Last month at the International Business Law Services (IBLS) Strategic Global Summit for E-Commerce, Pauline Reich, an associate professor at Waseda University School of Law in Tokyo, Japan, gave a speech entitled “Legal Issues: Internet and E-mail in the Workplace.” Reich is also a well-known expert in the areas of cyberlaw and Internet-based legal, business and government research.
During her talk, Reich explored the worldwide evolution of procedures governing Internet use in the workplace and discussed the factors managers need to consider when instituting an Internet and e-mail policy.
She emphasized that establishing such a policy is essential and that setting forth guidelines for everyone — including on-site employees, telecommuters, temps, consultants and independent contractors — can avert a host of disasters, from basic liability to leaks of company secrets.
Reich spoke with the E-Commerce Times recently about some of the topics she discussed during her lecture.
“We do know employers are firing people for the misuse of the Internet and e-mail, and we do know that employees think that they’re not being noticed and they’re doing all kinds of things during working time,” Reich said. “At the same time, employers need productivity” from their employees.
“That’s one balancing act: privacy vs. the employer’s interest,” she noted.
Reich reiterated that employers should publish their Internet use policy in handbooks, make sure new employees sign a document acknowledging they have received the policy, and periodically remind employees of the policy. She even suggested posting the policy on screensavers and other novel means of notification to refresh their memories.
In addition to employer concerns, such as liability, government interest in national security has come to the forefront as a catalyst for employee monitoring, Reich said.
“The government may come to an employer and say, ‘We need to monitor,'” she explained. “So, when do you allow the government [for example] to do it, or can the government do it without your knowledge? Do you only monitor where you have probable cause?”
Purpose in Monitoring
In other words, the question evolves into, do you have a purpose in your monitoring? Is it reasonable to monitor an employee’s Internet use if doing so is only a little intrusive — no more than the amount necessary for the employer or government to determine whether employees are hacking, stealing trade secrets or engaging in mailbombing (a tactic that involves sending thousands of e-mails to clog a network) or other cybersmear tactics?
“I think a reasonable approach is better than just ‘Big Brother’ in the workplace,” she said. “I personally would not want to work in a place where I know there are cameras everywhere.”
However, Reich noted that in the United States, there is officially no expectation of privacy once employees have been put on notice and have signed a document indicating they know about their employer’s monitoring policy.
Whose Hard Drive Is This?
In discussing standards of privacy in the workplace, Reich brought up the example of a CIA employee who in 2000 was indicted on charges of receiving and possessing child pornography after the agency searched and copied his office hard drive and other files.
The CIA had established a policy two years earlier stating that employees could access the Internet only for government-related business and that the CIA would ensure compliance through electronic audits. The employee appealed the charges, arguing that the search of his computer violated his Fourth Amendment rights. Although his appeal was denied, Reich told the E-Commerce Times that the employee’s reaction was understandable, particularly since no warrant was issued during the initial search.
“I remember working in the government [when] an employee left for the day, and they broke into her office, broke into her desk drawer, and how we felt about that invasion of privacy,” she said.
Meanwhile, standards of privacy differ among countries. For example, the EU has instituted strong privacy safeguards for employees, while in India privacy is neither protected nor, for that matter, defined by law.
“The problem for a multinational is, ‘What standards should we adopt as a corporation that [are] uniform throughout our corporation?’ If you’re everywhere in the world, what standards should you adopt?” Reich said, adding that this challenge extends beyond the issue of Internet use.
She went on to say that one problem in U.S. cyberlaw is that those involved in crafting it too often look only at the United States.
“We really need to coordinate on an international level [and] know what is going on in the rest of the world,” Reich said. “That’s why I thought [the IBLS] Global Summit we had was very important. We need more [conferences like] this.”