THE WORKPLACE & THE INTERNET
RESOURCES, RISKS, PRIVACY & OPPORTUNITIES
Maintaining Employment Records Electronically
The personal computer has radically transformed the way work is performed today. No dimension of this electronic revolution has received more publicity in the last year than the introduction of the Internet into our daily lives. It was only a few years ago that we learned that linking individual desk top and work station PC’s into local area networks or LAN’s significantly enhanced our productivity. E-mail followed closely behind. Today, the LAN is the standard technological configuration of the contemporary workplace. The Internet is the next step in the computer’s evolution. It links individual PC’s and LAN’s together into one global network in which knowledge, information, communications and entertainment can be shared with unprecedented ease, speed and convenience. Because of this, many employers are providing workplace PC’s with access to the Internet. In addition, many companies are establishing intranets which link all the personal PC’s within their organization to one another by utilizing the ease and user friendliness of the Internet’s World Wide Web browser technology. This makes the sharing of information even easier and substantially enhances individuals’ capacity to work together.
As Alvin Toffler predicted over 20 years ago in Future Shock, these technological innovations are occurring with such blinding speed that we are losing our capacity to assess their true importance and overall impact. Unfortunately, while the law does adapt to technological innovations, it reacts at an incredibly slow pace. Therefore, it will be years before we experience the full legal implications of the incorporation of these new technology tools into our workplace. Yet, because this technology is in use today, the employer must deal with issues as they arise and without the benefit of any real legal precedent. Therefore, for the contemporary employer, the Internet offers unlimited resources and presents incredible opportunities while posing significant risks and raising novel legal issues.
What is the Internet?
At its core, the Internet is as ill-defined and nebulous as the concept of hostile working environment sexual harassment. In a technical sense, it is really nothing more than a set of transfer protocols by which various networks of computers can freely communicate with one another over high speed telecommunication lines. It originated from a method of linking mainframe computers developed by the military in the 1970’s that was designed to be so foolproof it would withstand a nuclear attack. In the early 1980’s the National Science Foundation created five regional super computer centers and built its own network – NSFNET- utilizing the military’s Internet Transfer Protocol technology for data transfer over specially conditioned telephone lines. Because these lines were expensive to use, NSFNET allowed local computers to connect via a daisy chain of local computer links, with electronic messages being passed up and down the chain until the final destination was reached. No longer hamstrung by the expensive telecommunications lines, local academic organizations and government agencies rapidly joined this growing network, and the current Internet configuration resulted.
The Internet remained the bastion of academicians, military researchers and computer technocrats until it was discovered commercially a few years ago. Its popularity resulted from the development of the World Wide Web, a multi-media, graphical user interface. The Web utilizes software programs called browsers, like Netscape and MicroSoft’s Internet Explorer, to permit quick sharing and transfer of data without the need to know computer code. Commercial enterprises discovered that by using the Web, the Internet provided a window to the world to market their organizations and products, as well as a communication channel to provide electronic access to their resources. By mid-1995, the commercial use of the Internet surpassed its noncommercial use, and the much touted Information Superhighway opened for business to the world community.
Providing work station access to the Internet is relatively easy. All the major on line services like America Online and Compuserve now provide full Internet connections. Most specialized information services also have access to the Net. In addition, numerous local Internet Service Providers (ISP) provide dial up accounts that can connect your LAN via modem and communication server to the Web relatively inexpensively. If your organization is of an appreciable size, you may already have direct access to the Internet’s backbone of high speed telecommunications lines, so that no service provider is needed. Regardless of the particular means of access, the cost in terms of capital outlay and access charges is relatively small. Once you are on line, the vast majority of the Internet’s resources are available free of charge.
