Delaware Employment Law Blog

Can I read my employees' e-mails? Labor and employment attorneys get this question often. It's not as common, though, that the possible cyber-sleuth is a co-worker rather than a member of management. Recent drama at the news desk of Philadelphia's CBS 3 fits this unusual profile. 

The First of the Fallen Anchors

Long-time CBS news anchor, Larry Mendte, is under federal investigation.  He is suspected of reading the e-mails of former co-anchor, Alycia Lane.  After Lane was involved in several scandals of her own, her employment contract was terminated after she allegedly assaulted a plain-clothes police officer in New York City, and using a homophobic slur. See my earlier post, Bad Boys, Bad Boys, Whatcha’ Gonna Do When They Work for You?, for more details on the Alycia Lane scandal.

The Cyber-Scandal Spreads

And now attention has been turned to Lane's former colleague, Larry Mendte.  Late last week, Mendte and CBS News learned that he was being being investigated for snooping through Lane's e-mail.  Reading others' e-mails without permission or privilege is a federal crime.  (Last week we discussed Delaware's state law, which requires employers to provide written notice of their intent to monitor employees' e-mails.  See Employers' Policies on Technology in the Workplace).

Mendte's home computer was seized by the FBI as part of the probate.  CBS 3 issued the following statement yesterday:

Late last week, CBS 3 became aware of an investigation by the U.S. Attorney's Office regarding anchor Larry Mendte. CBS 3 is cooperating fully with that office in this matter. Mr. Mendte will not be on CBS 3's broadcasts pending further investigation.

While the investigation is ongoing, Mendte has been dethroned. It doesn't seem so positive.  Mendte's lawyer said yesterday, "We hope to work together with CBS 3 to reach a mutually agreeable resolution as to his status." 

That does not sound good.

Get Consent to Monitor Employees' E-Mails or Risk a Mendte-Style Result

Let this be a word of warning to any employer who may be inclined to search their employees' e-mails without complying with state and federal notice requirements.  Cyber-sleuthing has serious consequences.

And if you learn that another employee has been snooping through a co-workers electronic data, including e-mails, act quickly and seriously.  Take a page from CBS 3 and consider suspending the employee until your investigation is complete.

Employers know that e-mail between employees can be dangerous.  Employers know that the Internet can all but eliminate the productivity of their employees.  But what do employers know about Instant Messaging, weblogs, chat rooms, and wikis?  And, more importantly, what are they doing about it? HR Hero's survey gives some insight into the answers to these questions.

Survey Says . . .

HR Hero has released the results an interesting survey on policies (or lack thereof) for workplace technology.  There is a link to the full survey below but here are some highlights:

Policies for Technology Use.  Not surprisingly, most employers (89%) have policies both on employees' internet and e-mail usage.  What was surprising, to me anyway, is that there are still employers (5%) with essentially no policies on workplace technology.

E-mail Usage Policies.  Only a fraction of respondents (3%), did not put any limits on employees' use of the company's e-mail  systems.  Nearly all (80%) have policies expressly prohibiting inappropriate e-mails.  And more than half (61%) permit personal e-mail so long as it is not excessive.  A surprisingly large number (34%), of employers do not permit employees to send any personal e-mails.

Internet Usage Policies.  Like e-mail policies, nearly all employers (82%) prohibit employees from visiting websites.  28% of employers limit employees' internet access to approved websites only.  A small number of employers had either no internet usage policy at all (3%) or put no limitations on usage (3%).

Internet & E-Mail Monitoring Policies.  Just over half (58%) of employers that responded monitor internet use but only if they suspect abuse.  Almost the same amount (61%) did the same for e-mail.  Less than one-fifth of respondents regularly monitor e-mail use (19%) but internet monitoring seems to be more common (27%).

Blogging.  Most employers have not started to use blogs as part of their business activity.  Of those who have (12%), approximately equal numbers are putting blogs to work as part of their marketing (4%), and public relations (3%), efforts.  Others are blogging to communicate both internally within the company (3%), and externally with clients (1%). 

