Menu
Just listening - the trend towards management e-mail monitoring

Just listening - the trend towards management e-mail monitoring

As e-mail increasingly becomes an essential tool for doing business, employers around the world are taking the stand that what gets transmitted over the corporate LAN is the company's business.

A growing number of bosses favour monitoring employee communications in hopes of cutting down on wasted time and avoiding liability cases for "inappropriate" material passed over the company network.

And while many workers may harbour an illusion of privacy concerning the messages they send and receive on company time, the truth is that employees around the world have few or no rights.

"The simple truth is that the state of the law (in the US) at the moment says that employees have no rights whatsoever," said David Sobel, staff counsel for the US-based Electronic Privacy Information Centre.

Despite a lack of laws and legal precedents, most employers, no matter what country they operate in, have an implicit right to eavesdrop on what employees say and do online without having to inform them first, according to George Thompson, communications product manager for the Electronic Messaging Association.

Currently, fewer than 8 per cent of companies monitor e-mail usage at all, yet 70 per cent believe they should retain the right to do so, according to recent research.

Barriers to conducting widespread e-mail monitoring range from questions about legal rights to a lack of employees who can devote the time, according to the study. And while software products are currently available that can scan e-mail systems for inappropriate words, such as Integralis Software's MIMEsweeper, companies are just beginning to consider monitoring options and may be unclear on how the products work, the study said.

Rights and responsibilities

Some employers' concerns regarding e-mail include erased messages, which can be used as evidence against an employee or the company in civil and criminal cases; decreased worker productivity due to hours spent "chatting" online; and the ability for employees to divulge trade secrets, according to a report conducted by the SHRM (Society for Human Resource Management), entitled "E-mail in the Workplace: How Much is Private?"

"Given that a company itself owns a network and is ultimately liable for the communications passed over it, it has a right to protect itself," Thompson said.

Part of the fear for US companies stems from a clause in the Communications Decency Act that says any operator of an online network (including e-mail) is liable for what passes over that network. Whether or not a company is liable for the information passed over its networks is at the centre of several court battles currently pending in the US R.R. Donnelley & Sons is being sued for $US500 million over a document circulated on the company network in 1987 which contained "sophomoric jokes" that the plaintiff found offensive, according to Bill Lowe, a spokesman for R.R. Donnelley. While the allegedly offensive e-mail is only part of a larger racial discrimination suit, R.R. Donnelley now has a policy in place that could result in the firing of an employee who is caught "transmitting material which people could find offensive" over a computer or telephone, Lowe said.

What most companies don't know, however, is that monitoring e-mail activity can actually work against them in liability cases, said Stanton McCandish, program director at the Electronic Frontier Foundation, which defends civil liberties in cyberspace.

If a company can prove that it did not have a monitoring policy in place at the time a questionable e-mail message was sent, a court would be less likely to hold that company liable, he said.

If a company does have a monitoring policy in place, a court could say that the company should have stopped the communication before it became an issue.

Left in the dark

But most companies don't have a formal

e-mail usage policy detailing employee rights and regulations, and may be confused as to what that policy should include, Thompson said. Currently no legislation in the US exists that explicitly governs employer/employee rights regarding e-mail monitoring. This leaves employees in the dark when it comes to understanding what their rights are.

"E-mail is probably the largest issue that employees don't understand when it comes to what their rights are in the electronic world," said Deidre Mulligan, staff counsel at the US Centre for Democracy and Technology.

A survey of 3,000 US and overseas companies conducted by the SHRM in 1996 found that while nearly 80 per cent of the companies used e-mail on a regular basis, only 36 per cent of these organisations maintained policies addressing proper e-mail usage.

In contrast, only 32 per cent of the companies that use e-mail had a broader privacy policy in place regarding paperwork contained in file cabinets and locked drawers. The trend towards developing e-mail usage policies before any other kind of privacy policy shows that companies are concerned about e-mail liability issues, according to Michael Losey, president and CEO of SHRM. "E-mail provides the impetus for many organisations to get a grip on broader privacy issues," he said.

A lack of clear-cut guidelines has led to several wrongful termination suits being filed in the US by employees fired due to inappropriate e-mails sent over the company network, according to Sobel. Employees assume that e-mail conversations are private and are sometimes shocked to find out their activities have been monitored without prior notification, Sobel said.

