A Bloomberg article
revealed that one year ago “the administration at Harvard University secretly
searched campus e-mail files of 16 resident deans, who sit on the
administrative board that probes student infractions, to see who had forwarded
an e-mail regarding cheating to the student newspaper, the Boston Globe and the New
York Times.” The exam was a government course “Introduction to Congress.”
While surreptitious intrusion into an employee’s privacy raises grave concern,
the irony of the “right to be left alone” is not lost.
However, “any company []
that provides others with the means to communicate electronically can be a[n]
[electronic service] provider,” regardless of the entity’s primary business or
function.” Fraser. In other words federal law permits employers to
monitor employees’ e-mail as long as the information is stored on
employer-provided wire or electronic communications services and the review is
authorized by the employer’s own policies. The relevant question then is
whether the university gave adequate notice of its policy or practice of
monitoring its electronic and computer systems to the deans.
The article note “Harvard’s employee manual, state that
employees have ‘no expectation of privacy’ for anything they write or store on
the university’s network.” But maintaining and disseminating a written notice
of its electronic monitoring policy does not insulate Harvard from legal risk.
The monitoring policy must be comprehensive and must make it clear to the
employee that personal web-based e-mail accounts may also be viewed by the
employer if accessed from company property this would arguably be sufficient to
notify the employee that there should be no expectation of privacy. The administration
should not use Orwellian double speak to impose ambiguous monitoring policy on
its employees. FTC “best business practice.”
The academic nature of the
workplace suggests that the monitoring policy was intended to cover scholarly
articles not personal emails. The article note that the arts and science
faculty “has a subjective expectation, that ‘faculty e-mail messages stored on
Harvard-owned computers to be confidential,’ with some exceptions, according to
the policy, which may include legal proceedings and internal investigations.”
It’s unlikely that surreptitious access to employee’s email constitutes
investigation but even if it does, state and federal wiretap laws may require
the university to notify employee within a reasonable time. The Stored
Communications Act (SCA) covers employee e-mails stored on a server from unauthorized
access or exceeding authorized access. The University’s access arguably did not
occur within the course of business. The deans can establish tort claims under
state and federal wiretap statutes and deceptive business practice.
But challenges to this
type of monitoring are often based on common law invasion of privacy, the
outcomes of which are often highly fact and jurisdiction specific. Courts
examining the issue have reached differing results under similar circumstances.
Courts typically analyze whether the employee had a reasonable expectation of
privacy and whether the employer had a legitimate business interest that
outweighed the employee’s expectation of privacy. The university secret search
was not limited to circumstances where employee misconduct is suspected the
university was trying to find out the identity of the whistle blower. Further,
the article note faculty considered the “‘privacy of resident deans’ e-mail []
particularly important because of their role in house and student affairs.”
Intentionally accessing an
employee’s email is typically found to be an intrusion, so the success of a
claim hinges on whether the university’s action would be highly offensive to a
reasonable person. The article note students and families tailor their
communications on the understandings of confidentiality” and laws have been
enacted laws to protect student privacy. It is safe to say yes.
No comments:
Post a Comment