The Internet has been called the single greatest reservoir of human knowledge ever compiled. The depth and variety of information and resources it provides are truly astounding. They range from the complete text of the established works of world literature, through graphics of art treasures, audio clips of classical and contemporary musical works, the text of the laws and regulations of most advanced countries, hundreds of thousands of software programs, SEC filings, discussion groups on any imaginable topics (and many we would never imagine), computer games and entertainment user groups to x-rated pornography. Despite the efforts of federal and state governments, the scope and nature of the Internet remain essentially unregulated today. Furthermore, given its nature as a network of tens of thousands of computers acting as servers with an estimated 30 million users world wide, it is probably beyond the capacity of any organization or government to effectively regulate. Moreover, the Internet is growing at an estimated rate of 10% per month. It seems that for any information not presently available, there are numerous providers rushing to establish sites offering it for free or for a fee. The technology upon which the Internet is based is evolving at such a rapid pace that the Internet’s very nature is changing, expanding and becoming more effective on a daily basis. It is truly a work in progress – at this point no one knows exactly what direction or shape it will assume tomorrow.
For the practicing attorney and human resource professional, the Internet offers a vast array of practical information and resources most of which are available at no cost or for a very nominal fee. These include:
|all federal and many state employment laws,|
|the Code of Federal Regulations,|
|decisions of the United States Supreme Court and each of the Federal Circuit Courts of Appeals,|
|publications, guidance, reports and opinion letters from various government agencies,|
|newsletters from professional organizations and law firms specializing in labor and employment law,|
|articles on selected hot topics in employment law,|
|sample employee handbooks, memoranda, policies and advice,|
|newsgroups which discuss labor and employment law issues,|
|a synopsis of representation petitions filed with the NLRB,|
|most major publications and newspapers.|
The incredible power of the Internet is demonstrated by the capacity to search individual newspapers and publications by topics. Thus, using news providers such as PointCast a software program available free of charge, one can compile a daily list of news articles from hundreds of publications that specifically addresses one’s particular interest, such as labor and employment topics. The text of a Supreme Court decision can be obtained and downloaded to your desk top computer the day the decision is issued. Special studies such as the Dunlop Report Workplace Violence Awareness & Prevention are also available for no charge. A list of employment and human resource management resources available on the Internet can be found on my home page:Employment Law Links.
The Society for Human Resource Management has a particularly rich web site. It contains draft employment policies and manuals. America Online also has a legal forum which has draft employment policies, although these policies leave much to be desired. Specialized legal resources, such as Lexis/Nexis Counsel Connect provide extensive libraries of legal memoranda, draft policies, court decisions and articles on pressing topics. In addition, these services provide discussion groups on specific topics, such as labor and employment law, litigation and various state practices. Such forums are particularly useful in researching breaking or novel legal issues. An inquiry can be posted, for example, in a labor and employment forum asking if a particular issue has been encountered or if users are aware of any precedent. For example, a recent Lexis/Counsel Connect discussion group addressed whether or not courts will allow stacking of the cap on punitive and compensatory damages under the Civil Rights Act of 1991. A simple posting and a check on responses in the ensuing week can often save hours of legal research and identify unpublished decisions or unanticipated complications. In a very real sense, the Internet provides an easy means to tap the experience and knowledge of tens of thousands of peers and experts around the world in a manner never before possible.
In addition to accessing information and sharing ideas, the Internet provides an incomparable means to share information virtually instantaneously and with little to no marginal cost. Furthermore, there is no limit on document length and spreadsheets, photos, other graphics and even sound bites can be readily incorporated into your messages. E-mail transmissions can readily be sent to thousands of recipients, where they remain in mailboxes until retrieved. Using World Wide Web technology, documents can contain links to other documents providing more detailed or related information.
The Internet also offers unprecedented marketing and entrepreneurial opportunities. Companies of all sizes have established web sites providing colorful and detailed information about their products and organizations. While much of this is merely an interactive form of advertising, the capacity to provide virtually unlimited amounts of information does provide a genuine service. Thus, technical specifications of various products can be provided online in as much detail as the manufacturer chooses, together with help in overcoming frequent problems and the capacity to submit an e-mail to respond to any query the user chooses to submit.
