Employees don't just use the Internet to get sports scores and play games anymore. Their medical records and financial information are readily available online, and while employees may use the Internet at work to confirm their cholesterol test results or verify that their direct deposits went through, others might use it for more nefarious purposes.
But even if workers' online use is completely innocent, employers need to guard themselves against claims of invasion of privacy and discrimination, according to experts.
Every company needs an acceptable use policy that clearly alerts employees that their electronic communications and activity are not private, legal experts agree. As Phillip Matlin, a partner at Los Angeles-based law firm Gordon & Rees, emailed me: "The business may monitor everything the worker does on the business's computer as long as the employer publishes and circulates a clear policy alerting employees that computer and Internet use are not private."
This policy protects the employer if an employee's Internet use is not so innocent, such as if an employee is accessing someone else's personal financial information, he added. In fact, employees should consider everything owned by corporate, says Elliot Lasson, adjunct professor of Employment Law at the University of Baltimore. "Generally speaking, anything that an employee does while on-the-clock on a company work station is property of the company."
However, not all employees know this or expect it, which is why companies must have an acceptable use policy and get employees to sign it.
Employers need to be as explicit as possible regarding the use of company equipment, Charles Krugel, a management-side labor and employment attorney based in Chicago, told me. They also need to specify that if employees still use the company's resources for personal use, there is no guarantee of privacy, and they do so at their own risk, he notes.
Resources also include company-owned WiFi networks, which Krugel says create their own issues when employees connect their personal devices: "You end up with the issue of whether or not it's a secured network." Within their policies, employers need to state that the network may not be secure for personal purposes.
Then employers need to enforce these policies consistently to avoid problems, says Krugel. "If you're an employer who is worried about protecting yourself from legal liability or exposure, consistency will be key, especially when it comes to electronic communication."
That consistency will help companies in the courtroom if an employee ever brings a privacy invasion or discrimination lawsuit.
Still, even if companies have ironclad policies in place, there are always employees who will disregard them. In addition to disciplining employees, Alix Rubin, an employment lawyer based in West Caldwell, N.J., advises companies to stop tracking data immediately once they notice an employee is accessing sensitive personal or financial information from a company-owned computer.
“In addition, the person conducting the monitoring should not be the employee's supervisor or anyone in the employee's chain of command who has the authority to alter the employee's terms and conditions of employment,” Rubin cautions. This helps companies avoid discrimination lawsuits.
In the end, a comprehensive written policy will help protect companies -- but make sure your attorneys have vetted the document before you turn it over to employees.
How comprehensive is your Internet use policy? Have you had problems with employees accessing sensitive data on company time?
— Christine Parizo is a freelance writer specializing in business and technology.