 |
|
| NATIONAL ASSOCIATION OF REALTORS® | Videos | Store | Library | Directories | Need Help? |
| Register | Login | My Account | NRDS |
REALTOR® ASSOCIATION EXECUTIVE
| |
|  Spring 2002 E-Mail Monitoring: Is there privacy in the electronic age? (plus: How to write an office e-mail privacy policy.) by Michael Thiel, NAR Legal Affairs The federal Electronic Communications Privacy Act allows employers to monitor e-mail and Internet activity on company systems. Yet the policy remains highly controversial. Privacy rights experts and workers’ rights advocates are angered by the growing monitoring trend among companies of all sizes. But their contention that privacy is a guaranteed human right doesn’t always stand up in court. The market for monitoring and filtering software is growing by about 36 percent a year, and the majority -- 57 percent -- of U.S. companies now monitor their employees’ e-mail and Internet use, according to IDC, a technology research and analysis company in Framingham, Mass. Ultimately, agreement on the issue of electronic privacy between employers and employees cannot begin to take place without a common understanding of privacy. On the surface, the definition of “privacy” may seem obvious. But the concept is complex, especially in the eyes of the law. For instance, in real estate, privacy is complicated because of the variety of parties involved in any transaction and their different expectations, particularly in regard to e-mail. E-mail privacy and ICs E-mail is a popular tool in real estate, used for everything from prospecting to contract negotiation. It’s equally important in Realtor® association communications with members, the public, and each other. But in using e-mail so routinely, are association staff and Realtors® giving much thought to who may be reading their communications? The failure to think about that question and take steps to address it has had unintended consequences for businesses and individuals alike. Remember that what you send in e-mail is not usually secure in transit and may not be secure on the various servers where it may reside before, during and after transmission. In one recent case, Fraser v. Nationwide Insurance, an independent insurance agent’s failure to realize that his e-mail was not legally private impaired his ability to make a living. Fraser sold policies to the public on behalf of Nationwide Insurance company. As a part of his agency agreement with Nationwide, Fraser leased space on the company’s computer network -- just as many real estate practitioners do with their brokers’ networks -- to send and receive e-mail. Fraser was also an officer in his local association of independent insurance agents. This association was attempting to stop insurance companies, such as Nationwide, from terminating contracts with independent agents, such as Fraser, without just cause. As a part of his association responsibilities, Fraser sent a message to some of Nationwide’s competitors to ask if they would be interested in taking over the policies of Nationwide’s policyholders, presumably if Nationwide refused to adopt the association’s “just cause” standard. Nationwide executives heard rumors of this communication and searched the company server for Fraser’s e-mail. Among Fraser’s deleted e-mail, Nationwide found an e-mail confirming that Fraser had sent the message to a competitor. Based on the e-mail, Nationwide terminated Fraser’s agency agreement, eliminating his ability to sell Nationwide insurance policies to customers. Fraser sued Nationwide for unauthorized interception of an electronic communication and for unauthorized access to stored electronic communication under two federal laws: the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act. The ECPA is a broad federal law dealing with privacy rights in electronic communications. Until its passage, no laws specifically dealt with Internet and e-mail privacy issues. Rather, existing laws addressed consumers’ rights using older technologies, such as telephones and telegraphs. The Stored Communications Act, a part of the ECPA, establishes the same government and third party interception standards for electronic communications as exist for telephones. The court says In analyzing Fraser’s complaint, a U.S. district court separated Fraser’s e-mail into two groups: in transit and sent. To be deemed intercepted, the court found that the message had to be in transit between the sender and the intended recipient, such as held in “intermediate storage” waiting to be read. Messages that the recipient had read and were now in “post-transmission storage” or in the trash didn’t meet the court’s interception standard. Therefore, the court found that Fraser’s e-mail to Nationwide’s competitors had not been “intercepted” by Nationwide. The court found a fatal flaw in Fraser’s second cause of action, too. Federal law only protects a message that is being stored until it’s opened by the intended recipient. Fraser’s message was not being stored awaiting retrieval because it had already been read, and had in fact been deleted -- or so he thought. Fraser’s second cause of action also failed. Although the court questioned the ethics of Nationwide’s retrieval and use of the message, it ultimately held that retrieving the message was not legally actionable. Fraser v. Nationwide Insurance was not the first time confidentiality and privacy issues have conflicted with an employer’s desire to know about an employee’s activities, nor was the suit’s result unique. In Bourke v. Nissan Motor Corp., Nissan in California randomly selected a message from its e-mail as part of an employee training exercise. The message, sent by an employee named Bourke, included personal and sexual content. Based on this discovery, Nissan reviewed all of the messages sent by employees in Bourke’s group. Bourke sued Nissan for invasion of privacy, claiming that because the system allowed employees to password protect their e-mail access, they had a legitimate expectation that their e-mail privacy would be respected. The court in California rejected his claim, saying that any expectation of privacy was not reasonable because the employees knew the messages could be read by people other than the intended recipients. In each of these cases, the courts found that employees’ expectation of privacy was unreasonable because they knew or should have known that the system was under the control of the employer, who potentially could access messages. In addition, the employers had posted an explicit e-mail policy, which disclosed that others could read employees’ e-mail messages under certain circumstances. Only in instances when employees were able to convince the court that they had a reasonable basis for their expectation of privacy in their e-mail communication have they been able to maintain a suit against an employer. Although there is no definitive statement on what a reasonable expectation of privacy is, an employee might expect privacy if their e-mail is normally secure from access by third parties and the parties to the communications have no way to know that third parties will have access to the communication. These cases illustrate how important it is to develop and disseminate a clear e-mail and Internet usage policy to your employees -- and any independent contractors who use your e-mail system. The most effective way to avoid liability for accessing and reading an employee’s e-mail is to create a policy stating that the system -- and everything on it -- is the property of the employer.  