Widespread access to the Internet also presents unique opportunities with respect to recruiting and staffing. Numerous locations provide job postings and resumes of individuals. In addition, organizations or individuals providing a unique or highly specialized service can often be located by using one of the Internet’s search engines such as Yahoo, InfoSeek or Digital’s AltaVista. The text of the Martindale Hubbell Lawyer Directory and West Publishing Company’s Directory of Attorneys is online. In addition, there is an ever-increasing number of private sources providing listings, home pages, information and access on virtually any type of profession or service. Since the Internet offers a completely new marketing media, there are thousands of entrepreneurs experimenting with new ways to economically exploit its resources.
Providing employees with Internet access, however, does entail substantial risks on behalf of the employer. Employees may utilize the access for personal objectives instead of performing their work. A recent Nielsen Media Research survey, for example, revealed that IBM, AT&T, Apple, NASA and Hewlett Packard employees visited the online edition of Penthouse Magazinethousands of times a month. Compaq Computer recently fired 20 employees for logging more than 10,000 hits apiece on sexually explicit web sites. A recent survey found that Michigan state employees were using their taxpayer-financed Internet accounts to sell cars, trade recipes, ponder their weddings, joke about the president, plan vacations and otherwise “goof-off” online.
More significantly, there are documented cases where employees used work-provided e-mail to solicit sex or download sexually explicit images to their employer’s computer networks. While such conduct unquestionably provides a valid basis for disciplinary action against the employee if detected, it also poses the potential of assessing liability against the employer for failure to prevent such actions. When the employee utilizes e-mail for personal purposes, their e-mail return address automatically specifies that the message originated from the employer’s organization. Therefore, the recipient may associate the company with the content of the message, whatever that may be. Furthermore, since it is the employer’s equipment and Internet access that is the mode of such communications, failure to take steps to prevent such abuses may very well lead to employer liability, under legal theories of negligence, ratification, respondeat superior or some new legal theory formulated in specific response to the advent of the Internet.
A complaint filed in New York in December of 1996 dramatically illustrates that risk. In Owens v. Morgan Stanley & Co. two employees brought suit against the a large financial firm and several co-employees and managers for violation of Title VII and NYS antidiscrimination laws. Their complaint, based on the dissemination of racially-oriented remarks on the firm’s internal e-mail system in October, 1995, alleged that the “jokes” in question were part of a pattern of management negligence creating a “hostile work environment.” As a remedy the Plaintiffs sought $30 million dollars in actual damages and $25 million more in punitive damages.
Employers can take several steps to protect against such liability. The first is by establishing an explicit e-mail and computer usage policy. This policy should be tailored to your company’s particular operations, its level of computer usage and made consistent with your other personnel policies and employee handbooks. At a minimum, it should provide that computers, e-mail, Internet access and any other equipment, facilities or services made available to employees are being provided by the employer solely for official business and that any other use of these facilities is forbidden and constitutes grounds for disciplinary action. The policy should state that all information stored on company computers and other electronic resources is company property. The policy should also provide that the employer retains the right to monitor and review all materials transmitted by employees or stored on computers by employees.
Two sample e-mail can be found on www.contilaw.com. The first is very brief; the second, which is more extensive, adopts a more tolerant attitude toward employee use of external e-mail.
In addition, it is relatively simple technologically to limit employee access to certain types of Internet services or materials technologically. A firewall is a software/hardware combination that restricts the type of traffic it will allow in or out. Using a firewall, an employer can restrict the type of access (e-mail, telnet, FTP and so on), the data’s comments, directions, source or destination or the time of day data is accessed.
Finally, employers should alert supervisors to reemphasize that unauthorized use of computers and Internet access is forbidden and will be dealt with firmly and effectively. As with implementation of any employee relations policy, it is crucial that all levels of supervision adhere fully to the intent of the policy and continuously monitor employee conduct to ensure compliance. For example, many companies discourage or directly forbid humorous or trivial use of company e-mail. This is because experience has taught us that sharing jokes via e-mail can quickly get out of hand. While such actions may be too severe with respect to your organization’s employee relations philosophy and core values, it is crucial that supervision and upper management set an example and vigilantly monitor the e-mail systems and company computer resources to ensure that nothing that may provide a basis for employer liability is tolerated.
