Previous Article WWWiz Home Next Article



More Than Just Email: Comprehensive Information Policies for the Digital Age

by Jeffrey S. Bosley and John C. Corcoran


Copyright © 1999 Thelen Reid & Priest LLP. This material may not be reproduced in any form without the authors' express written permission.


Because the information superhighway has knocked down the physical walls that once reliably protected confidential, proprietary and trade secret information, employers doing business today need much more than a policy prohibiting scandalous email—they need a comprehensive "information policy." Such policies are also required because there are major differences between the way persons use email as opposed to the "old" ways of letters and memoranda. Email authors are often less formal—and less sensitive to others—in email communications than in traditional paper or face-to-face communications. Data transmitted in informal emails have already been critical evidence in major litigation, including in the ongoing Microsoft antitrust litigation.

In an effort to avoid potential liability from unrestricted email and Internet use in the workplace, many employers have adopted policies that purportedly restrict employee use to solely business purposes. Such a restrictive policy theoretically prevents use of email to create a hostile work environment or organize a union. But how many employers who adopt this policy actually enforce it? Inconsistent enforcement of a "business-use only" policy begs litigation alleging disparate treatment. [See, e.g., Miller v. U.S.F. & G., 65 F.E.P. Cas. (BNA) 593 (D. Md. 1994).]

Numerous other legal issues must also be considered in designing both software systems and electronic information policies besides simply whether email and Internet use is permitted for non-business purposes. This is particularly true as employers allow employees to use home machines for purposes of telecommuting. The following is just a brief list of some of the challenging issues facing employers who are striving to develop workable information policies.

1. Record-Keeping and Retention

This could be the most critical issue facing employers who are integrating email and Internet usage into their day-to-day business operations. Email and intranet postings are now frequently used by employers to distribute notices required by law, such as policies against unlawful harassment and benefits plan documents. However, the same laws that require distribution of these notices also require that employers prove the receipt of these documents by employees, typically not a difficult task given that most popular office communication suites utilize email programs that utilize some sort of "return receipt" utility. The posting of such notices on an intranet presents more of a problem in this regard, one that must be considered and addressed by an employer prior to using Web postings for these purposes. Employers must devise workable methods to save records of both receipt of the policy and the policy itself for all periods required by law. For example, when a policy posted on an intranet is replaced by a new version, a hard copy of the former policy should be retained.

Another common use for email or an intranet is to communicate requests for vacation, family leave, training, disability accommodations, promotion or transfer, adjustments in compensation, and to communicate management approval or denial of such requests. These items are typically considered personnel records and need to be retained under federal law, as well as under the laws of many states, including California.

For example, EEOC regulations interpreting Title VII the Civil Rights Act of 1964 require that:

any personnel record made or kept by an employer (including, but not limited to requests for reasonable accommodation, application forms submitted by applicants and other records having to do with hiring, promotion, demotion, transfer lay-off or termination, rates of pay or other terms of compensation or selection for training or apprenticeship) shall be preserved by the employer for a period of one year from the date of the making of the record or the personnel action involved, whichever occurs later.

29 C.F.R. § 1602.14.

Employers instituting "scrubbing" or deletion procedures to preserve room on servers or on individual hard drives must be cautious to ensure that records of distribution and receipt of certain documents are maintained as required by law, as well as a copy of such documents. While printing out such documents is the most obvious method of doing this, most employers justifiably chafe at this—after all, minimization of such "paperwork" is the justification for the use of such network systems. With the assistance of system designers and competent counsel, employers can devise an easily accessible and searchable media to ensure compliance with statutes regarding record retention.

Another evolving use for email is tracking work hours. Some employers have found that where employees use email to clock in and out, there is potential for fraudulent time entries. [Wallace v. Brown, Equal Employment Opportunity Comm'n Appeal 01940721, Agency Number 92-1819, 1994 EEOPub Lexis 1751 (1994) (employee allegedly gave password to friend to enable friend to log out for her).] To ensure accurate computer-generated records, an employer should also strictly enforce a policy prohibiting employees from sharing passwords. If email is used for time-keeping purposes, employers must also maintain electronic records for all applicable periods required by law as described above.