In a 1995 case tried in the US District Court for the Eastern District of Pennsylvania, plaintiff Michael Smyth sued The Pillsbury Company after being fired for allegedly sending slanderous e-mail about another employee over the company e-mail system.

Even though Pillsbury had "repeatedly assured its employees that all e-mail communications would remain confidential and privileged", the case was decided in Pillsbury's favour on the grounds that "the company's interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments", according to the court decision.

Cases involving Epson America, Compaq and Nissan were either settled in the company's favour or settled out of court.

"There will be more cases in the future, but the employees will always lose because they have no real basis on which to fight against e-mail monitoring," said McCandish. "What most companies don't realise, however, is that e-mail monitoring reduces employee morale and increases turnover and ultimately is a waste of time and money."

Outside the US, e-mail monitoring policies are few and far between, and laws governing employer/employee rights are even less prevalent than in the US. However, several European and Asian companies are increasingly interested in monitoring e-mail usage, mostly in order to curb employee abuse of the system.

Murky waters

While laws are in place in the UK that govern liability for the information which passes over a private network, companies are not necessarily informed about their rights. A recent survey of directors at 120 top UK companies, commissioned by the law firm of Theodore Goddard, found that 48 per cent of CEOs are unaware that e-mail is subject to libel laws. Only 20 per cent of the companies surveyed said they had a policy to protect themselves against libellous information generated by e-mail.

While the UK Defamation Act passed in mid-1996 does not specifically refer to the sending of e-mail, it does provide a legal framework for the transmission of information over broadcasting and online networks. Unlike in the US, operators of online networks - which includes corporations - are not necessarily responsible for the content which passes over that network.

Under the terms of the act, if a corporation can prove that it "did not know, and had no reason to believe, that what (the corporation) did caused or contributed to the publication of a defamatory statement", it can prove that it was not liable, according to a statement from Yaman Akdeniz, founder of the Cyber-Rights and Cyber-Liberties Organisation at the University of Leeds in the UK.

However, while companies may be protected from what employees transmit over their networks, employee rights remain murky and guidelines for e-mail monitoring are scarce within the UK and Ireland.

In parts of the Asia-Pacific region, it's common for employers to look at physical mail addressed to employees if there is reason to think that the mail concerns business matters, privacy experts say. That precedent would probably set the tone for any corporate policies specifically addressinge-mail.

In Australia, if employers do start monitoringe-mail, they would be obliged to inform workers ahead of time, and would probably end up wrangling with labour unions over the conditions that would trigger monitoring, according to Nigel Waters, head of the privacy branch at the Human Rights and Equal Opportunity Commission in Sydney.

Laws that deal with e-mail are virtually nonexistent in Asia, according to Roy Grubb, managing director of Hong Kong-based G&A Management Consultants. "At the moment, I don't know of anywhere in Asia that has specific laws governing e-mail monitoring," he said.

In addition, companies have not expressed interest in or concern about creating their own policies or guidelines for employee e-mail usage.

"Many companies in Hong Kong have a policy on opening physical mail addressed to employees, but they have none as yet for e-mail," Grubb said. If companies did think about the issue, most would probably tend to believe they had "every right to monitor" employee e-mail communications, Grubb said.

Even DHL, a large multinational freight forwarding company with some of its operations in Hong Kong and Australia, doesn't have a specific policy in place. Employees are told that e-mail is not for personal use, but no monitoring is done, said Nigel Green, group manager of IT planning for Asia-Pacific at DHL in Hong Kong.

But at least one Hong Kong company has gone so far as to make a general statement to employees concerning e-mail usage. The Hong Kong Jockey Club, a nonprofit entertainment organisation which did $US10.4 billion of business last year, made what an official called "an exhortation for people to behave" but did not set down specific guidelines.

"That's a more enlightened policy that will get you a better result," said Robert Neely, research and planning controller for the Jockey Club. The company spent a lot of money to get an e-mail system up and running and wants to encourage people to use it.

"If people perceive that by using the system they're inviting scrutiny, they just won't use it," Neely said.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments