• The HR Specialist - Print Newsletter
  • HR Specialist: Employment Law
  • The HR LAW Weekly
  • The HR Weekly
  • California Employment Law
  • Minnesota Employment Law
  • New York Employment Law
  • Pennsylvania Employment Law
  • Texas Employment Law

E-Mail and Internet Usage: Legal Risks & Sample Policy


While e-mail and the Internet have revolutionized business, employees can use them for some very unproductive purposes. Employers have any number of legitimate reasons to monitor employees’ e-mail and Internet usage. Beyond personal productivity issues, you risk significant loss should an employee download a virus or other damaging software or engage in illegal activity conducted on company computers.

Many employees may think e-mails are confidential, but you should dispel that myth by clearly communicating your organization’s policy on e-mail/Internet use. Your policy should:

  • State the purpose of electronic mail. Explain clearly whether it is solely for business-related communication or if personal use is authorized.
  • Forbid the use of any derogatory language in e-mail transmissions, even if it’s meant as a joke.
  • Prohibit the use of e-mail for non-job-related solicitations or proselytizing.
  • Make it clear that employees can’t have a private password. Although passwords don’t have to be known by other workers, an exhaustive list of passwords must be available to management.
  • Inform employees that you reserve the right to inspect all e-mail records and correspondence without advance notice.

Federal courts have rejected employees’ claims of their right to privacy in e-mail messages. In one district court decision in Pennsylvania an employee was discharged for transmitting inappropriate and unprofessional comments to his supervisor over his employer’s e-mail system. The plaintiff claimed that his discharge violated public policy because he had a right to privacy. In granting the defendant’s motion to dismiss, the court held that the plaintiff did not have a reasonable expectation of privacy in e-mail communications made over his employer’s system, despite the employer’s assurances that such communications would not be intercepted by management.

The court went on to state that even if the plaintiff had a reasonable expectation of privacy in the messages, an ordinary person would not find the employer’s interception of these messages to be a “substantial and highly offensive invasion of his privacy.” Moreover, the court ruled, the company’s interest in preventing inappropriate and unprofessional comments, as well as possible illegal activity, outweighs any privacy interest the employee may have in the messages. Smyth v. The Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996)

Caution: Employees must follow all state and federal laws directly or indirectly relating to e-mail and Internet use. For example, employees may not violate copyright laws or download pirated software. Furthermore, if you allowed pornography to exist in the workplace, you’d be a prime target for a sexual harassment lawsuit. Likewise, allowing employees to send abusive or harassing e-mail could land you in court.

Deleting e-mails: the legal impact

Courts are increasingly regarding e-mail as just another business document. Like many employers today, do you distribute important policy notices via e-mail? Can employees ask about leave or update their benefits information by e-mailing the human resources department?

If so, you must have a policy in place for retaining a copy of those e-mail communications. That’s because the EEOC requires you to keep such records for at least one year. It’s a good idea to print out your e-mails to and from employees and place a copy in their personnel files.

Before purging e-mail or other electronic information, read through it to determine if it has any legal significance. Although you may wish that some e-mails had never been sent, deleting them may not be much help and may be seen by a court later as intentional concealment or even destruction of evidence. It may be better to have a copy than to be presented with a copy during litigation.

From a practical point of view, you can never be sure that an e-mail you think was deleted from the system isn’t stored somewhere else. Did one of the senders or recipients forward it to others or to herself at another e-mail address?

Perhaps no case illustrates better the potential trouble e-mail can cause than the Enron debacle. Once the story of Enron’s collapse hit the media, it wasn’t long before e-mails between the company’s upper management and its accounting firm, Arthur Andersen, were made public. Conversations that before the era of e-mail company officials would have conducted via phone (and thus not recorded for posterity) were memorialized in a series of damning e-mails.

Recommendation: Although e-mail is convenient, some things are best left to the phone. What you haven’t written down doesn’t have to be deleted.

Beware liability in blogging, social networking 

New technology enhances workplace communication and collaboration, but employers whose company policies don’t keep pace could pay a heavy price.

Blogs (short for web logs), where employees may freely type messages to one another over the company’s server, have been touted as great team-building tools. Similarly, social networking sites, such as Twitter and Facebook, offer employees communication outlets that didn’t exist a few years ago. While these seemingly benign online chats may be seen as 21st century water-cooler talk, the fact that they appear on the Internet gives them many attributes of a published document.

Generally, courts have held that employers may regulate what occurs on their electronic devices. However, some recent decisions show courts are backing off this absolute protection for employers. In early 2009, a New Jersey appeals court ruled that an employee had the reasonable expectation that his employer would not read e-mails sent and received on his personal account even though they were sent from a company computer. Stengart v. Loving Care Agency, 973 A.2d 390 (2009)

A California court ruled that an employer could not access employee text messages without the employee’s permission if it paid an outside service to send the messages. City of Ontario v. Quon, 529 F. 3d 892 (2008) The employer appealed and the U.S. Supreme Court has agreed to hear the case.

So, how far can an employer go when monitoring employee communications? Social networking sites have privacy settings, allowing users to restrict access to parts of their sites. Employers that obtain passwords or access to private sections of social networking sites without the employee’s permission may be subject to invasion of privacy charges.

Employees as well should know how to protect private portions of their sites. For instance, an employee who reveals a disability on Facebook may not want a current or prospective employer to know that. Employers that stumble on such information probably should not act on it. Some plaintiffs’ attorneys argue that seeking personal disability information about a current or prospective employee on the Internet is the same as asking about a disability during an interview. The ADA bars such inquiries.

How should employers handle communication on their employees’ own time and equipment? While your options are limited, here are some guidelines:

  • Employees must never claim to represent the company in electronic communications unless they have express instructions to do so.
  • Employees should be reminded they are not authorized to release confidential information or trade secrets when using social media.
  • Employees should understand that even though they may discuss working conditions, criticisms of bosses and co-workers could be potentially libelous or harassing. Even in social networking, a “just the facts” approach works best as long as those facts aren’t company secrets.