2. The Evolving Use of Electronic Evidence

Employers should also draft email retention policies with an awareness of how email may be used in litigation. Electronic mail has proven to be valuable (or devastating) evidence in discrimination cases, as well as cases alleging the existence of employment contracts.

It is becoming abundantly clear that employees tend to use electronic mail far differently than they would utilize paper communications such as letters or a memorandum in the work place. The popularity of electronic mail largely results from its dual nature of being efficient and informal as a spoken conversation with the permanence of a written letter or memorandum. Unfortunately, this informality often is accompanied by inappropriateness. Employers should warn supervisors and employees to use the same care in drafting email messages that they would in drafting a letter or memorandum. Furthermore, they should be adamant that their electronic mail may be monitored by supervisory personnel. Employees must understand that email frequently lasts longer than messages that are sent to individuals on paper, and is far more easily forwarded to other (unintended) users both within the company and outside the company.

Informal communications between supervisors and employees have allowed courts to conclude that an employer made an offer of an employment contract where none was made, or worse, that an employer's reasons for an adverse employment decision were a pretext for discrimination. [See, e.g., Wilson-Simmons v. Lake County Sheriff's Dept., 982 F. Supp. 496 (N.D. Ohio 1997) (racist email used to illustrate pretext); Harley v. McCoach, 928 F. Supp. 533 (E.D. Pa. 1996) (racist email used to supply evidence of hostile work environment).]

Similarly, well-crafted emails have been used to buttress claims that an employment decision was based on legitimate, nondiscriminatory concerns. [Greenslade v. Chicago Sun-Times, 112F.3d 853 (7th Cir. 1997) (email messages confirmed plaintiff engaged in behavior warranting transfer).]

Evidentiary use of emails will undeniably increase. Employers should therefore consider a uniform scrubbing policy that applies to all emails not required to be maintained by law. In initiating any such scrubbing policy, employers should be cautious not to engage in any conduct that may constitute spoliation of evidence in active litigation.

3. Prohibiting Harassment, Threats or Intimidation

Many employers already have policies prohibiting messages that may constitute unlawful harassment. However, the dangers of such email can never be underestimated. In a recently settled case, Owens v. Morgan Stanley & Co. Inc., 96-9747 (S.D.N.Y. Dec. 30, 1996), several employees alleged that wide distribution of a racist email message, and the company's failure to discipline employees involved in disseminating the message, evidenced a hostile work environment.

Employers should also be aware that the provision of Web browsers on employee computers could also create liability for hostile or work environment actions under state and federal discrimination laws. Although this issue has not been litigated in reported decisions to date, it is certainly plausible that an employee could allege that the apparent viewing of sexually explicit Web sites by other employees could constitute a hostile work environment.

One unscientific poll of 9,000 Internet users by MSNBC revealed that:

  • almost one in five persons visited cybersex sites while at work;
  • roughly 8% spent 11+ hours a week in cybersex activities;
  • almost three of four respondents indicated keeping secret from others how much time they spend online for sexual pursuits.


[ZDNET Anchor Desk, Annette Hamilton (06/10/98),\anchordesk.]

Therefore, employers may wish to consider the use of widely available utilities, which can prevent employees from viewing scandalous Web pages on the employer's computers.

4. Electronic Complaints Procedures

Employees who wish to complain about the company's practices or raise safety concerns can easily do so by email. Employers must cautiously consider how, and what types of, complaints should be raised by email. For example, an employer may state as part of its information policy that employees cannot make anonymous complaints using corporate email.

An employer also may wish to encourage complaints of a highly personal or confidential nature, such as complaints of harassment, be made in person to a member of management, as such complaints require immediate attention and extreme confidentiality. However, use of online complaint procedures that provide adequate protection for privacy can assist an employer with its burden of responding immediately and appropriately to complaints of sexual harassment.

5. The Electronic Union

At least one employer has been found by the National Labor Relations Board (NLRB) to have violated the National Labor Relations Act by promulgating a policy that prohibited organizing activity on its email system. In E. I. du Pont de Nemours & Co., 311 N.L.R.B. 893 (1993), the Board held that an employer violated the act by barring employees from using email to distribute union literature and notices, while allowing employees to frequently use email to send messages to each other on other non-work-related topics.

