Dear Rita in HR: We recently discovered that an employee is shopping online at work and is signed on to social media sites such as Facebook for about 3 hours per day. We don’t know if she merely views it for a moment and then leaves it open or if she is actually posting and reading for those 3 hours. We also don’t know if she is doing this exclusively during her lunch and break time, which combined would account for about 1 hour/day. In addition, she left her Gmail account open and we were able to read some of the mail she sent to a friend about the fact that she hates her supervisor. We would like to fire her for these infractions. Are we are solid legal ground here?
— Don’t Know Much about the eWorkplace
Dear Don’t Know:
You’ve got a complicated situation here, and our first question for you is: “Do you have an e-workplace policy”? The issues here involve potential invasion of privacy and violation of federal and state Internet regulations, such as the Stored Communication Act. So whether or not you have a policy — and if you have one what’s in it — will be important in defining the privacy interests with respect to what you can view on an employee’s computer.
Note: At the end of this article is a link to a Sample E-Workplace Policy you can use as a template.
Courts have consistently upheld an employer’s right to view all websites visited on the employer-provided work computer when the employee is informed that the information accessed and stored on work computers is not private. Likewise, courts have upheld the employer’s right to retrieve and read e-mail sent via the company e-mail.
So you are on solid legal ground when you investigate the employee’s use of work time to surf the web and you can discipline her if she is not using her work time effectively or committing time card fraud for stating she is working, when she is not.
However! The confusion comes into play when the employer uses a third party email service, such as Yahoo or Gmail to write personal emails during work time. The courts have been clear that an employer cannot log into an employee’s email or request the password to that email, even when it is used on the work-provided computer. Even when the employer does not log into the employee’s account, but inadvertently comes across email information, there is at least one case holding that the employer did not have the right to use any information from the private email account in litigation.
Rules for employees using their home computers
You should be glad that you do not have to deal with the more difficult issue which involves employees who work from home on their personal computers. First, if the employer provides a portal to log onto the company’s server, the same rules apply, as if the employee is working on a work-provided computer. As with work computers, the employer generally does not have the right to either read or sign onto the employee’s private email on the employee’s private computer. The danger is when an employee uses their personal account to send business emails. Monitoring this type of transaction could lead to trouble and litigation.
Drafting an e-workplace policy
In this context, the star in all litigation is the employer’s e-workplace policy [see attached sample policy]. Such a policy should include the following:
- Clear written notice covering all information created, stored, received or transmitted on or by any device or system provided or supported by the employer.
- Clear expectations that employees have no right to privacy and that the employer owns all information created, received or stored on any electronic device provided or supported by the employer.
- The fact that the employer has the right to monitor, search, access, inspect and read all information transmitted over the work-provided or supported computer.
- Clear written notice about allowed access to employees and third parties.
- Never require an employee to give you access to a personnel e-mail or social media account
- Never secretly obtain the employee’s login/password.
- Be realistic as to personal use on the work computer but regulate the use if it violates the law or policy or interferes with the employee’s job performance or business operations.
- Emphasize the e-workplace policy when you hire new employees and present yearly reminders.
- And last, but not least, train your supervisors/managers to have consistent fair enforcement of the e-Workplace policy.
So if you don’t already have a policy, don’t take action now. Instead, use our template to create a policy, adopt it, educate employees about it, and then — if the problem contines — take action.
And remember, this is a new and evolving area of the law, so it is best to check in with an employment law specialist before diving into an employee’s otherwise personal email.Thanks for your question!
And here’s that link to our Sample E-Workplace Policy you can adapt for your own nonprofit.
Pamela Fyfe is an Employment Risk Manager for the Nonprofits Insurance Alliance Group. In her position she helps nonprofits avoid potential employment claims and reduce the possibility of future claims. Before joining the Nonprofits Insurance Alliance Group, she practiced employment law for more than 25 years — representing management in wrongful termination, discrimination and sexual harassment cases. She admits to possibly having sneaked online at work to see her first grandchild — Mara Adeline — who lives in London.