E-Mail Privacy Rights In Business 18539 Essay Example

as other sectors.

Not only is it struggling with how to keep pace with the growing need for fast and efficient e-mail, but also the dangers associated with it. Among these dangers is privacy, in particular, what legal rights corporations and employees have in keeping their communications private. This paper will introduce the current legislation in this area, the expectation of privacy an employee should have, any court decisions that provide additional ruling, and what a corporation can do to prevent litigation in these matters.

Employees Expectation of Privacy in e-mail

Initially as an e-mail systems manager, my belief was that since the company owns the electronic messaging system, they could access the contents of any employees' e-mail account at any time. However, my understanding was only partially correct.

The current legislation offers a detailed explanation of this matter, while also emphasizing the importance of recognizing employees' privacy protection for their emails. The company's information is regarded as its most valuable asset. Technological advancements have facilitated the generation of more valuable data, but they have also made unauthorized access to such data easier. Employees can expect a certain level of privacy protection from three primary sources: (1) The United States Constitution; (2) Federal Statutes such as The Electronic Communications Privacy Act of 1986; and (3) State Statutes, although many still require addressing this matter.

Privacy safeguards for a limited group of employees in the United States Constitution are grounded on guarantees from the Fourth amendment and similar state constitutions. These protections, which aim to prevent "unreasonable search and seizures," also apply to privacy invasions at the workplace. It is crucial to acknowledge that these rights exclusively pertain to government intrusions

and do not extend to private employers, unless an employee can demonstrate "state action." The case of Schowengerdt v. General Dynamics Corporation [823 F.2d 1328, 1332 n.3 (9th Cir.)] established this legal precedent.

In 1987, Schowengerdt argued that employees have a reasonable expectation of privacy in their work areas, like their office, unless the employer has indicated regular work-related searches. However, the court ruled that an office search without a warrant would be allowed if it was both work-related and reasonable. This interpretation aligns with the 4th amendment, which only prohibits unreasonable searches and does not provide complete protection against all searches. Courts have defined unreasonable searches as those conducted on individuals who have a protected expectation of privacy.

The case of United States v. Perkins exemplifies this concept, as it was stated in the ruling "[383 F. Supp. 922, 927 (N.D.)]".

According to Ohio 1974, employees who are aware of monitoring policies and do not expect privacy generally do not have constitutional protection. The policy should inform employees that e-mail messages may still be audited despite certain features indicating privacy (such as personal passwords and message deletion capabilities).

The introduction of e-mail addresses through technological advancements has revolutionized communication for businesses and individuals. However, this convenience also increases the risk of misuse. To prevent unlawful activities and protect e-mail users, Congress implemented the Electronic Communications Privacy Act of 1986 (ECPA).

[Public Law Number 99-508, 100 Statutes 1848 (1986) (codified at 18 U.S.C. Sections 2510-2521, 2701-2710, 3117, 3121-3126 (1988)).] The ECPA amended Title III of the Omnibus Crime Control and Safe Streets Act of 1968, [18 U.S.C.

The Electronic Communications Privacy Act (ECPA) of 1986, also known as §§ 2510-2520 (1994),

was enacted to update the limitations of the 1968 Act regarding privacy protection for "wire" and "oral" communications. Its main objective was to modernize wiretapping laws and address civil liberties concerns resulting from advancements in technology. The ECPA broadened the scope of Title III to encompass interception of "electronic communication" and unauthorized access to stored electronic communications [18 U.S.C. § 2510(1), (4), (12), (17) (1994)]. Although not explicitly mentioned, email was originally intended to be included in the ECPA's definition of "electronic communication".

As per the Electronic Communications Privacy Act (ECPA), electronic communication involves transmitting various forms of data through systems like wire, radio, electromagnetic waves, photoelectronic devices, or photooptical devices that impact interstate or foreign trade [18 U.S.C. § 2510(12)(1994)]. While not explicitly mentioned in the legislation, it is implied that email and other types of electronic communication such as digitized transmissions and video conferences are included within this definition [S.].

