Articles

The Workplace Panopticon Minnesota Privacy Law at Work

Phillip J. Trobaugh
(email)
Mansfield, Tanick & Cohen, P.A.
1700 U. S. Bank Plaza South
220 South Sixth Street
Minneapolis, MN 55402
612.339.4295

I. Introduction

Managing employees in the cyber age has become a thicket of confusing legal issues. This is based partly on the fact that technology evolves much more quickly than society can respond to it legally. Thus, situations can arise at work where there are no clear answers or guidelines. This can lead to confusion and doubt for both parties. Nowhere is this more evident than with the advent of email and the Internet as an everyday business tool. Consider the following:

In 1991, the year I graduated from law school, there were an estimated 50 pages on the Internet. That figure in 2000 was estimated at 50 million.

In 2000, 40 million e-mail users in the workplace will send an estimated 60 billion e-mail messages by the end of the year.

E-mail is an incredibly versatile and powerful communication tool. Its near instantaneous ability to send and receive information resembles the telephone; its ease of use encourages us to use it again and again. It is also an almost perfect recording device. Messages that have been sent and received can, with some effort, be re-created. When employees exchange non-business related e-mails using their employer's e-mail server, it raises a number of legal and management concerns. Can employers legally monitor the emails of its employees? Should they? Are there circumstances where monitoring is allowed?

There is no unified employment law in America, no specific code that addresses all of an employer's and employee's legal rights. The law is found in disparate areas: the constitution, various statutes, and law as created through judicial opinions, called "caselaw." Similarly, there is no unified privacy law in America. Sometimes these laws and issues collide, and an employer needs expert advice on how to handle such issues and conflicts.

II. At-will doctrine

Most employers in America are subject to what is called the "at-will" doctrine. That is, the employee serves the employer at the employer's discretion. Employees can, for the most part, be hired, disciplined, and terminated for a good or bad reason. Within this, the employer has a great deal of discretion in how to direct and oversee an employee's actions in relation to the employer.

That said there are limitations. The employer cannot take action against an employee on the basis of some recognized form of discrimination (e.g., age, race, sex, disability, religion). Public employers must have something called "just cause" before terminating an employee. Unionized employers must abide by a collective bargaining agreement, or contract, in relation to wages, hours and other terms and conditions of employment.

III. Privacy Principles

The right to privacy is a nebulous concept. Most people's thoughts about privacy center on the concept of "the right to be let alone." Privacy is also largely thought of in relation to what the government does with information about citizens, whose right to privacy is governed in turn by the 4th Amendment. This provision of the Constitution simply states that a citizen has the right to be free from "unreasonable searches and seizures" by the State. In order to begin analyzing this in any given fact pattern, courts look to see whether the criminal defendant had a "reasonable expectation of privacy." Katz v. United States, 389 U.S. 347, 361 (1967) (Harlan, J., concurring). This standard will be important later on in the employment context, and will be revisited.

But the 4th Amendment governs the privacy issue only as between the State and its citizens. For privacy protection between individuals, or between employers and employees for example, courts look generally to a collection of judge-made law called "torts." Torts are simply the civil version of crimes. That is, torts are social wrongs which do not rise to the level of criminal behavior. Judge-made law is that which is found in written judicial decisions, called case law. Judges began recognizing that people had a right to privacy as a distinct legal right around the turn of the 20th Century.

In Minnesota, the specific right to privacy did not exist legally until 1998, with the legal decision in Lake v. Wal-Mart, 582 N.W.2d 231 (Minn. 1998)². The Lake case concerned two young women who were photographed together in the nude while on a trip. The film was taken to a local Wal-Mart for processing, and one of the store's employee's took the photo and posted it on the Internet. While Minnesota courts had specifically refused up until that time to recognize a right to privacy, under these facts, and given that Minnesota was one of only three states remaining to recognize such a right, it decided to do so here. The Court found that privacy is an integral part of our humanity; one has a public persona, exposed and active, and a private persona, guarded and reserved. The heart of our liberty is choosing which parts we shall hold close Id., at 235.