The NLRB has not taken a clear position on exactly how email use may be restricted to prevent organizing activity without running afoul of the National Labor Relations Act. Existing law was developed in the late 1940s, when solicitation was done by interpersonal communication and leaflets. This precedent allows employers to restrict union organizing solicitation done on "working time" in "working areas."

The unsettled state of this precedent is a clear example of how changes in information technology will challenge lawmakers in the future. The law allowing employers to prohibit such solicitation in working areas has its basis in the concept that such solicitations create litter around the workplace. Obviously, email messages do not present the same problem. Therefore, a literal interpretation of this precedent might indicate that email would be exempt from the organizing restrictions that exist with respect to paper solicitations. On the other hand, this precedent applies equally to oral solicitations, and oral solicitations have always been subject to restriction during working time and in working areas as well. Some scholars have argued that the use of email is different, and arguably a greater intrusion than oral or written solicitations because the processing of email results in expense to the employer in the form of the purchase of hardware and software, and the use of employee time.

Employers should also be aware that unions are typically now utilizing email and the Internet (Web) as methods to post information about new organizing campaigns and even strikes. During the most recent Northwest Airlines strike, the union created its own Web site to update employees nationwide on the state of negotiations between the union and the airline. In Washington, a large cadre of high-tech temporary employees has formed an "electronic union"—WashTech. The Web also critically assisted one union success in organizing several Borders bookstores.

6. Shared Systems Without Sharing Liability

Employers in today's workplace are also faced with use of company email systems by contractors and temporary employees. Employers operating shared systems should review their policies to avoid claims under the Electronic Communications Privacy Act, 18 U.S.C. Section 2701, et seq.

In Andersen Consulting LLP v. UOP, 1998 U.S. Dist. Lexis 1016 (N.D. Ill. 1998), Andersen attempted to sue a former client, UOP, regarding distribution of the content of Andersen's emails to the media after their relationship had gone sour. The court rejected Andersen's ECPA claims, stating only distribution or knowing divulgence of the contents of electronic communications by a service that provides electronic communications services to the public would violate the ECPA.

However, as there is little case law interpreting the work "public" as used in the ECPA, employers should make clear statements to contractors and temporary employees that they have no expectation of privacy or any property interest in their email messages on the shared system.

7. Protecting Copyrights and Trademarks

Existing copyright laws apply to materials obtained from the Internet and through email. [See, e.g., Religious Technology Center v. Lerma, 1996 U.S. Dist. Lexis 15454 (E.D. Va. 1996).] It is foreseeable that employees will republish copyrighted material obtained either through corporate subscriptions to online publications, or through personal subscriptions to online publications.

Under both traditional agency principles and as a "publisher" (the owner of the email system), it is possible that such republication may lead to liability under federal copyright law. Employers should accordingly consider prohibiting employees from subscribing to any copyrighted material for nonbusiness purposes, and warn employees of the potential damages arising from violations of copyright law.

Employers also should be cautious to warn employees not to use the trademarks of the employer or other employers without authorization. Unauthorized use of a trademark could result in claims for disparagement of the mark, as well as claims for unauthorized use. [SeePatmont Motor Werks v. Gateway Marine, 1997 U.S. Dist. Lexis 20877 (N.D. Cal. 1997).]

8. Balancing Employee Privacy Against Avoiding Liability

Given the unknown scope of potential employer liability for trademark and copyright violations, as well as for harassment and discrimination, employers should consider the implementation of monitoring policies. Such policies, however, illustrate the conflicting legal obligations imposed on employers.

Consistent employer monitoring of email risks either a jury finding that the employer exercises sufficient control over an email misuse, or an invasion of privacy claim by employees. On the other hand, failure to monitor email systems raises an equally unattractive risk of third-party suits for negligent supervision.

To avoid claims of invasion of privacy arising from monitoring, employers must make clear that the email system or Internet gateway is company property, that monitoring will occur and that employees should not have any expectation of privacy in email messages or Internet use on company systems.

Employers should also be aware that simple and inexpensive encryption software is widely available. Software such as Pretty Good Privacy (PGP) allows individual users to encode email messages to other external or internal users in such a way as to render them virtually indecipherable to anyone except the intended recipient of the message. Even if the employer had its own copy of the software being used, without the encryption key used by the sender, the message would still be indecipherable! Under no circumstances should an employer allow employees to utilize programs such as PGP without its consent, for the obvious reason that it will not be allowed to monitor the correspondence that is being created by, and distributed through, its network.