Particular attention should be directed to communications with counsel, either outside or in-house. In more than one case, careless use of e-mail between counsel and managers has been alleged to waive the attorney/client privilege on the grounds that others within the organization had free access to these messages. Under the theory of negligent waiver of privilege, sending an insecure e-mail within your company can constitute a waiver of the attorney/client privilege. See, e.g., Castano v. American Tobacco Co., 896 F. Supp. 590 (E.D. La. 1995) Encryption tools are readily available to ensure that only the intended recipient of an e-mail communication will be able to read the message.
Employers should never underestimate the expertise of employees in accessing computer information. We have handled cases where employees have secured documents prepared on the company’s computer network, including drafts of proposed disciplinary actions against them, merely by accessing the files from their desktop workstation. In another case, the union was successful in obtaining the questions prepared by the human resource manager for cross-examination of employee witnesses at an arbitration hearing in advance of the hearing. Keep in mind that computer hackers have been able to penetrate some of the most secure computers in this country; your company’s records should not be assumed to be less vulnerable.
Security of your computer network both internally and externally should be a prime consideration of your organization. Although highly effective technologies are available, these are ineffective unless properly installed and periodically checked. In addition, effective steps should be taken to guard against employee access to unauthorized documents, as well as the penetration of your network by outside hackers.
Maintaining Personnel Records on Computers
Most companies maintain some form of personnel records on computers. While this provides for unprecedented ease and efficiency in accessing and using information, it raises several legal issues. Some employment laws require the maintenance of employee signatures on some documents, such as I-9’s and W-4’s. Furthermore, the originals of employment applications and other core documents should be maintained in case they are ever needed as records or in litigation.
As noted, problems can arise if employees have access to personnel files through their desktop work stations. These files often contain confidential medical and personal information whose unauthorized access can lead to invasion of privacy claims. It also may be possible for individuals to make unauthorized changes to personnel records. Of course, an adequate backup system should be retained in case of a hardware failure. In addition, steps should be taken to destroy or delete records consistent with the employer’s record-retention policies.
Employers should be careful in utilizing electronic media for confidential communications. As noted, unless adequate safeguards are taken, use of such media may waive the attorney/client privilege. Furthermore, mere deletion of documents does not permanently remove all records from hard disk drives or tape backups. Plaintiffs’ attorneys have learned that computer experts are frequently able to reconstruct deleted documents by examining computer hardware and reconstructing messages long thought deleted. Several available computer programs will permanently delete documents from computer memories, by functioning as electronic paper shredders. If adequate precautions are not taken, an employer faces the very real possibility of having their computer system examined by an outsider for remnants of deleted files that are possibly relevant to a plaintiff’s claims.
Perhaps because of the use of the word “mail” in “e-mail,” many employees share the view that e-mail communications are entitled to the same level of privacy as a letter sent through the U.S. Mail. By virtue of the way the Internet works, however, messages pass through a constantly changing chain of computer networks. Messages sent through the Internet, therefore, can, in fact, be read and accessed by an untold number of individuals. Technically speaking, therefore, there is no privacy in unencrypted Internet e-mail.
A recent case, District of Nevada in Bohach v. City of Reno, 932 F. Supp. 1232 (D. Nv., 1966), held that an employer’s search of stored computer messages is consistent with federal wiretapping statutes and the Constitution. In that case, the court distinguished between the interception of communications and electronic storage of those same messages. It noted that since under federal law, the employer, as a service provider, is allowed to access stored communications as they wish, any expectation of privacy that the employees had was not objectively reasonable because of the nature of the technology.
Technological advances bring unprecedented tools and opportunities to the workplace. The employer who fails to effectively utilize them runs the danger of being placed at a severe competitive disadvantage. To avoid the potential legal problems which arise from the advent of new technologies, however, employers should establish effective and reasonable policies on use of these new tools. As with all policies, the e-mail and computer usage policies should be continuously policed and uniformly administered. In addition, steps should be taken to ensure the security of computer systems and the integrity of records kept on computers. By doing so, the savvy organization can take full advantage of the opportunities offered by the Internet, while minimizing the legal risks its presents.