The Myth of the Confidential E-Mail Message: Computer and Electronic Messages in Employment Litigation
By Melynda Layton LLB
As Presented to the Lorman Educational Services Seminar, September 26, 2002
Introduction: The True Nature of E-mail
People in the western world increasingly rely on electronic mail and other computer-related communications. Each year new electronic messaging hardware products and software applications are introduced to market. Electronic mail was previously available only on desktop computers through less than user-friendly software platforms. Now, not even a decade after the early adopters embraced the technology, there are numerous options for sending and receiving electronic messages in portable, flexible, and user-friendly formats such as laptop computers, hand-held e-mail pagers, cellular telephones and personal digital assistants.
Electronic communication has almost replaced paper-based written communications, face-to-face conversations, and telephone correspondence.1 Electronic mail has tremendous advantages over traditional communication media. E-mail facilitates communication between people in offices across the continent or across the hall. Unlike conventional post and telephone messages e-mail may be sent instantly, and the receiver does not have to be at the other end in order to intercept the message.
While the convenience of electronic mail cannot be disputed people are naive to replace traditional written communication or telephone conversations without carefully considering the consequences. E-mail does not control who “hears” the conversation or how many people receive the correspondence. While it may still be possible to have a confidential conversation, or write a confidential letter, the “confidential e-mail” is a figment of our imagination.
The myth of the confidential e-mail is a dangerous fantasy with potentially disastrous real-life repercussions. Face-to-face and telephone conversations do not leave a permanent record except in the memories of the participants. Unless someone consciously records them they cannot be easily reproduced or distributed. There are also physical limits to the ease with which written letters may be reproduced and distributed. Paper documents and recordings of conversations can be destroyed. On the contrary, not only can electronic mail be copied infinitely at the touch of a few buttons but they are also virtually impossible to destroy.2
People tend to treat e-mail as conversation; they use informal language, and say things they would not normally consider reducing to writing. They do this because they assume a particular e-mail message will never come back to haunt them. This is an unwise practice for two reasons. First, a person may think e-mail is sent in confidence, however, there is nothing stopping a receiver from forwarding damaging information to other. Furthermore, e-mails are often misaddressed causing unintended people to receive sensitive information.
Secondly, e-mail leaves a permanent record. Even when messages are “deleted”, records are recoverable. “Deleted” e-mails are simply renamed and moved to a different part of the computer system. They are retrievable from hard drives and network backup tapes of the sender, not to mention the hard drives and backup tapes of every person who ever received the e-mail.3
This paper focuses on the litigation ramifications for companies due to inappropriate use of e-mail and electronic documents by employees. We begin by considering the evidentiary value of e-mail in litigation and the ways in which e-mail may be used inappropriately to the detriment of an employer. We proceed to consider whether employees may reasonably expect privacy vis-a-vis their workplace e-mail and Internet use. We visit recent changes to rules of evidence facilitating the introduction of electronic evidence at trial and the use of forensic experts to assist with properly preserving electronic evidence and taking full advantage of electronic discovery. Finally, based on the assumption that the best way to avoid the pitfalls of e-mail is to create a policy for use of e-mail and Internet in the workplace, this paper provides policy suggestions.
Evidence in Litigation
It would be easier to successfully prosecute wrongdoers if one could catch them holding the proverbial “smoking gun”. Even though tolerance for monitoring and surveillance has recently increased in the face of perceived threats to national security, our society generally rejects constant surveillance by “Big Brother”. Electronic discovery offers an opportunity for parties to access potentially damaging evidence about what a person was thinking at a material time. “Conversations” that would never have been recorded in the past are indelibly etched into our computer systems.
Electronic discovery is even more useful in litigation involving corporations and other business entities. Corporations are separate legal entities existing only through the people they employ. There is no technology allowing us to see inside the brains of individuals, or to record thoughts, intentions or memories: messages transmitted along the neuro-pathways of the brain. E-mail, however, allows us to see inside the “brain” of a corporation. Messages transmitted through the neuro-pathways of a corporation via e-mail are preserved for eternity and can be made available through the discovery process for the other side. They can be an invaluable source of evidence.
Electronic mail and other computer files provide documentation of conversations and transactions in a way not previously available. For example, in a dispute over whether a person resigned or was wrongfully dismissed, rather than simply relying on subjective memories of what happened, there may be a series of e-mail messages to assist a court in its determination. If the issue is workplace harassment, rather than relying on recollections of reluctant witnesses or trying to prove an event for which there were no witnesses, copies of the harassing e-mails provide objective evidence. Not only does the computer remember exactly what was said, but it can tell us to whom it was said, at what time, how many times, and whether the statement was edited.