The Court more specifically found that the privacy right consists of three distinct parts, or, torts: a) intrusion upon seclusion, which is an invasion "upon the solitude or seclusion of another of his private affairs or concerns," b) publication of private facts, which is the communication of true facts that, while not defamatory, would be "offensive to a reasonable person," and is not of "legitimate concern to the public," and c) misappropriation of identity, which is the unauthorized exploitation of the name or likeness of another, "usually done for commercial purposes."³

Aside from the common law right to privacy, the only other major privacy law affecting employees in most private employment settings is the federal Electronic Communications Privacy Act. The ECPA prohibits the intentional interception of electronic communications, like e-mail⁴. Fraser v. Nationwide Mut. Ins. Co., 135 F. Supp. 623 (E.D. Pa. 2001) (court differentiated between intercepting a message before the recipient accesses and accessing a message after it has been accessed by the intended recipient). While sounding broad, the law contains a variety of loopholes which facilitate employee monitoring. For example, employers are permitted to monitor networks for business purposes, enabling them to listen in on employee telephone calls or to view e-mail. Also employers may intercept communications where there is actual or implied consent. Consent has been found where the employer gives notice of the monitoring, such as in a disseminated policy.

A word about the "reasonable expectation of privacy." Remember, this was a standard used to analyze 4th Amendment privacy cases. However, because of its powerful logic which helps to analyze any privacy claim, this standard has filtered down into the privacy torts. Courts will often use this standard to see whether a plaintiff has a claim or not. So even though this should not technically apply to the employment context, it often does. This means that in areas where historically employees have an expectation of privacy, an employer must lightly tread or face high legal consequences.

IV. Current status and cases

A variety of powerful tools are available to employers for workplace monitoring, including:

Packet-sniffing software that can intercept, analyze, and archive all communications on a network including e-mail, chat sessions, file sharing, and Internet browsing. Employees who use the workplace network to access personal e-mail accounts not provided by the company are not protected. Their private accounts, as long as they are accessed on workplace network or phone lines can be monitored.

Keystroke loggers can be employed to capture every key word pressed on a computer keyboard. These systems will even record information that is typed and then deleted.

Telephone monitoring; some systems automatically monitor call content and breaks between receiving calls.

Video surveillance - acceptable where the camera focuses on publicly-accessible areas. However, use in areas where customers or employees have a "legitimate expectation of privacy" (e.g., bathroom stalls) is illegal.

"Smart" ID cards - can track an employee's location while she moves through the workplace.

Psychometric or aptitude testing - purport to assess intelligence, personality traits, religious beliefs, character and skills. Gray area - the more it looks like a medical test, the more the employer could be drifting toward illegal disability discrimination.

Assuming an employer can monitor its employees, are there any risks? Generally, without a proper e-mail policy, employers may open themselves up to unexpected liability. A proper policy is one that alerts employees to dangers for abusive use of e-mail and Internet usage, and to make sure their activity is business-related only. Without one, an employee may be successful in arguing that she had a reasonable expectation of privacy. See Restuccia v. Burk Tech., Inc., No. 95-2125, 1996 Mass. Super. LEXIS 367 (Mass. Super. Ct. Aug. 12, 1996).

Harassment claims often center these days on e-mail evidence:

A subsidiary of Chevron Corporation recently settled a hostile work environment claim based on e-mail, for $2.2 million. In this instance, a list indicating "why beer is better than women," circulated throughout the company on its e-mail system.
Knox v. Indiana, 93 F.3d 1327 (7th Cir. 1996), a New York correctional officer sued the state for sexual harassment based upon inappropriate behavior of her supervisor, which included a number of e-mails asking her for sex. Although the jury dismissed the plaintiff's sexual harassment claims on the grounds that the employer took prompt remedial action when it learned of the e-mails, the plaintiff was awarded $40,000 for a related claim.
Strauss v. Microsoft, 68 Fair Empl. Prac. Cas. (BNA) 1576 (S.D.N.Y. 1995) a federal district court held that evidence in e-mails of a supervisor referring to a woman as the "Spandex Queen," calling a receptionist "Sweet Georgia Brown," and referring to himself as the "president of the Amateur Gynecology Club" were all relevant and admissible regarding sexual harassment claims and whether a sexually hostile work environment existed.
Yamaguchi v. U.S. Dep't of the Air Force, 109 F.3d 1475 (9th Cir. 1997), the plaintiff relied upon unwanted and inappropriate e-mail messages from her supervisor as part of her sexual harassment claim.
According to at least one study, as much as 70% of the traffic on pornographic web sites occurs during working hours. Not only does such use decrease productivity, it can also be the basis for a harassment claim. Robert Beall, "Read My Mind: The Perils of Surfing the Web at Work," 5 Cyberspace Law 2 (Oct. 2000) (citing BusinessWeek).

