Privacy of communications - a common myth

Wes Bucey

Prophet of Profit
Over the last six or seven years, a common myth about expectations of privacy in an employee's electronic communications has put a lot of folks out of a happy mood [and often out of employment.]

The fact of the matter is that if you use an employer's device or facilities to make or receive an electronic communication, odds are it can be read or heard and recorded by any number of people ranging from bosses to IT people to casual coworkers. The employer (in the USA) is not legally required to give employees notice of this possibility (in some companies, it is an absolute certainty that communications are monitored.)

Here is a sample of what some enlightened, reasonable organizations are including in employee handbooks as a heads up alert
  • Privacy. The director of information services can override any individual password and thus has access to all electronic mail messages in order to ensure compliance with company policy. This means that employees do not have an expectation of privacy in their company e-mail or any other information stored or accessed on company computers.
  • E-Mail review. All e-mail is subject to review by management. Your use of the e-mail system grants consent to the review of any of the messages to or from you in the system, in printed form or in any other medium.
  • Solicitation. In line with our general nonsolicitation policy, e-mail must not be used to solicit for outside business ventures, personal parties, social meetings, charities, membership in any organization, political causes, religious causes, or other matters not connected to the company’s business.
I want to stress, though, that it is not legally necessary for an organization to provide such notice, only a "courtesy." I won't go through the legal arguments and decisions which have confirmed this power for organizations, but suffice to say "few employees have ever won an invasion of privacy case involving a company-owned or provided electronic device and those have included very extraordinary circumstances involving the company's action upon reading the communication, not about the snooping itself."

So what!?
About now, many of you are saying, "So what!?"

Here's the deal: Based on the time stamps of most posts here in the Cove, it's a good bet most of them are made while the poster is on the job in his/her time zone, especially when we observe the huge drop-off in participation on weekends.

If your posts are job or professionally related, there will rarely be any repercussions for taking time away from the job and, for the most part, (based on the thousands of posts I've read in the past six or seven years) no reprisals for giving away company information, which may or may not include trade secrets.

In a small number of cases, though, posters have put up comments thinking they were protected from reprisal because they use an anonymous screen name. Even if they make those comments while using a home computer or public access at a cyber cafe or library, they are subject to discovery (and subsequent reprisal) if they have also used the same anonymous screen name to access the Cove from a company device.

What kind of comments?
Amazingly, many otherwise innocuous comments can be taken out of context and used as a weapon against an employee when the company is gathering ammunition against that employee. Lawyers for employees suing a company for some sort of harassment or job discrimination may come across a company treasure trove of communications by Cove members who are supervisors of that employee, including some ill-chosen comments about employees abusing family leave or disabled worker policies.

I recall a thread in the last year where a self-described "manager" went on a rant about an employee who was taking sick leave for depression. If that employee were in the USA and had an attorney, that attorney would consider a copy of that thread with the comments by the easily identified poster as a license to print money in a lawsuit.

Similarly, comments in our "controversial" forum may also attract sharks. Folks posting in the controversial forums may consider their posts "free speech," but that only applies as far as the USA government is concerned. Google is currently listing over 20 countries that engage in active censorship of communications via the web which may affect posters who either reside there or whose companies do business there. Nothing in "freedom of speech" protects a person in most countries from libel laws and subsequent lawsuits for damages. If the offending individual does not have resources, attorneys reason, the corporations which employ them and allow them to use company devices to make libelous comments DO have money and make a juicy target for attorneys. (What do you suppose happens to the employee whose communication fomented a lawsuit?)

Bottom line:
Put brain in gear before posting a comment which might reflect badly on yourself, your company, or injure or harm an individual, organization, or government. There is no privacy on the internet!

Wes Bucey

Prophet of Profit
Lest you think snooping into communications and subsequent reprisal is something new, I'd like to acquaint you with a quote from Cardinal Richelieu (The French Cardinal who was the villain in all the Three Musketeers stories):
“If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him”

Privacy of communications - a common myth
Cardinal Richelieu quotes (French Minister and Cardinal. 1585-1642)
In my 40+ year career, I've run into a number of venal and despicable bosses, henchmen, and their attorneys who eagerly adopted the Cardinal's attitude as their standard operating procedure.