The entire survey, Technology and HR 2008, can be seen at the HR Hero website.

Special Note for Delaware Employers

Delaware employers should be aware that state law mandates that notice be given before monitoring employees' internet or e-mail usage. The law is specific in the way that notice must be given.  Although there are alternatives, the most common way is with a written consent form signed by each employee.

For more information on how to comply with Delaware's internet and e-mail monitoring law, contact any of the attorneys in YCST's Employment Law Department.

Employees' Blackberry usage may prompt lawsuits. Claims for unpaid overtime wages have swept the country and put the nation's biggest employers on high alert as the class-action craze shows no signs of slowing.

The rapid growth of the PDA and Blackberry usage among employees may hit employers in the pocket book more than they think. These devices used to be just for lawyers, doctors, and executives. But, in today's techno climate, even rank-and-file employees are using PDAs.

A great deal of this usage occurs after hours and on weekends. Is the time spent by an employee when checking and responding to e-mails and messages is compensable under the Fair Labor Standards Act (FLSA) and state wage laws.

The general rule is that non-exempt employees must be paid for all hours worked. The standard used to determine whether time is actually "hours worked" is whether the employee is "suffered or permitted to work." An non-exempt employee who receives a company-provided PDA and uses it to respond or send work-related e-mails my have an argument that he or she should be paid for that time.

While some employers may balk at the notion of paying an employee for time responding to a few e-mails after hours, all of the time spent texting away may add up. Generally, an employee can claim up to two, and in many cases three, years of back overtime or wages. In addition, the FLSA provides a fairly easy mechanism to bring a class action lawsuit for overtime on behalf of similarly situated employees.

So far, there have been no wage-and-hour suits involving PDAs, but employers would be wise to review their policies regarding use of PDAs by non-exempt personnel. In particular, non-exempt employees should be instructed to report any work time spent using PDAs. And employers may even want to place limitations on when PDAs can be used after hours.

The Wall Street Journal Law Blog has a great post on this topic, "Are Blackberrys the Next Battleground in Wage-and-Hour Litigation"

Employee-privacy advocates are not in favor of biometrics in the workplace. But many employers do not share the concern. Biometrics are being used in workplaces across the country for purposes ranging from security to timekeeping and attendance.

What are Biometrics?

You may not know it, but you have probably seen biometrics in use numerous times. Catch any modern spy movie and there is sure to be a scene where the main character accesses the inevitable Restricted Area using the fingerprint of a dead man via a "borrowed" digit. Or maybe the triple-secret bank vault can be opened only via a a retina scan of the bank's Very Important President. You get the idea.

Biometrics run the gamut from simple to NASA-level technology. Biometrics on the most basic level could include simple ID badges with the employee's mug-shot style photograph. Signatures are even included in biometrics that are used as a security measure. Today, employers utilize password-management systems that require employees to regularly change their personal passwords in order to access the company's network.

The term "biometrics" refers to a method of authenticating the identity of an individual using enduring physical or behavioural characteristics. Any system that utilizes biometrics relies on the use of biometric identifiers. Also known as "BIs," biometric identifiers are select pieces of information that relay an encrypted picture of some unique feature of the person's biological makeup. Common BIs include fingerprints, retinal scans and voice scans.

Other identifiers that have been suggested and used include: hands, feet, faces, ears, teeth, veins, voices, signatures, typing styles (keystroke), gaits and odors.

How Effective Are Biometrics?

In the employment context, biometrics are used as an authentication tool. The BI is compared to the authenticated BI, which is stored in a database. Used this way, biometrics offer a nearly infallible security system. Unlike traditional security measures, like passwords or security badges, biometrics cannot be shared, lost, forgotten, stolen, or recreated.

But there are security risks for the user. For example, the authenticating, or original, data must be kept as secure as possible, which usually means not being sent wirelessly. And, if it is sent across a network, encryption should be at a maximum. As a compromise, systems often provide for a larger margin of error. And, unlike passwords and security questions, biometrics cannot be changed or revoked when the employment relationship ends.

