Tactical Advice

The Law's on Your Side

You can monitor employees, but there must be consent on both sides.
This story appears in the September 2008 issue of BizTech Magazine.

David Ries, Partner, Thorp Reed & Armstrong

It is now common business practice in this country to monitor employees’ computer usage. E-mail, Internet use and access to company data are all fair game for monitoring, which may be done by snapping screenshots or recording keystrokes. Software is readily available for these tasks.

There are legitimate business and legal reasons for employers to monitor their workers. Having invested a substantial amount in computers and networks, companies have a right to make sure that their equipment is properly used for business purposes. Improper use can compromise networks and confidential company information. Excessive personal use, particularly with the Internet, can be a tremendous drain on productivity. Employee use of computers can also lead to employer liability in such areas as race or sex discrimination, harassment, defamation and violation of intellectual property rights.

A recent survey by the American Management Association and the ePolicy Institute shows that 76 percent of employers monitor
workers’ Internet connections; 65 percent use software to block connections to inappropriate websites; 43 percent monitor e-mail; and 45 percent track content, keystrokes and time spent on the keyboard. Twenty-eight percent of those surveyed have fired employees for e-mail misuse and 30 percent fired workers for Internet misuse.

Although the law is not conclusively established, monitoring is generally considered to be legal when there is notice and consent.

In Pennsylvania and Maryland, the law requires the consent of all parties to a communication to permit monitoring. Under these statutes, consent by an employee alone may be insufficient to make monitoring of communications with third parties legal because there is not consent of all parties. Connecticut and Delaware, for example, require employers to notify employees when they monitor electronic communications. A tort claim for invasion of privacy is another potential employer liability, but it’s unlikely it would succeeed when there is notice and consent.

Employers Hold the Cards

Court cases have almost universally upheld employers’ rights to monitor employee computer use. One early case held that an employee did not have a reasonable expectation of privacy in e-mails sent, received or stored at work, despite the employer’s repeated assurances that it would not monitor employee e-mails.

Employers who want to monitor employees should have an acceptable-use policy that clearly defines the permitted and prohibited uses of company technology. Companies should then decide what monitoring they may do to measure compliance with the acceptable-use policy. This monitoring should be covered in a monitoring policy, which may be separate or part of the use policy. The policies should give employees clear notice that the technology is company property, that it is to be used for business purposes and that employees shall have no expectation of privacy when using the company’s technology.

Employees should be given notice of the policies initially and periodically thereafter. Employee agreement to the policies, including consent to monitoring, should be recorded through a written signature or electronic consent. Training concerning the policies should be provided and policies should be enforced.

Before a company engages in monitoring employees, it should understand and comply with the current law of all involved jurisdictions. Laws vary from state to state, and many foreign countries have substantially stronger legal protection for worker privacy.

Employees should understand that they will generally have very limited or no privacy when using their employer’s technology. Employees have generally been unsuccessful in challenging employers’ monitoring of the use of company technology, unless the company violates a law or its policies and practices.

David Ries is a partner at the law firm Thorp Reed & Armstrong, in Pittsburgh.

Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.