Privacy in the Internet age

In this edition of In the Trenches, Acme confronts the proper role of online privacy in the workplace.

Percy Vierenze was the newest team leader in Acme’s production planning and expediting department. Although the department’s work involved sophisticated software of various types, his role was primarily administrative. This was fortunate because, like many such lower-level executives, Percy wasn’t particularly tech-savvy.

The work that Percy’s team performed went to Helen Weals, the production manager, another administrator in a nearby office. Helen had a high regard for Percy’s predecessor because the two had worked together for years to hone their routine interactions and the quality of the material passing from the production planning group. This continuous improvement initiative made Helen’s job relatively easy and stress-free. Helen expected to achieve that same level of cooperation with, and quality output from, the group under Percy’s leadership.

When this expectation wasn’t met, Helen began complaining to Percy and anyone else involved about the way the production planning had gone downhill. At first, Percy listened attentively to the complaints and tried to provide what Helen wanted. But Helen’s complaints did not abate.

Percy’s job gradually degenerated into working conditions that he found outright intolerable. He believed this to be a case of hostile work environment and harassment. Percy couldn’t stand the thought of having to go into the office each morning. He consulted an attorney about the situation and continued communicating with the attorney via e-mail.

How can a company be expected to correct a hostile environment if it’s not made aware of it?

Percy had read Acme’s written policy about employee computer use very carefully and noted that it clearly said company e-mail is considered company property, but found the policy made no mention of personal e-mail accounts. Although he used the company-issued laptop computer to communicate with the attorney, he knew enough not to go through Acme’s e-mail system. Instead, he used a private e-mail account he established with one of the many cost-free, Web-based, password-protected, third-party e-mail services commonly available to anyone. On several occasions, Percy accessed this e-mail account through the Acme server during normal work hours.

Percy covered his tracks and retained no personal e-mail messages or passwords on the laptop computer or on Acme’s server. He didn’t print any of the e-mails he exchanged with the attorney. Besides, each of the attorney’s e-mails had the standard boilerplate near the bottom that indicated the contents are considered privileged and confidential.

One day, something pushed Percy over the edge and he abruptly resigned his position with Acme. Shortly after he resigned, his lawyer filed a lawsuit alleging Percy had been subjected to harassment based on gender, religion and national origin, each of which violated the state’s laws against discrimination.

Acme hired a computer consultant to search the contents on the laptop computer Percy surrendered when he left. The consultant had no trouble retrieving a record of the Web pages Percy visited and his e-mail correspondence the browser automatically archived on the unit’s hard drive. That material was turned over to Acme’s lawyers to prepare the company’s defense.

When Percy learned this had happened, he filed an additional claim of invasion of privacy.

How could this situation been avoided? Does an employee have any reasonable expectation of privacy when using a company-issued digital device? How bullet-proof is the attorney-client privilege with respect to e-mail communications? Is there some easy way to keep the line between business and personal computer use from blurring?

A plant engineer says:

This situation could have been avoided if the commander and the chain of command addressed the situation. There must be a proper working relationship between employees, Percy and Helen. Helen is expecting something from Percy she isn’t getting. Her complaints to him haven’t yielded the response she expected. Her next step should be to discuss this with her boss. The matter should be analyzed to determine if the material provided by Percy to Helen is correct. If it is, Helen should be held accountable for her complaints against Percy. If the information isn’t correct, Percy should be held accountable for his actions and change the way he does business with Helen. To let this situation drag on to the point where Percy is miserable represents poor management on the part of their respective supervisors, assuming, of course, that the supervisors knew about the situation. We don’t know if this was carried up the ladder.

Shame on Percy for not going to his supervisor or HR with his complaint about Helen’s treatment of him. How can a company be expected to correct a hostile environment if it’s not made aware of it? In my opinion, Percy’s case will be difficult to win because of the lack of any notification of HR or his supervision of the problem.

I don’t think an employee should expect any privacy when using a company issued digital device. The device, the wires, RF waves, network servers, and other related hardware and software were purchased by the company to help achieve company goals. The equipment isn’t installed for employees to use for their personnel goals. As long as the policy lets employees know the rules, employees should not expect exceptions. If they can’t accept the rules, they should work some place they like the rules better.

The attorney-client privilege question would most likely be taken to court. I think it would be wrong to be in violation of company digital rules and get taken to court for it, but that’s often the world we live in. The expectation of privacy on a company network using a company computer is a delusion. E-mail your personal stuff on your own time.

To keep the line of personsl and business computer use from blurring, companies should develop a clear policy and communicate it with everyone who uses company digital assets.

Jeffrey L. Strasser
Bacova Guild
(540) 863-2656
Strasser.Jeff@bacova.com

An academician says:

My usual reaction to a case like this is to say that Percy doesn’t have a prayer. If she is using the company’s computer, regardless of whose e-mail account is being used, the company has the right to look at it. So, be careful what you say in your love notes to your sweetheart if you’re using company property.

But this gets a bit complicated in that Percy was in communication with her attorney on her own password-protected e-mail account. So, does this fall under the attorney-client privilege, which holds that any communication between a client and an attorney as confidential information? Well, at least one court thought it certainly does and that Acme would have no right looking at Percy’s communication with her attorney even if it was on their computer. There are a few more twists and turns with the case that I’ll not get into, but bottom line is that Acme should not have viewed this privileged communication.

How to avoid this problem? Certainly, one could clarify the company policy on personal use of the computer system and inform employees that their e-mails might be retrieved from the computer’s hard drive. I suspect that this issue will get kicked around in the next couple of years, but for now a company should keep hands off privileged client-attorney communication. However, beyond that, the company can monitor anything you send or receive on its computer.

Professor Homer H. Johnson, Ph.D.
Loyola University Chicago
(312) 915-6682
hjohnso@luc.edu

An attorney says:

As computers began consuming communications in the working world, employers became more savvy. Now there’s not a company worth its salt that doesn’t have a computer policy. And every one of those policies states that an employee has no privacy interest in what is on their work computer. Many of the policies also state that employees aren’t to use their work computers during working hours for personal purposes.

Generally, the courts have held that as long as the employer makes it clear up front that it can monitor and access an employee's e-mails, the employee has no right of privacy in what is sent or received on the computer at work. In determining whether an employee has a privacy interest, the courts look at whether there is a “reasonable expectation of privacy.” If company policy says the company reserves the right to access and monitor all of an employee's e-mails, there’s no reasonable expectation of privacy.

That being said, the attorney-client privilege, unless waived by the client, is sacrosanct. But this case poses an interesting question in that regard. Because of Acme's policy that e-mail was company property, an argument could be made that Percy waived the attorney-client privilege by using the company computer, knowing that it could be read by the company at any time.

There’s an easy way to distinguish between business and personal e-mail. If an employee sends an e-mail that benefits the company, it’s a business e-mail. If the communication benefits the employee, it’s a personal one. It’s difficult to summon up much sympathy for an employee who thinks, on working time, when being paid by the employer, that it’s permissible to send an e-mail to an attorney in furtherance of legal claims against the employer.

Isn't this like biting the hand that feeds you?

Julie Badel, partner
Epstein Becker & Green, P.C.
(312) 499-1418
jbadel@ebglaw.com