According to the Electronic Communications Privacy Act (ECPA) [Rep. No. 99-541, at 14 (1986)], it is forbidden to intercept electronic communications.

The ECPA modified the definition of "intercept" in sections 2511(1)(a) and 2520 of the United States Code, changing the scope to encompass wire, electronic, or oral communications. The expansion includes electronic communications that cannot be accessed through auditory methods by adding "or other". However, only a few courts have narrowly interpreted this provision within the ECPA's interception clause.

The decision in Steve Jackson Games, Inc. v. United States Secret Service [36 F.3d 457 (5th Cir. 1994)] by the 5th Circuit Court highlights the difference between e-mail in "transfer" and e-mail in electronic storage. The court had to determine if the Secret Service's seizure of a computer

used for an electronic bulletin board system counted as intercepting unread e-mails stored on the system. Although they acknowledged that intercepting e-mails is technically possible, the court ultimately concluded that confiscating unread e-mails did not meet the interception requirements.

The term "electronic communication" includes the idea of "transfer," but it is not included in the definition of "any electronic storage of such communication." This means that Congress did not intend for the term "intercept" to apply to electronically stored "electronic communications." As a result, there is a limited time period during which e-mail interception can happen - from sending until saving to a designated location. Basically, intercepting e-mails within the scope of the ECPA is practically impossible. Additionally, employers have an extra concern under the ECPA regarding protection against unauthorized access to electronically stored communications, including temporary and backup emails.

According to [18 U.S.C. § 2510(17) (1994)], the definition includes different electronically stored email communications. Therefore, ensuring unauthorized access is prevented is crucial for safeguarding employee privacy within the Electronic Communications Privacy Act (ECPA). The ECPA provides exemptions that protect most employers from legal consequences and provide them with protection. These exemptions include obtaining consent beforehand, using communication for business purposes, and being a system provider.

Prior Consent

According to the ECPA, when prior consent has been obtained for intercepting or accessing email stored electronically, it provides the best protection against liability. The ECPA allows interception of electronic communication if one party involved has given prior consent (18 U.S.C. § 2511(2)(d) (1994)). Similarly, accessing stored electronic communication without liability is allowed if the user of the service has given authorization for that specific communication (18 U.S.C. § 2701(c)(2)

(1994)). An example illustrating this concept can be found in American Computer Trust Leasing v. Jack Farrell Implement Co. (763 F.).

In the case of Supp. 1473, 1495 (D. Minn. 1991), summary judgement was given, stating that if a party has given consent to access their computer system, they cannot later argue that such access was unauthorized. It is important for organizations to establish policies regarding corporate email usage and inform employees that their activities will be monitored.

The policy should be applied company-wide and employees who use the system will be considered to have given implied consent when they review and agree to the policies. Employers should also be aware that an e-mail policy provision that simply suggests monitoring will occur, such as one that states "ABC, Inc. reserves the right to monitor all e-mail communication," may not establish implied consent.

Business Use Exemption

Employers can utilize the business use exemption for interceptions made as part of normal business activities.

The business use exemption is often employed when there are suspicions of inappropriate usage of a business telephone. However, it is not usually relevant for email situations. According to the ECPA, "intercept" refers to the utilization of telephone or telegraph instruments, equipment, or facilities (including their components) provided by a wire or electronic communication services provider to the subscriber or user in the regular course of business. To qualify for this exception, the presence of telephone or telegraph equipment is necessary.

It is uncertain if the courts will recognize a modem as telephone equipment. The ECPA has a provision that allows employers to use the business use exemption. Section 2511(2)(a)(i) specifies that it is not illegal for certain individuals,

like switchboard operators, officers, employees, or agents of wire or electronic communication service providers, to intercept, disclose, or utilize communication in their regular employment if it is necessary for their service or to protect the rights or property of the provider. To be eligible for this exemption, the employer must either be a system provider or an agent of a system provider. [18 U.S.C. § 2511(2)(a)(i) (1994)].