Wes Bucey

Prophet of Profit
Just a few more things to consider when filling out Facebook or other social media Profiles. This information was part of an address by an attorney looking to cover the rear ends of employers, instructing HR departments what they can and can't do, but it contains clear warnings of the reasons organization bosses may land hard on employees whose internet activities can bring unwanted heat on the organization and, hence, why the employee should be very careful to :ca:
Social Media—You Can't Unring the Bell

"Social media networks and blogs are now the fourth most popular online activity, ahead of personal e-mail," says Attorney Cynthia L. Gibson. And they are getting more popular with HR for background checks. Unfortunately, she says, once you turn up information you don't want, "you can't unring the bell."

Gibson is senior vice president, Legal, for Scripps Networks Interactive, Inc. She offered her suggestions at the recent Society for Human Resource Management Legal and Legislative Conference in Washington, DC.

Social Media Challenges
Gibson suggests that HR managers consider the following issues that typically come along with social media.

Background Checks
According to surveys, 44 percent of employers use social networking sites to examine the profiles of job candidates, and 39 percent have looked up the profile of a current employee, Gibson notes. Some say they find negative information such as provocative or revealing photos or information, while others find good information regarding a candidate"s personality and fit.

"Some experts say, 'Don't do these checks,' but in the real world you have to do the best background checks you can," says Gibson.

She cites one case where, ironically, a company was looking for a new "Head of Ethics." A full background check revealed nothing untoward. However, the company's own Google search revealed a job that the candidate hadn't mentioned on his résumé, a job which he had left under questionable circumstances.

You Can't Unring the Bell
During a social media search, you may discover information that could lead to a claim of discrimination, Gibson says. For example, you might find out about protected class status, race, age, national origin, veteran status, gender, REDACTED orientation, legal off-duty activity, political affiliation, or disability, or you might see that the person is a member of the Cancer Survivors Club.

Unfortunately, says Gibson, once you find out the information, you can't unring the bell and pretend that you never saw it.

Be Aware of "Use Policies"
If you ignore websites' “use policies,” you may further a claim, Gibson says. For example, the Facebook use policy says “If you collect information from users, you will: obtain their consent, make it clear you (and not Facebook) are the one collecting their information, and post a privacy policy explaining what information you collect and how you will use it.”

Reliability of Information
There are always issues of reliability with Web searches, says Gibson. For example:

Identity confusion. Is the person you found the same person you are looking for?

Posting confusion. Who posted the information? Was it the person you are looking for or someone else with, perhaps, malicious intent?

Online cleanup. Numerous third-party vendors are available to monitor and “clean up” individuals" online reputations. They can flood the Internet with positive information that pushes the negative information down to the 20th page of Google results. Examples are:

Managers, friends, and connections. Are managers "friending" some employees and not others? Is pressure applied to "join my group" (Christians, women, etc.)? This could be potential trouble, Gibson says.

Evidence in litigation. "Social media provide a potential 'treasure trove' of information—for you, your employees, and your competitors," says Gibson, which can show up in court when you least want to see it.

Disclosure of confidential information and trade secrets. Employees need to be carefully instructed concerning proprietary information, Gibson says. In DVD Copy Control Assoc. v. Bunner, the Supreme Court of California held that widespread dissemination of a trade secret—even if through an inadvertent or illegal leak—could lead to the loss of trade secret protected status.

Copyright violations. An employee who publishes a misappropriated third-party trade secret or copyrighted material on the Internet may be liable. If the employer's computer system was used, a potential claim could be made against the employer.

Negligent hiring and retention. Claims may be made against employers that ignore expressions or a record of violence.

"The overriding point is that you want your people educated that accessing social media for business purposes is not risk-free," Gibson says.
Although I am quoting Gibson here, the comments she made are very similar to those my colleagues in business, law, and academia and I have been making in our public presentations for several years now. At one of my own presentations at Kent College of Law, I spoke on the twin topics of copyright and trade secrets, especially relating to how corporate and government spies use social engineering to flatter and cajole employees into disclosing much more over the internet than they realize, especially when organized teams of spies can assemble a large database of seemingly unconnected facts, rumors, and gossip, then apply data mining techniques to come up with gems allowing the folks who employ the spies to use the filtered info for some sort of gain. I was particularly emphatic about the potential for abuse of such info for positive or negative stock market trades by effectively sidestepping SEC sanctions against insider trading, even though the information used was "insider info."
Top Bottom