the plaintiffs’ bar to sue employees based upon allegations of employee misconduct of one sort or another, the obligation of employers to "police" (probably not too strong of a word) the conduct of employees and life in the workplace has never been greater. The role of employer has become more paternalistic than ever. In this context, it is not unreasonable to expect employers to use any and all of the available technologies to monitor the conduct of their employees. Fortunately for employers, as Professor Hebert recognizes, the law seems to agree.

To date, no specific, adequate legislation has been passed that addresses e-mail privacy and monitoring. For now, employers and employees must rely on existing federal and state constitutional and statutory provisions that might apply to e-mail monitoring, as well as existing tort law. Indeed, before monitoring employee e-mail, the employer must be aware of the potentially applicable laws in order to avoid violating the employee’s right to privacy and/or the law.

The right of privacy appears to be a diverse and growing bundle of rights, which finds its roots from the United States Constitution, state constitutions, statutory sources and the common law.¹⁹ According to Steven Winters, an advocate for protecting employee privacy, particularly with respect to e-mail, these sources do not adequately protect an individual’s privacy in the workplace. Part of the frustration on the part of privacy advocates invariably stems from the fact that the Constitution applies almost solely to government actions and that current case law and statutes dealing with privacy have not fully addressed new computer technology, including e-mail. For example, issues of computer privacy do not analogize well to current Fourth Amendment law that focuses on searches and seizures.²⁰

It is now "black letter law" that the U.S. Constitution and those of most of the fifty states have, either explicitly or implicitly, recognized a right of privacy. The Fourth Amendment provides for "the right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures...." This right of privacy protects citizens from governmental action, be it federal or state. However, it is clear from the language of the Amendment that the protection does not extend to the private workplace. Indeed, a survey of the case law interpreting the various constitutional provisions in which courts have recognized a right to privacy have almost always done so in reference to infringements on that right by government, not private sector employees. Therefore, in an employment context, it appears that only government employees may make a claim for privacy protection of their e-mail under the Constitution; private employees have no Constitutional guarantee of privacy in the workplace, unless infringed by a government search or seizure.²¹

In examining privacy rights, the courts have historically employed a reasonable expectation analysis.²² Generally, the courts have interpreted this reasonable expectation analysis to mean that a person’s privacy can be violated only where that person has a reasonable expectation of privacy. ²³ The usual analysis involves determining whether the expectation was reasonable under the particular facts and circumstances of each case.²⁴

Historically, the courts have not found a reasonable expectation of privacy on the part of employees. Rather, the courts have favored an employer’s right to protect its interests over the employee’s right to privacy for reasons such as (1) the work is done at the employer’s place of business, (2) the employer owns the equipment being used, (3) it is the employer’s business being conducted on the equipment, (4) the employer has a strong interest in monitoring employee activity to ensure quality and quantity of work and (5) to protect the employer’s property interests against theft and/or fraud.²⁵ This is true even for government employees who are presumably protected under Fourth Amendment law.

The seminal case on the privacy rights of public employees and work related searches and seizures is O’Connor v. Ortega.²⁶ The Supreme Court, in a plurality decision, held that the privacy interests of a public employee are outweighed by the government employer’s substantial interest in maintaining and protecting a well-run workplace.²⁷ The plurality found that supervisory searches of public employees’ offices are subject to the reasonableness standard. This reasonableness standard provides for less stringent requirements than a police investigative search.²⁸

Dr. Ortega, a psychiatrist, worked at a state-owned hospital.²⁹ In response to allegations of Dr. Ortega’s mismanagement of the residency program at the hospital, hospital employees entered and searched his locked office and removed certain items from his files.³⁰ Ortega was fired and subsequently sued the hospital claiming that the search violated his Fourth Amendment rights against unlawful searches.³¹ While the Court found that an employee who works for a government employer had a reasonable expectation of privacy, it qualified the expectation, opining that:

The plurality also found that a search conducted by a government employer is reasonable where the employer’s need for monitoring the activities of the workplace outweighs the invasion of the government employee’s privacy rights.³³ The court’s holding seems to indicate that there is little protection for employees’ privacy rights in both the public and private sectors. By analogy, it would appear that e-mail communications would be subject to the same restricted privacy expectation. It seems doubtful, then, that e-mail would be protected under the Fourth Amendment.³⁴

It is worth noting that the Supreme Court has historically tended to rule in favor of the "alleged infringer of privacy" in monitoring privacy cases.³⁵ Usually, the Court has found that the plaintiff did not have a reasonable expectation of privacy and/or that there was a compelling governmental interest for the seizure of disclosure that outweighed any expectation of the individual. Analogizing to the e-mail context, it seems unlikely that an employee’s expectation of privacy would be found to be reasonable, since most users should realize that a network manager could have access to their e-mail accounts.³⁶ Although most employees may not assume that the network manager would read their mail, the employees have knowingly and voluntarily sent their e-mail over the employer’s computer system, making it "fair game" for review.³⁷ This is even truer if the employer has an established monitoring policy.

It is unlikely that employees will find much protection from e-mail monitoring under current federal and state statutory laws. The relevant federal law, although arguably applicable to e-mail, may fail to provide protection because of ambiguity and several wide-reaching exceptions.³⁸ The pertinent state statutes also fail to adequately limit monitoring.³⁹

The Electronic Communications Privacy Act of 1986 ("ECPA") is the federal statute that governs protection of electronic communications.⁴⁰ The ECPA was initially enacted to protect electronic communication that "affects interstate or foreign commerce."⁴¹ The ECPA amended the Omnibus Crime Control and Safe Streets Act of 1968 (the "federal wiretap statute") in an attempt to update federal privacy protection law to take into account the technological advancements made in the area of electronic communications. "The ECPA prohibits the intentional interception, use and disclosure of oral, wire, and electronic communications.⁴² The Act expanded the scope of the wiretapping statute to include the interception of electronic communications and stored electronic communications, such as between computers, or between a computer and a system user.⁴³ Presumably, then, e-mail is included within the definition of electronic communications. The ECPA does not, however, prohibit the monitoring of stored e-mail messages. Stored e-mail is not considered to be "electronic communications" under the ECPA.⁴⁴ In addition, in order to prove that an e-mail has been "intercepted" in violation of the ECPA, it must be shown that the e-mail was acquired contemporaneously with its transmission.⁴⁵ The ECPA preempts those state laws that provide less privacy protection to employees than it does but allows states to go further. The states are free to determine their own level of protection as long as they meet the minimum standards of the ECPA.⁴⁶ Many states have already done so.

Under the ECPA, an employer could potentially be liable for injunctive and declaratory relief, nominal damages, actual damages, including any profits to the defendant resulting from the violation, and reasonable attorney’s fees and costs.⁴⁷ Punitive damages are available for interception violations.⁴⁸

Like most of its state counterparts, the ECPA creates exceptions to its protection (1) when a non-interstate system is involved, (2) where prior consent is obtained, explicitly or by implication, and (3) where interception occurs "in the ordinary course of business" - a condition fraught with room for unfriendly judicial construction.

By its terms, the ECPA does not appear to apply to intra-workplace e-mails but probably does apply to systems to which outsiders have access (i.e., interstate v. intrastate commerce). In other words, the ECPA seems to only protect messages sent over public networks such as CompuServe, Prodigy, Internet and MCI Mail.⁴⁹ The definition of "electronic communications" under the statute only pertains to those communications that affect interstate of foreign commerce.⁵⁰ Intra-company protection seems to apply only to wire communications where a human voice is involved.⁵¹

Under the ECPA, interception of electronic communications is allowed where one of the parties to the communication in question has given prior consent.⁵² The employee is not protected, though, even if he or she did not provide explicit consent. Indeed, consent "may be implied from ‘surrounding circumstances indicating that the (parties) agreed to the surveillance.’"⁵³ However, constructive consent is inadequate.⁵⁴ In addition, the exception does not protect an employer where the communication is intercepted "for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State."⁵⁵

Watkins v. L.M. Berry & Co.⁵⁶ is the preeminent case regarding the scope of the consent exception.⁵⁷ The Watkins court, in reversing a summary judgment for the defendant, held that an employee’s consent is limited to the scope of the employer monitoring policy. Watkins, a sales representative of the defendant, was hired and trained to solicit present and prospective Yellow Pages advertisers.⁵⁸ During the course of her employment, Watkins received a personal phone call from a friend regarding a job interview that she had with another company.⁵⁹ Unbeknownst to Watkins, her supervisor monitored the phone call and heard the discussion of the job interview.⁶⁰

L.M. Berry had an established monitoring policy regarding solicitation calls, of which all employees were informed.⁶¹ The monitoring was done with the purpose of improving sales techniques.⁶² Employees were permitted to make personal calls and were told that personal calls would not be monitored except to the extent necessary to determine whether the call was personal or business in nature.⁶³

The court opined that Watkins did not consent to a policy of general monitoring and that if the supervisor’s interception went beyond what was necessary in order to determine the nature of the call, then it went beyond Watkin’s consent.⁶⁴ Further, the court dismissed the idea that knowledge of a monitoring capability constitutes implied consent.⁶⁵ "Consent…is not to be cavalierly implied." ⁶⁶

The court also rejected the defendant’s argument that the monitoring of this particular call was justified in the ordinary course of business. ⁶⁷ The court held that a personal call may not be intercepted in the ordinary course of business, except to the extent necessary to guard against unauthorized use of the telephone or to determine whether the call is personal or not.⁶⁸ "In other words, a personal call may be intercepted in the ordinary course of business to determine its nature but never its contents.⁶⁹ L.M. Berry had exceeded the defined limits of consent in its own monitoring policy.

Conceivably, e-mail monitoring to the extent necessary to determine the nature of the e-mail would be acceptable as long as the employee was aware of the employer’s policy. Presumably, the employee’s use of the system would constitute implied consent. Realistically, however, it is difficult to know whether e-mail could be monitored in a similar fashion to phone calls. An e-mail policy would have to be explicit about the way in which the monitoring would be conducted.

Indeed, the monitoring would vitiate consent if it went outside the bounds of the established policy.⁷⁰ As another case, Deal v. Spears,⁷¹ demonstrates it is imperative that the employee be aware that monitoring is being done, not just that it may be done.⁷² The Spears, owners of a liquor store, decided to install a recording device on their store telephone after the store was burglarized and they believed it to be an "inside" job.⁷³ Prior to installing the device, Mr. Spears had warned the plaintiff about her excessive use of the store telephone for personal calls and said that he might resort to monitoring calls in order to curb the abuse.⁷⁴

The appellate court, in affirming the decision of the trial court that the defendants violated the Omnibus Crime Control and Safe Streets Act of 1968, found that the plaintiff did not consent, either explicitly or impliedly, to having her telephone conversations monitored. The court focused on the fact that Mr. Spears had said only that he might monitor, rather than that he would be monitoring. While agreeing that the defendants had a legitimate business reason for monitoring the phone calls (since their store had been burglarized), the court found that the extent to which the Spears monitored (including listening to twenty-two hours of recordings) the plaintiff’s telephone calls was not justified. In this case, clearly the monitoring was beyond the reasonable scope of business interest.

There are two provisions in the ECPA which address the "in the ordinary course of business exception."⁷⁵ One provision has been relied on in telephone extension monitoring cases, but may be inapplicable to e-mail monitoring unless telephone equipment or facilities are specifically involved.⁷⁶ This telephone equipment distinction, which has been narrowly construed, essentially allows interceptions where the telephone or telegraph equipment is used in the ordinary course of business.⁷⁷ It is unclear whether the equipment used for e-mail, such as a modem, would fall under this provision.⁷⁸ The other provision allows certain interceptions by electronic communication service providers or their "agents."⁷⁹

It is the "business use" element of both provisions that may be construed broadly to give employers significant authority to intercept and monitor e-mail messages.⁸⁰ System maintenance and protecting the property rights of the telecommunications service provider are both legitimate reasons for monitoring/intercepting employee e-mail, if the interception was made in the ordinary course of business.⁸¹ The employer would need to show that the monitoring was necessary to render service or to protect their rights or privacy.⁸² It is also possible that these two justifications may include such reasons as the need to prevent abuses of the system such as computer crime, system failure or unpermitted personal use, such as browsing pornography websites.⁸³ While the business use exception has generally been broadly construed, some courts have limited the exception with respect to the scope of the intrusion and the nature of the communication.⁸⁴ A review of local laws for a definition of "ordinary course of business" is advisable for employers.⁸⁵

It is foreseeable that employers will be able to prove legitimate business reasons for monitoring e-mail communications, provided that the monitoring is limited in its scope.⁸⁶ It may be more difficult to limit e-mail monitoring than telephone monitoring, but employees are entitled to some privacy with respect to the content of their messages.⁸⁷