Litigation seeking e-mails, in what is known as the discovery phase, can be expensive and time consuming for employers. In re Brand Name Prescription Drugs Antitrust Litig., Nos. 94C 897, MDL 997, 1995 U.S. Dist. LEXIS 8421 (N.D.Ill. June 15, 1995) (ordering CIBA-Geigy to produce e-mail messages at its own expense even though CIBA-Geigy estimated that there were more than 30 million e-mail messages stored on its back-up tapes and that it would cost approximately $50,000 to $70,000 to search the messages and format them into a readable form).

V. Top 7 Tips for Employers on Workplace Privacy

Specific e-mail policy
- Blanket protection - an employer may choose to prohibit use of e-mail (and Internet) for non-work purposes; such a policy must be uniformly administered.
- Prohibition for Non-work Purposes During Work Time - under this policy, employees would be able to use e-mail (and Internet) during breaks or after hours. Such a policy should include a prohibition against both sending and opening personal e-mail during work hours.
- Allowing personal e-mail use - an employer may also choose this type of policy, within certain boundaries (e.g., no inappropriate e-mails or Internet usage, usage must not interfere with work). Some businesses choose this type of policy in the interest of employee morale, or because they do not think they can effectively prohibit the use of e-mail for personal reasons.
- E-Mail is Employer Property - whatever the form of the policy, it should clearly inform employees that the e-mail system is the employer's property and that it is intended principally for business purposes. If an employer allows some personal use of e-mail (and Internet), the following restrictions should be placed: a) it does not interfere with the employer's operation of system services; b) does not interfere with the user's employment; c) is not personal monetary gain; d) does not violate the law; e) does not invade the rights of others; f) does not violate any other employment policy (e.g., non-harassment, professionalism, trade secret, and non-disclosure policies).
- No expectation of Privacy in Work E-Mail - this should also be clearly stated in the policy, regardless of whether the e-mail was sent or received by the employee.
- Monitoring frequency - the policy should indicate that monitoring will occur randomly, in order to: a) maintain the integrity and efficiency of the system; b) prevent and discourage unauthorized access and system misuse; c) retrieve business-related information; d) investigate reports of misconduct or misuse; e) reroute or dispose of undeliverable mail; and f) to respond to lawful requests for information.
- Deletion - the policy should state that the mere deletion of a message or file may not fully eliminate it from the system.
Record Retention Policy - in addition, the employer should adopt a comprehensive electronic information and records retention policy in which e-mail is retained for a set period of time and then erased on a systematic and timely basis. This will help reduce the costs associated with reviewing and producing stored e-mail as part of discovery in litigation.
Security Issues - viruses, confidential information, access and passwords
Copyright and trademark concerns
Ettiquette
Keep the monitoring to legitimate business purposes
Be reasonable

VI. Conclusion

The English philosopher Jeremy Bentham is credited for the idea of a Panopticon, which was a kind of prison constructed in such a way so that all the prisoners felt that they were being monitored at all times when in fact they were not. The idea was that "total" surveillance would eventually eliminate undesired behavior. While Bentham's idea was literal, it has since become a metaphor for any type of system in which surveillance can or is total.

E-mail monitoring can result in a workplace Panopticon. For a variety of reasons, this is probably undesirable for both employer and employee. Given proper circumstances, some monitoring is appropriate and necessary. Knowing the boundaries and consulting with legal counsel is beneficial.

¹ Mr. Trobaugh is a Shareholder with the Minneapolis law firm of Mansfield, Tanick & Cohen, P.A. Mr. Trobaugh has taught Privacy Law as an adjunct professor at the University of Minnesota School of Law (2003), and Hamline University School of Law (2000). His practice includes business litigation, employment law, and education law. He is licensed before the U.S. Supreme Court, the 8th Circuit Court of Appeals, the District and State of Minnesota.

² The right to privacy was first articulated with intellectual heft in a law review article famous in legal academic circles, in the late 19th Century. S. Warren & L. Brandeis, The Right of Privacy, 4 Harv. L. Rev. 193 (1890). In the ensuing century since, various states around the country began to accept the right to privacy as a distinct legal right. Minnesota was one of the last states to so recognize this right. Aside from this, only a handful of narrowly-tailored statutes specifically afforded privacy protection to individuals, many not appearing until the last 25-30 years. Privacy law, then, is a rather new jurisprudential concept, and continues to evolve.

³ A fourth element was not validated by the Court in Lake, the "false light" tort. False light is the publication of facts which places one in an unfavorable or awkward position. Because of its similarity to defamation, this tort is not recognized under Minnesota law.

⁴ Employers may not monitor purely personal telephone calls. However, in order to determine that a call is personal employers usually have to listen to portions of the conversation.