There is speculation among several commentators that employers can be considered system providers. This term would likely encompass public email networks like Prodigy and Compuserve. It is uncertain whether the term "agent" would include employers who subscribe to or use these email services. Companies with their own e-mail systems on their own networks may also be included under this exception as electronic communication service providers. If an employer does qualify as a system provider, any interception of emails would still need to occur within the normal business operations. [18 U.S.C.

Previous case law in telephone call monitoring provides some "stare decisis" for monitoring of employee e-mail in the ordinary course of business. In both Watkins v. L.M. Berry ; Co. [704 F.2d 577 (11th Cir. 1983).] and Briggs v.

In accordance with the American Filter Co. courts (630 F.2d 414 (5th Cir. 1980).), employers are permitted to intercept personal calls within the normal course of business in order to determine their nature, but not their contents, if they encounter difficulty controlling personal use of business equipment. However, caution should be exercised by employers regarding this exception since the definition of "within the ordinary course of business" remains undefined.

System Providers

For employers utilizing their own company e-mail system, there are two

additional factors that support the non-applicability of the ECPA to them. The first theory only pertains to employers with an intrastate messaging system and is based on the limitation of the ECPA to interstate communications.

According to the theory, an intracompany e-mail system that is not connected to an interstate network and does not transmit messages across state lines is not considered as an "electronic communications service" [18 U.S.C. § 2510(15) (1994)]. Therefore, it is not protected under the ECPA. The ECPA only recognizes communication that affects interstate or foreign commerce as electronic communications. However, if it is found that the activity has an impact on interstate commerce, it may be subject to the Interstate Commerce Clause in the case of Perez v.

The court ruled in the United States case (402 U.S. 146, 152, 1971) that Congress has the power to regulate a certain category of activities without needing to prove that the specific activity being targeted has a commerce-related impact within one state. Similarly, in Wickard v. Filburn (317 U.S. 111, 125, 1942), it was observed that Congress can regulate local activities if they have a significant economic effect on interstate commerce, regardless of whether the effect is direct or indirect. However, because the Interstate Commerce Clause could potentially override this reasoning, this theory seems to lack any basis and would likely not be an effective defense in court.

The second theory for exclusion is based on the ECPA's exemption of system providers from the prohibition on accessing and disclosing stored electronic communications. According to Section 2701(c)(1) of the 1994 version of the law, "Subsection (a) of this section does not apply with respect to conduct

authorized (1) by the person or entity providing a wire or electronic communications service." While there is speculation that employers should qualify as system providers, there is limited legislative history clarifying whether Congress intended to exempt private companies with their own e-mail systems as system providers under the ECPA. Senate Reports on the ECPA acknowledged the existence of internal e-mail but did not discuss its impact on these systems. Furthermore, testimonies during Senate hearings showed more concern for a company's privacy rather than an individual's.

During the Senate hearings, it was argued that the proposed legislation should encompass all electronic communications. The Vice-Chair of the Electronic Mail Association (EMA), Philip Walker, emphasized that individuals using electronic mail should be entitled to privacy regardless of the entity operating their system [S. Rep. No. 99-541 (1986) Hearing on S. 1667 Before the Subcommittee on Patents, Copyrights and Trademarks of the Senate Committee on the Judiciary, 99th Congress 42 (1986)(statement of Senator Patrick Leahy (D-Vermont)).] This lack of clarity from Congress has allowed courts to potentially define system providers narrowly, limiting it only to public or commercial providers like America On-line, Prodigy, and Compuserve.

Employers should not rely on the system provider exception and instead, they should utilize the business-use or consent exceptions.

Case Discussion

When it comes to examining e-mail privacy through case law, there are several key cases that serve as standard benchmarks. These cases mostly originate from California, which is recognized as a technological hub in the United States. In California, known for having robust laws protecting individual privacy rights, the courts have been unwilling to enforce employer promises made to employees regarding

the confidentiality of their e-mail messages. Specifically, the California Supreme Court declined to review the Alana Shoars v. case.