Various analogous state statutes to the ECPA provide employees with protection with regard to stored wire and electronic communications.⁸⁸ Most attempts to provide greater privacy protection to employees, however, have generally been unsuccessful. In Illinois, the Illinois Eavesdropping Statute is the governing statute to protect an individual’s privacy with respect to electronic communications.⁸⁹ The statute prohibits an individual from the unauthorized listening or recording⁹⁰ of a conversation unless:

1. he has the consent of all of the parties to the conversation; or
2. he is listening or recording pursuant to a court order in accordance with Article A or Article 108(B) of the Code of Criminal Procedure.

The Illinois statute, however, does not specifically apply to cover electronic communications such as e-mail. If the statute is later amended by the legislature or interpreted by the courts to include electronic communications, the consent requirement could severely limit e-mail monitoring, especially if the consent of the party to whom an employee is communicating is necessary.⁹¹

Because of the ambiguity surrounding the application of the ECPA to e-mail monitoring and the rights provided by the statute and the Constitution, employees may be able to find relief under the common law tort of "invasion of privacy." The common law of most states now recognizes tort causes of action for "invasion of privacy" or "intrusion upon seclusion" which may be implicated by monitoring employees’ e-mail. One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.⁹² Historically, the courts have considered whether there was an intentional intrusion, the location and private nature of the activity involved, whether the intrusion was "highly offensive to a reasonable person," and whether there was a legitimate reason that warranted the intrusion.⁹³ For an employee, it might be difficult to prove the four elements because any unintentional access to an e-mail message by a network manager, for instance, would defeat a privacy claim. In addition, e-mail sent to and from the workplace could be construed as non-private and, therefore, exempt from any protection.

These actions usually require both a reasonable expectation of privacy on the part of the employee and unreasonably invasive conduct on the part of the employer. Both elements are difficult to satisfy where e-mail in an employment context is concerned.

Two employees of Nissan Motor Corporation attempted but failed to prove a common law invasion of privacy claim against their employer. In Bourke v. Nissan Motor Corp.,⁹⁴ an unpublished opinion, the California appeals court affirmed Nissan’s motion for summary judgment dismissing plaintiffs' claims for common law invasion of privacy and violation of the constitutional right to privacy.⁹⁵ Based on undisputed facts, the court plaintiffs had no reasonable expectation of privacy in their e-mail messages.⁹⁶ The plaintiffs each signed a Computer User Registration Form that restricted the use of company-owned computer equipment and software to business use only.⁹⁷ Both plaintiffs were aware that, from time to time, e-mail messages were read by someone other than the intended recipient.⁹⁸ Six months prior to her termination, Bourke was contacted and warned about sending e-mails of a sexual nature.⁹⁹ One of Bourke’s messages had been randomly selected to demonstrate e-mail use during a training session at an Infiniti dealership.¹⁰⁰

In a leading decision on private sector employment, a Pennsylvania federal district court determined that under Pennsylvania law, a "company’s interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments."¹⁰¹ The case, Smyth v. Pillsbury Co., is particularly instructive since the plaintiff’s complaint was dismissed despite allegations that the defendant employer had given assurances that e-mails would not be intercepted. Smyth was an at-will employee who claimed that Pillsbury wrongfully terminated him from his position.¹⁰² Pillsbury maintained an e-mail system to facilitate internal corporate communications between its employees.¹⁰³ Pillsbury gave repeated assurances to its employees, including the plaintiff, that all e-mail communications would remain confidential and privileged and that the communications could not be intercepted and used by the company against its employees with regard to termination.¹⁰⁴

The plaintiff received an e-mail message from his supervisor over the defendant’s e-mail system on his residential computer.¹⁰⁵ Relying on the defendant’s assurances regarding privacy, plaintiff exchanged e-mails with his supervisor which were later deemed to include inappropriate and unprofessional comments.¹⁰⁶ Contrary to its prior assurances, defendant terminated the plaintiff’s employment based on those intercepted e-mails.¹⁰⁷ Apparently, the e-mails concerned the sales management and contained threats to "kill the backstabbing bastards" as well as references to the Holiday party as the "Jim Jones Koolaid affair."¹⁰⁸

The Smyth court rejected the plaintiff’s wrongful discharge claim under the public policy exception that an at-will employee may be discharged at any time.¹⁰⁹ The court held that, unlike urinalysis and personal property searches, there is no reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system, even though assurances were given that e-mail messages would not be intercepted by management.¹¹⁰ The court also found that once the plaintiff communicated alleged inappropriate comments to a second person over an e-mail system that was apparently utilized by the entire company, any reasonable expectation of privacy was lost.¹¹¹ Of note to the court was the fact that the defendant did not require the plaintiff to disclose any personal information about him and that he voluntarily communicated the alleged unprofessional comments over the company e-mail system.¹¹²

The court further noted that even if it had found a reasonable expectation of privacy with respect to the e-mail message, it did not find that a reasonable person would consider the defendant’s interception of the communication to be a substantial and highly offensive invasion of his privacy.¹¹³ "Moreover, the company’s interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments."¹¹⁴

Another case, decided by a Virginia federal district court, illustrates a government employee’s expectation of privacy when his government agency employer has an official policy regarding Internet use. The court in U.S. v. Simons, ¹¹⁵ in denying the defendant’s motion to suppress evidence obtained from his office computer, found that defendant lacked any reasonable expectation of privacy with respect to his Internet use while at work.¹¹⁶ The court also found that the employer’s search of defendant’s computer hard drive did not violate his Fourth Amendment rights and that the employer’s copying of defendant’s e-mail from his computer hard drive did not violate a statute prohibiting electronic interception of personal telephone calls without a warrant.¹¹⁷

Defendant Simons was employed as an engineer within the Foreign Bureau of Information Services component of the CIA.¹¹⁸ Defendant had access to a computer owned and operated by the CIA as well as Internet access.¹¹⁹ After a systems operations manager conducted a keyword search of the word "sex," in order to detect any inappropriate activity, a number of "hits" to pornography sites were traced back to defendant’s workstation.¹²⁰ Defendant had downloaded over one thousand files, some of which appeared to be child pornography.¹²¹ Subsequently, a warrant was issued and defendant’s hard drive was copied and replaced.¹²²

Recognizing the reasonableness test from Katz v. U.S.,¹²³ the Simons court noted that whether an employee has a reasonable expectation of privacy must be decided on a case-by-case basis.¹²⁴ Following the Ortega court, this court recognized that office practices and procedures may reduce a government employee’s privacy expectations with respect to their offices.¹²⁵ In the instant case, the FBIS had an official policy regarding Internet use that applied to all FBIS staff.¹²⁶ The court considered the employers’ prior notification that it would monitor e-mails to be dispositive of the asserted expectation of privacy. Given the existence of the policy and its legitimate business interests in regulating unauthorized use of the Internet, the court found that defendant had no reasonable expectation of privacy.¹²⁷ Further, even if defendant had a reasonable expectation of privacy, the court must balance the invasion of the privacy against the government’s need for supervision and control.¹²⁸

The court found the invasion of privacy here to be justified based on the findings of pornographic "hits" and reasonable in its scope.¹²⁹ The court also found the copying of defendant’s hard drive to be reasonable and not in violation of the Fourth Amendment. Defendant had tried to argue that once the misuse of the Internet was discovered, the investigation turned in one of a criminal nature and, therefore, required obtaining a search warrant.¹³⁰ Again, the court found that the CIA had a legitimate business interest in pursuing the investigation.¹³¹

Both the Smyth and Simons decisions have held that an employee may not reasonably expect such privacy.¹³² Likewise, employers’ monitoring e-mail is not likely to be viewed as unreasonably invasive, under circumstances that usually reveal conduct by employees which is comparatively more outrageous (e.g., threats, defamatory statements as in Smyth, receipt of child pornography as in Simons). Further, reading e-mail which has already been sent (read "broadcast") is not on the scale of invasiveness or as offensive as true "eavesdropping" on communications as they are being made.

The lines begin to blur and the expectations of privacy and rights of employees and employers become less clear as the parameters of the employment relationship and boundaries of the workplace shift. No cases have directly addressed situations in which an employee is working from his/her home and/or accessing an employer’s network with his/her own computer equipment. Likewise, no cases have addressed independent contractor or temporary hire situations.

Many of us will litigate issues like these as matters of first impression. The circumstances may be very "fact specific" but will all turn on the expectation of privacy.