What Else Could Go Wrong?

Well, lots, actually. Unauthorized access to highly sensitive personal information raises very legitimate concerns about identity theft--a problem that already has employers on high alert for potential liability. And, without any regulatory system in place, what about the potential privacy implications? Surely, employees will want to know what other information can be obtained should the wrong person have access to the database.

It's 2008, do you know where your employees blog? Employers who fail to stay current with the popularity of blogging or who do not have a solid blogging policy in their Employee Handbook put themselves at a great disadvantage. Read on for some key points on the "whys" and the "hows" of a valid and comprehensive blogging policy.

Today’s Wall Street Journal features an article on blogger Heather Armstrong. Heather is most famous for being fired for writing about her co-workers on her blog, www.dooce.com. In fact, a blogger is “dooced” when he or she is terminated for blog comments.

Today, Heather is a full-time blogger writing mostly about her family life. Her blog is incredibly popular, receiving over a thousand hits each month. Her husband even quit his job to work on selling advertising for the blog.

The article causes one to think about just what risks employee run blogs pose for the workplace and how problems can be avoided.

Breach of confidentiality. A blogger may reveal confidential information about your company, including trade secrets. For example, a blogger complaining about a project assignment may, without thinking about the implications, reveal details of a new product that's under development. Or an accounting department blogger complaining about having to work an all-nighter on a big stock deal may inadvertently be revealing insider information.

Defamation. The freewheeling culture of blogging may encourage people to say things online that could defame their employer, management, co-workers, customers, or competitors.

Harassing or otherwise offensive content. Imagine, for example, a situation in which an employee with a disability is being accommodated with a modified work schedule in compliance with the Americans with Disabilities Act. The employer has properly responded to inquiries about the arrangement by saying only that the company is handling the individual's situation in accordance with federal law. A blogger complains that that "slacker" is being allowed to come and go as he pleases while the rest of the department suffers for it and speculates about the person's possible medical condition.

Or imagine a blogger spreading completely speculative rumors that a recently promoted colleague got the job by performing sexual favors for the boss. Conversation that shouldn't go unaddressed in the workplace can be extremely difficult to curb when it occurs anonymously in cyberspace.

Inappropriate content. Such content can range from postings that are disrespectful to your company to those that are completely unrelated to employment but may still reflect on you.

It's important that you cover blogging in your Internet or electronic communications policy. The policy should prohibit disparaging the company or its employees, customers, or competitors either by name or implication. As with your other policies, it should be communicated to employees when they're hired and periodically thereafter. It also should caution them that they must avoid creating the impression that the views expressed on a blog are anything more than personal opinions.

Following are some points you may want to cover in your blogging policy:
1. Persons who broadcast information regarding the company or its employees, customers, or competitors must make clear that views expressed in the blog are theirs alone and don't represent the views of their employer.

2. In blogging, as in any other communication, employees must respect the company's confidentiality and proprietary information. Employees should be reminded of the confidentiality provision in the employee handbook and, if they're required to sign confidentiality agreements, of their commitments under those agreements.

3. Employees who have questions about the blogging guidelines should direct their questions to a designated company official who will serve as the authority on the policy and on helping them understand how it applies to their situations.

4. As with all communications, persons communicating through blogs are expected to treat the company and it employees, customers, and competitors with respect.

5. The company may ask that certain topics not be disclosed for confidentiality or legal compliance reasons, and employees are expected to honor those requests.

6. Employees are responsible for ensuring that their blogging activity doesn't interfere with their work commitments, and they should be familiar with the company's other policies regarding Internet use, which also apply to blogs.
The benefit of a blogging policy is that it puts your employees on notice of the standards of conduct that apply to blog postings. If you then learn that an employee has violated the policy, you can address the situation through the normal disciplinary process. Before imposing discipline, however, remember that state laws differ and certain types of communications may be protected under state and federal law. You might consider consulting counsel before taking any disciplinary action.