Epson America Incorporated. Ms. Shoars, the e-mail administrator, informed Epson's employees that their e-mail was confidential. However, a supervisor later established a gateway to monitor all employees' e-mail.

Ms. Shoars lodged a complaint with her supervisors upon discovering this practice and was subsequently terminated for "gross insubordination". In the case of Ms. Shoars, the judges determined that California privacy laws did not cover workplace or email issues, leaving such matters to be resolved by the legislature.

The case of Flanagan v. Epson, which was decided on January 4, 1991 by the Supreme Court of California, yielded the same outcome. This case involved an employee who filed a class action lawsuit against Epson, claiming that the company violated their privacy by bypassing their passwords and reading their email messages. Epson had created an environment that made employees believe their messages were confidential while simultaneously conducting advertising activities.

The Bourke v. Nissan Motor Company case in the California Superior Court, Los Angeles County (1991) was the final interpretation of the state's Constitutional right to privacy. According to the court, in order to establish a violation of this right, it is necessary to ascertain whether the individual held a personal and objectively reasonable expectation of privacy. Nissan contended that such an expectation did not exist as employees had signed a Computer User Registration Form stipulating that company-owned computer hardware and software should only be utilized for business purposes.

Bourke and Hall argued that they had an expectation of privacy as they were provided with passwords for the computer system and instructed to protect them.

The court acknowledged that there was a personal belief in privacy, but it was not considered to be reasonable from an objective standpoint. Consequently, since there was no legitimate expectation of privacy, the right to privacy was not infringed upon. Federal courts appear to have adopted a similar stance, as demonstrated in the case Smyth v. Pillsbury Corporation [914 F.].

According to a federal court in Pennsylvania, Pillsbury Corporation was within their rights to terminate a manager who had sent an email criticizing a supervisor, despite the company's previous assurance that they would not monitor email messages. The court's rationale was that an employer cannot be prohibited from firing an employee based on a promise, even if the employee had relied on that promise.

The court promptly rejected the plaintiff's allegations of a tortious privacy violation based on both common law and statutory law. Conversely, if a legitimate business justification exists for an intrusion, cases involving intrusion are not considered as privacy violations. In the Vernars v. Young [539 F.2d 966 (3d Cir. 1976).] case, a colleague accessed and read an employee's email.

The case found a cause of action for invasion of privacy due to the absence of a legitimate business reason for the intrusion. The ECPA suggests that obtaining prior consent from employees is the best way for employers to protect themselves from liability when monitoring or accessing their business email accounts. This establishes a reasonable expectation of privacy for employees. To create email policies, consider the following: consult a lawyer or employment specialist, prepare a written policy, describe permissible uses of email, receive employees' verification and agreement, update policies with technology changes, emphasize impermissible content,

clarify that administrators may unintentionally view emails during troubleshooting, inform employees of monitoring intentions, state consequences of misuse, and allow limited personal use while defining acceptable personal uses.

• It is important to be clear about any differing standards for employees/managers.
• Remind employees not to disclose confidential project information in emails.
• Clearly indicate when email monitoring will occur.
• Establish policies for email retention and system backups.
• Avoid burying the policy in a lengthy company handbook.
• Distribute and periodically remind employees of the policy.
• Enforce the policies consistently and without discrimination.

Most companies allow limited personal use of the email system.

Some companies trust their employees to use their own discretion and complete their tasks. Others have or are planning to implement written policies. Whether or not you choose to establish a policy for your own company, it is important to inform both employees and independent contractors about its existence (or lack thereof). Effective communication is key in preventing conflicts and fostering a more favorable working atmosphere.

Future Privacy Legislation

Several attempts have been made to enhance the clarity and alignment of current privacy laws pertaining to e-mail with the technological advancements of the late 20th century. In 1993, Senator Paul Simon (D-Ill.) introduced a bill aimed at limiting employer surveillance of e-mail, but it was never put to a vote. Similarly, there has been no vote on the Privacy for Consumers and Workers Act.

