Features - Internet Usage Policies in the Workplace

Todd Wulffson has practiced labor and employment law exclusively since 1990. He is a member of the law firm of Scott, Reilly & Whitehead, which represents employers in all manner of labor and employment law. The firm is located near the John Wayne Airport in Newport Beach. Prior to joining Scott, Reilly & Whitehead, Mr. Wulffson practiced in the Labor and Employment Law Department at O'Melveny & Myers' Newport Beach office. Mr. Wulffson attended UCLA for his undergraduate studies, and then Loyola Law School where he was an editor on the law review.

Mr. Wulffson represents a number of technology-based companies in Orange, San Diego and Riverside counties. Mr. Wulffson has published a number of articles and lectured throughout California on some of the unique personnel issues involved with the emergence and use of computers and the internet in the workplace.

Jump to Part II:  Internet Acceptable Use Policy Memo
Jump to Part III:  Sample Use of Electronic Mail Policy

The last two decades have seen the rise of amazing technological achievements in the area of computing, and have forever changed the way the business is conducted. Voicemails have replaced message slips; electronic mail (e-mail) has replaced memos and other correspondence; computers have replaced filing cabinets; and the internet has allowed people access to virtually unlimited information without ever leaving their desk. These new technologies, however, bring with them new liabilities and other concerns for employers. This article is devoted to providing a brief overview of the issues concerning the use of computers, e-mail and the internet in the workplace, and the steps employers should take to maximize the benefits from these technologies, while minimizing liability.

A recent survey of Fortune 500 companies revealed that the number one problem with computers in the workplace is lost time. According to the survey, employees are spending an inordinate amount of time playing games, conversing with friends through e-mail and "surfing" the web. The HR professionals surveyed stated that monitoring employees to make sure they are not wasting time has become an increasingly difficult problem.

In addition to the lost time, the employees’ specific activities can engender liability for employers. E-mails are now at the center of many sexual harassment and discrimination claims. E-mails "seem" informal, and people type messages that they would never think of uttering in the lunch room. The result is that e-mails are often the most devastating documentary evidence in harassment and discrimination claims. Moreover, because the messages are sent via computer, and are often backed up with other company computer files, e-mails may be retained indefinitely. Computer files are not truly deleted unless the data is overwritten or "wiped" magnetically. Many punitive damage claims against companies have been based on the fact that the jury learned that offensive messages or programs not only existed, but that someone had attempted to delete them and then lied about their existence. In a lawsuit against the company for harassment or discrimination, one should expect a request from the plaintiff’s lawyer for all e-mails written by the alleged harasser, or all e-mails that concern the plaintiff. If the company’s records are routinely backed up, such a request can easily involve years worth of e-mails, which can add thousands of dollars and dozens of hours onto the costs of litigation.

Material downloaded from, or viewed on, the internet, raises several areas of concern. Contact with an insecure web site may result in destructive viruses being downloaded onto the company’s computers or network, or can allow a webmaster (the person controlling the computer contacted via the internet) access to the company’s computers. This can allow outsiders to obtain sensitive company information and may lead to liability if the company is blamed for allowing the confidential information to be released. Information downloaded and then disseminated through the company’s computers may also lead to claims of trademark or copyright infringement.

If employees are exposed to sexually explicit or otherwise offensive material on a computer screen, it can create a hostile working environment. Again, the computer may provide the best evidence in this type of case. When one accesses an internet site, a file, called a "cookie," is deposited on the user’s computer so the user can be readily identified the next time he or she accesses that same site. This "cookie" file, however, leaves an electronic "trail" on the user’s computer of the sites he or she has visited, and, like e-mails, "cookies" are not truly deleted until overwritten. "Cookies" can therefore provide damaging evidence in a harassment or discrimination suit. For example, if an employee claims that she was sexually harassed by her manager, it would be very damaging if the manager’s computer shows that he routinely visits adult web sites. It also is very difficult to argue that the employee did not see offensive material on the computer screen if the computer verifies the material was in fact there. Such a record on the computer may also be the basis for a claim that the company as a whole tolerates a culture that demeans women. Finally, the very existence of some material, e.g. downloaded child pornography, may lead to criminal liability for the user and the company because both are "in possession" of illegal material.