With the proper policies and disclaimers, employers can clearly deny employees a reasonable expectation of privacy on company systems. However, what about disparaging postings on Internet billboards from personal or home systems? In these situations, absent disclosure of confidential information or a breach of a fiduciary duty, employers act against an employee at their peril. Further, attempts to track down the identity of such individuals may likely be unlawful.

9. The Perils of Telecommuting

Advances in modem technologies, in addition to the decrease in prices of personal computers, have allowed many employees to construct home offices relatively inexpensively. These technologies, combined with cellular phones and facsimile machines, often allow individuals in many fields to do their work from home as capably in many respects as they could in the office. Many employers find that telecommuting can also have its advantages in terms of the reduced overhead costs generally associated with maintaining office space for employees. Telecommuting, however, creates several concerns in the employment context.

First, an employer must consider how it determines and records the hours of work for telecommuting employees who are not exempt from overtime. Employers usually must record these employees' hours of work, ensure that breaks are taken, and monitor whether overtime liability is incurred. Clearly an employer would have a difficult time performing these tasks with respect to employees who are not being constantly supervised. Therefore, employers must devise a consistent scheme for dealing with all of these issues, ensure that employees are informed of the scheme, and ensure that such a plan will have the approval of state or federal wage and hour agencies.

It is also foreseeable that the use of telecommuting employees could create some problems in resolving the issue of whether particular individuals are an independent contractor or an employee for tax and other purposes. Typically, courts rely on a multivariate analysis in determining whether an employer has the right to control the method and manner used to achieve certain results by an individual. If the employer has the right to control the work, the individual is usually determined to be an employee of the employer; if not, the employee is typically an independent contractor. Clearly, telecommuting can change the control an employer has over an employee, and therefore alter the employee/independent contractor analysis in unanticipated ways.

Finally, several cases arising under the American With Disabilities Act (ADA) have also raised the issue of whether an employer must allow an employee to telecommute as a reasonable accommodation for a disability. Most of these cases focus on the issue of whether presence at the workplace is an essential function of a particular job. Several United States Courts of Appeal dealing with the issue have ruled that presence in the job is an essential function of the employment under the facts presented to it, and therefore telecommuting was not a reasonable accommodation. In Vande Zande v. Wisconsin, 44 F.3d 538 (7th Cir. 1995) the United States Court of Appeals for the Seventh Circuit accepted the employer's argument that the positions sought to be converted to telecommuting ones required teamwork and, as such, required the presence of an employee at the job site in order to be performed without a decrease in productivity. However, other courts have examined this issue and have refused to adopt a presumption that telecommuters are not as productive as their in-office counterparts because of a lack of teamwork. In general, it is difficult to conceive of any court setting forth a conclusive analysis that would deal with any such request regardless of its facts. In fact, under the ADA, employees may now claim they are entitled to ergonomic equipment at their home office at the employer's expense! Unfortunately, absent legislative guidance, employers facing ADA issues regarding telecommuting will likely be forced to address requests on a case-by-case basis.


Jeffrey S. Bosley and John C. Corcoran are attorneys in Thelen Reid & Priest LLP's Labor & Employment Relations Practice Group. Thelen Reid's Labor and Employment Practice is one of the largest providers of Labor & Employment legal services among full-service law firms in the nation and is on the cutting edge of workplace technology and intellectual property issues. The Labor & Employment Group offers cost-effective approaches to solving problems by providing sound advice before disputes arise and by vigorously defending clients when necessary.

Mr. Bosley graduated from Villanova University School of Law in 1993. He has experience in representing management in state and federal litigation of employment disputes, as well as counseling management on wage and hour matters and collective bargaining. Mr. Corcoran, a 1995 graduate of Cornell Law School, represents management in state and federal litigation of employment disputes relating to wrongful termination, wage and hour violations, unlawful harassment and unlawful discrimination. Both attorneys represent clients before the National Labor Relations Board.


Copyright (C) 1998 WWWiz Corporation - All Rights Reserved
Phone: 714.848.9600 FAX: 714.375.2493
WWWiz Web site developed and maintained by
GRAFX Digital Studio

Previous Article Next Article
WWWiz Home