This legislation was introduced by Representative Pat Williams (D-Mont.). The PCWA addresses the issue of employer monitoring of employees from two perspectives: electronic monitoring and telephone call accounting. When it comes to

electronic monitoring, the PCWA can be analyzed in five parts: permitted monitoring, notice of monitoring, prohibited monitoring, data obtained from monitoring, and penalties. The PCWA also takes into consideration technological organizations like the Electronic Messaging Association, who govern the use of e-mail and user privacy. The organization has already established rules for e-mail usage and assisted in creating the "ten commandments for e-mail" (which actually consist of 7 commandments):

• Respect confidentiality.
• Don't flame.
• Don't use anonymous remailers.
• Don't look at other's messages.
• Don't misrepresent or lie.
• Follow EMA guidelines.
• Consider presentation of a message.

Conclusion

In today's technologically advanced world, new ideas and inventions emerge daily. Many of these advances bring both opportunities for entertainment and potential dangers.

To prevent workplace misconduct, employers are utilizing technology to monitor and track employees. The extent of surveillance employed by employers is unprecedented, necessitating efforts from both sides to prevent abuse. The shared ethical and social responsibilities are essential in avoiding the overwhelming influence of technology. It is necessary to review the current inadequate laws in this area.

The existing law in this field, known as the Electronic Communications Privacy Act of 1986, fails to adequately tackle the various issues related to employee abuse of e-mail systems and employer infringement on privacy rights. The Fifth Circuit Federal Court of Appeals has observed that the ECPA lacks clarity and is overly broad, thus rendering it ineffective. This is primarily because the ECPA is merely a revised version of the federal wiretap law from 1968, which was originally designed to address telephone eavesdropping and does not adequately consider the technological advancements that enable email usage. As new

legislation has yet to be introduced, the most viable solution is to encourage employers to implement a well-defined email policy. All employees should receive and sign a form to acknowledge their understanding of the company's policy.

This is not a permanent solution to the issue of e-mail privacy. It is a temporary solution to align employees and employers on the expectations of corporate behavior regarding e-mail.

References

ACLU. (September, 1996). SURVEILLANCE INCORPORATED: American Workers Forfeit Privacy for a Paycheck. [On-Line].

The following sources are available for further reading:

• ACLUR report on Monitoring Employees' Electronic Communications: Big Brother or Responsible Business?
• AFTAB's perspective on employee monitoring
• Angell, D. and Heslop, B. (1994)

The book "The Elements of E-Mail Style" by Addison Wesley, Reading, MA, and the online resource "E-Mail Privacy FAQ" by Andre Bacard can be accessed at http://www.andrebacard.com/ema. Additionally, K. Casser's work is also relevant to the topic.

(1996). Employers, Employees, E-mail and The Internet. [On-Line]. Available: http://cla.org/RuhBook/chp6.htm Cavanaugh, M. Workplace Privacy in an Era of New Technologies. [On-Line].

Available: http://www.ema.org/html/pubs/mmv2n3/workpriv.htm Electronic Communications Privacy Act (1986). [On-Line]. Available: Entwisle, S.M. E-mail and Privacy in the Workplace.

[On-Line] Available: http://www.acs.ucalgary.ca/~smenwis/privacy.html Freibrun, E. (1994). E-mail Privacy in the Workplace - To What Extent?. [On-Line]. Available: http://www.cl.ais.net/lawmsf/articl9.htm Gan, M. (1996).

Employee Rights; Email. [On-Line]. Available: http://www.newsguild.org/d6t.htm Lee, L. Watch Your E-Mail! Employee E-Mail Monitoring and Privacy Law in the Age of the "Electronic Sweatshop. Morris, F.

E-Mail Communications: The Next Employment Law Nightmare. HR Advisor (July-August 1995). Oppedahl, C. (July 3, 1995). Security, Privacy, Discovery Issues Stem From E-Mail Communications.

[On-Line].