Another general area of liability concerns use of the internet which identifies the company. For example, many computer systems identify the user’s name and affiliation when the user communicates via the internet, e.g. JohnSmith@XYZCo. If employees log on to internet chat rooms, or leave e-mail messages with their company ID, statements made by the employee may be attributed to the company. This could lead to claims of defamation, discrimination and unfair competition simply because someone happens to see (and usually prints out a hard copy of) the improper statements. Similarly, employees who shop via the internet or subscribe to services on-line, may create liability for the employer when they do not pay their bills.

Given the broad range of liability issues involved in computers, e-mails and internet use, every employer which makes use of these technologies must take steps to ensure that they are not being abused, and that employees’ time is properly being spent on the pursuits for which they are paid. Moreover, because of the concealed nature of many of these activities, employers must be extra vigilant in making sure problems are avoided. Any type of employee monitoring, however, runs into the area of privacy concerns. If employees have a reasonable expectation of privacy, then the employer may not invade that privacy without incurring possible liability. The key here, however, just like in the areas of post-offer, pre-employment physicals, drug testing and searches of employee lockers, is to control what the employees’ "reasonable expectation" of privacy is. A specific, consistently-applied policy (or policies) regarding e-mails, computers and use of the internet can go a long way toward reducing the reasonable expectation employees have in using these technologies for personal use. Policies should, at a minimum, advise employees that:

  1. the e-mail and computer system is owned by the company, provided for business purposes only, and may be monitored when the employer deems it necessary;
  2. employees should not expect that any messages they exchange via company computers, documents they maintain thereon or usage of the internet, is in any way private or confidential;
  3. the computers may not be used for any illegal or improper purpose; and
  4. failure to follow the policy will result in discipline, and possibly, discharge.

It is important that the company’s policy or policies be grounded in a legitimate business purpose, and that enforcement of the policy is consistent and based on that business purpose (e.g. employee is on leave, a complaint has been made regarding offensive e-mails, etc.). For example, an employer may be justified in (pursuant to an existing policy), reading the e-mail messages of a salesperson on leave. However, that justification will likely not allow the employer to read messages exchanged between the employee and his or her spouse. Having an underlying business purpose for the policy is especially important if employees have been working for years without such a policy in place. It is very important that supervisors and managers be trained in the proper use of the company’s policy. If personal information is inadvertently discovered, the employer should not act on it (unless it is harmful) and should preserve the employee’s privacy as much as possible. A policy may protect the company from an invasion of privacy claim when the company legitimately reads an employee’s e-mail. However, no policy will protect the company from a defamation claim that is brought because a supervisor shared with other employees personal information found when another employee’s e-mail was read.

It is advisable to have routine audits of employees’ computers, to search for, among other things, adult web sites visited by users. This is good way to avoid problems in the future, and further reduces the employees’ expectation of privacy. There are also programs available to monitor internet use directly and block access to certain types of sites. It is also a good idea to have a policy regarding routine deletion of materials. If back-up tapes are overwritten every 24 months, for example, it will avoid a possible destruction of evidence claim brought by a plaintiff’s attorney when he or she asks for the last ten years’ worth of e-mails. Finally, it is advisable to mention in the company’s sexual harassment, discrimination and internal grievance policies that offensive e-mails or offensive use of the computers are not tolerated, and should be brought to the attention of Human Resources. As with all personnel issues, the company will be much better off if it is aware of a potential problem and can take corrective action before the problem escalates.

Computers have dramatically increased the efficiency with which goods and services are provided. Computers and computing technology in the workplace is pervasive and definitely here to stay. Although there are some definite pitfalls, if employers are mindful of them and take appropriate proactive steps to avoid problems, computers can significantly increase the company’s bottom line without ever increasing the company’s liability. If you have any questions regarding developing or implementing any of the policies referred to herein, you should contact competent counsel.