The California Assembly has approved a bill that would require employers to warn their employees if they plan to monitor workplace e-mail and Internet activities.
SB 1841 — an act to add Section 436 to the Labor Code, relating to electronic monitoring of employees — has created a debate that pits the view that the legislation is an attempt to protect an employee’s privacy versus the view that it is simply an additional regulatory burden for employers.
Supporters of the bill praise the fact that employees will have fair warning of an invasion of privacy, while opponents criticize the bill for creating unnecessary legal complications for employers.
The bill was introduced by state Sen. Debra Bowen, D-Redondo Beach, on February 20, was passed by the Assembly by a vote of 41 to 29 on August 17 and has now been sent back to the State Senate.
The current law in California prohibits employers from recording employees in certain areas of the workplace without obtaining a court order. A violation of this law is a misdemeanor. The bill would also prohibit employers from engaging in electronic monitoring of employees without first providing them with notice, except in specific circumstances.
Clear, Conspicuous Notice
In terms of the implications for California workplaces, employers who intend to collect individually identifiable information about employee activities and communications through the use of an electronic device would have to give the employees clear and conspicuous notice.
The requirement of “clear and conspicuous notice” would be met if the notice is given to each employee either electronically or in writing and if the notice describes:
1) The form of communication or other activity that will be monitored and
2) The types of information that will be obtained, including whether the employer will be monitoring activities, communications or computer usage not related to the employer’s business.
Placing signs in the workplace would not constitute clear and conspicuous notice. Furthermore, the employer’s legal obligation under the bill would be a continuous one. Within one year after providing the first electronic monitoring notice, employers would be required to provide annual notices.
The Bill allows for an exception under which employers would be able to monitor an employee’s electronic activities without notice if the following conditions are met:
1) The employee is engaged in unlawful conduct.
2) The electronic monitoring will produce evidence of the unlawful conduct and will be conducted in accordance with other applicable state and federal laws.
The California legislation could be viewed as timely by employee rights advocates in light of the ever increasing monitoring by employers of employee activities in this area.
For example, a 2002 report by the U.S. General Accounting Office (GAO) on the monitoring of employee computer use by Fortune 1,000 companies found that all of the companies interviewed stored their employees’ electronic transactions, including copies of e-mail messages, Web sites visited and computer file activity.
Six of the companies reported that they routinely reviewed the stored records of employee electronic transactions, looking for violations of company computer-use polices. The report also considered the then current electronic privacy laws in the U.S., and explained how the laws afforded little protection to users of the Internet at work.
Some companies have gone further than monitoring employee use of their computer facilities and have taken affirmative steps to limit employee use of these facilities for personal purposes.
For example, Merrill Lynch, the financial services firm, citing security concerns and regulatory requirements, recently announced that it will block its employees from accessing any third-party e-mail providers, effectively banning employees from using such ISPs as Yahoo, AOL and Hotmail for personal e-mail while on the job. A company spokesperson explained the prohibition as necessary to “maintain the integrity” of Merrill Lynch’s networks and to ensure that electronic communications are subject to “proper monitoring and surveillance.”
Merrill Lynch’s concern partially stemmed from new U.S. Security Exchange Commission rules that require brokers such as Merrill Lynch to accurately archive e-mail and instant messaging communications. In fact, the company was fined last summer for improperly archiving its e-mails.
Merrill Lynch also severely limited its employees’ use of instant messaging at its corporate offices, again due to a recent requirement from the National Association of Securities Dealers that financial services firms must save and store all such instant messaging communications.
The concern by an employer about potential liability for an employee’s use of company computer facilities is not limited to those in the securities industry. In fact, it spreads to companies in every industry.
In a 2003 survey by the American Management Association (AMA) of corporate e-mail rules, policies and practices of 1,100 U.S. businesses disclosed a growing concern by employers in this area. The concern is well placed when the following data is considered: 14 percent of companies reported that e-mail had been subpoenaed for litigation purposes and 5 percent indicated that e-mail had actually triggered a lawsuit.
Enforcement of e-mail policies is also being taken seriously by most companies. For example, the AMA survey showed that 22 percent of companies surveyed had fired an employee for violating their policies in this regard. This figure was also confirmed in a British survey that showed almost one in four UK companies have fired employees for Internet misuse.
Notwithstanding the fact that often such surveys, including the UK survey, are partially facilitated or paid for by companies that sell software to monitor employee use of the Internet and e-mail, they still are reliable as far as pointing to the fact that employers take this issue seriously.
Whether the California legislation is viewed as necessary protection of employees’ privacy rights or viewed as an added regulatory burden for employers, it is a sign of things to come. Monitoring of employee use of corporate computing apparatus is almost universal nowadays. It is only a matter of time before we see a regulatory regime in place that explicitly defines both employer and employee rights and obligations in this area.
Javad Heydary, an E-Commerce Times columnist, is an e-businessattorney (Ontario & New York) at the Toronto-based law firm of HeydaryHamilton LLP and the managing editor of Lawsof.com.