How to Write an Office E-mail PolicyWith an estimated 1.3 trillion e-mail messages being sent annually, electronic mail is quickly becoming the communications medium of choice in many business settings. While e-mail transmissions do offer many benefits, such as speed, ease of use, and relatively low cost, business owners are learning the hard way that e-mail is a visible and potentially perilous communications tool. For example, one company faced six claims of sexual harassment because an employee downloaded an “adult bulletin board” to the company’s computer system and programmed it to display the offensive material on employees’ screens when they accessed their mail. Another company paid $2.2 million for racially charged e-mail messages exchanged on its system by employees. But these incidents don’t only occur in large organizations. Companies as small as ten employees have had to discipline employees for misuse of company computer systems, with violations ranging from inflammatory messages to software piracy. E-mail abuse and Internet misuse can cripple communications, disrupt operations, or embarrass a business. It also increasingly leads to real legal liabilities. Inflammatory or abusive content, off-the-cuff jargon, ambiguous instructions, imprecise memos, embarrassing gossip, unprofessional language, or breaches of confidentiality are all sources of concern for e-mail writers and their employers. Many of these e-mail related challenges can be eliminated or controlled through proactive techniques for generating online communications. Here are the three most critical steps to take to reduce the possibility of an e-mail disaster. Enact an E-Mail Usage Policy To improve your company’s control over employee e-mail, adopt policies that clearly define what rights the company reserves and explain that e-mail communications are not private. The specific language of the policy will vary depending upon the company, the industry, and the specific needs of the work environment. The policy should be written and incorporated into employee manuals or policy books. Employees should then sign the policy, indicating that they have read it and agree to be bound by its terms. Some common e-mail usage policies: Define the permissible uses of the e-mail system. Make it clear that the business owns the e-mail system. All messages that are created, sent, or received using the system remain the property of the company. Indicate that workplace e-mail systems are to be used for business communications only. Personal business is unauthorized and should not be conducted at any time. It is wise to state that offensive, discriminatory, or disruptive e-mail messages are strictly prohibited. All employees should be made aware that access to messages received by or transmitted through the e-mail system are limited to persons who need to know the information. Employees should disclose information or messages only to authorized employees. Equally important is to put employees on notice that any e-mail communication may be read by individuals other than the intended recipient. Define appropriate content. Employees must know specifically what is allowed and what is prohibited in the e-mail system. Explain that messages containing insensitive language, as well as racial, sexual, ethnic, or religious material are not acceptable. Prohibit all offensive or disruptive messages as well as abusive, obscene, or vulgar language, gossip, ridicule, or retaliatory messages. Further explain that downloading sexual, racial, religious, or otherwise discriminatory or offensive material from the Internet is not allowed. Finally, inform employees that violations will result in appropriate discipline. Enforce Your E-Mail Usage Policy Regularly. Establishing a policy is only the first step to limiting liability when monitoring e-mail. Equally important is enforcing the policy in a manner that makes it fully effective in eliminating employees’ alleged reasonable expectations of privacy. To make your employees continually aware that the policy is in effect, consider using an electronic disclaimer that is triggered each time the individual logs onto the e-mail system or accesses a personal e-mail mailbox. This also helps establish that the employee has no reasonable expectation of privacy. Enforce your e-mail policy systematically and regularly, even for what may seem like a minor offense. Failure to do so could result in waiver of the employer’s rights. For example, employees may allege that they expected privacy because the employer was known never to enforce its monitoring policy and was also known to be aware that employers must exercise caution and monitor only in situations where monitoring is necessary to protect legitimate business purposes. Train management on the use of the e-mail technology to assure that accidental leaks of information do not occur. Educate Employees and Managers About the E-Mail Usage Policy Despite the prevalence of e-mail abuse and consequences played out in the media, many employees still believe their e-mail is private and transitory, and that personal access to the Web at work is untraceable. Employers must educate their employees that this is not so. A good employee education system will alert employees that the use of passwords does not indicate a message is confidential or that the company will not be able to intercept it. Additionally, it will point out that the deletion of a message does not give an assurance that it will not be retrieved or read. Employees should understand that until the message is written over on the hard disk drive, it is retrievable and that the company is within its rights to do so. As e-mail communication continues to dominate the business world, it’s more important than ever for employers to keep tabs on employee e-mail messages. Not doing so could leave the organization in the midst of legal troubles. In today’s electronic age, smart companies will enact and enforce an e-mail usage policy and will educate employees and managers as to its purpose and use. It’s one measure that could keep your employees safe from inappropriate communications and could save your company millions of dollars in potential lawsuits. How to write an e-mail office policy was reprinted with permission from the Journal of Property Management, by Patricia S. Eyres, Jan/Feb 2002, Chicago, a publication of the Institute of Real Estate Management. Visit IREM online at http://www.irem.org. |
  |
 Copyright NATIONAL ASSOCIATION OF REALTORS® Headquarters: 430 North Michigan Avenue, Chicago, IL. 60611-4087 DC Office: 500 New Jersey Avenue, NW, Washington, DC 20001-2020 1-800-874-6500 Terms of Use | Privacy Policy | REALTOR.com | Contact NAR | Site Map |