The Downside of E-mail
Potential pitfalls of e-mail use include:4
Employees may send e-mail messages in the heat of the moment without thinking through its ramifications. It is easy to fire off an angry e-mail before cooling down and addressing the conflict more rationally. Employees sending inflammatory e-mails may promote confrontation and tension both in the workplace as well as with suppliers and customers.
E-mail may be sent to unintended recipients. This might be due to errors in the address fields or because recipients forwarded messages to others. Errors of this kind that result in broadcasting of sensitive or inappropriate material can be extremely embarrassing for employers.
Supervisors may misuse e-mail by using it to communicate “unpleasant” messages, such as discipline or termination that should more properly be done in person. This type of insensitivity may cost employers if considered a factor in determining cause for dismissal.
Employees may abuse or misuse company e-mail systems resulting in reduced productivity. In addition, if employees use their work e-mail addresses to send personal messages they may be perceived as representing the company in a manner akin to borrowing the company’s letterhead to write letters to friends.
Offensive jokes and pornographic messages may create poisoned work environments. E-mails may be used to harass co-workers leaving the employer open to liability for human rights violations.
Employees have been known to disclose company secrets either inadvertently or deliberately via e-mail.
A Reasonable Right to Privacy for Employees?
Computer systems, networks, Internet connections, and software are owned by the employer. As a result, employers may take the position they are able to monitor e-mail and Internet use by employees to ensure use is restricted to business or work-related purposes. The legal authority for this position is largely American.
In Smyth v The Pillsbury Company5 an employee was terminated after the company intercepted two e-mail messages sent from the employee’s home to his supervisor. He made angry statements toward management in the e-mail, threatening to “kill the backstabbing bastards” and drawing an analogy between a company holiday party and the Jonestown massacre.6 Prior to the incident, the company assured staff employee e-mails would be treated as private. The Pennsylvania court upheld Smyth’s termination finding he had no reasonable expectation of privacy in an e-mail sent or received on a company e-mail system.7
The Smyth case was cited by a British Columbia arbitrator as authority for the proposition that employees have no reasonable expectation of privacy in their e-mails and Internet use. In Camosun College, the termination of an employee who made a series of unwarranted allegations against other employees and administration at the college where he worked was upheld.8 The employee distributed the message to 100 employees who subscribed to a union “chat group” maintained on the employer’s computer network. The arbitrator held, “if the very broad assurances given the Plaintiff in the Pillsbury case were insufficient to provide privacy, the restricted eligibility of subscription to the cupe-l list does not afford confidentiality.”9 An Ottawa newspaper article, “Firing off e-junk can cost you your job,” advised, “when it comes to privacy in the workplace, workers essentially have none regarding electronic devices.”10 Further, James T. Beamish, a Toronto employment lawyer writes, “employees who are making use of their employer’s computer equipment can have no expectation of privacy in the use that they make of that equipment.”11
In his extensive review of employer monitoring of employee electronic mail and Internet use, including an analysis of the Pillsbury case in particular, Charles Morgan notes, “Given the specific facts of the case, one should be wary of concluding that it stands for the general proposition that employees have no reasonable expectation of privacy when they use the company e-mail system.”12 “Smyth’s e-mail was sent directly to his supervisor. No monitoring took place. The message was not really “intercepted” by the company (despite the wording of the judgment).”13
Given the rather violent nature of the e-mail message, the judge “concluded in obiter that the company’s interest in preventing inappropriate ‘or even illegal’ activity outweighed the plaintiff’s privacy interests.”14 Furthermore, in the Pillsbury case the Plaintiff alleged the employer was not entitled to summarily dismiss him as it was against public policy. The specific law in the jurisdiction required the Plaintiff to define an already established public policy. In order to establish “public policy which precludes an employer from terminating an employee in violation of the employee’s right to privacy as embodied in Pennsylvania common law,” the Plaintiff had to establish “a substantial intrusion that would be highly offensive to the ‘ordinary reasonable person’”.15 The Plaintiff did not meet this threshold.
An unqualified application of the conclusions of American courts on the monitoring of employee e-mail and Internet use to the Canadian context would be imprudent.16 There are important differences between the Canadian and American statutory frameworks, suggesting suggests Canadian judicial interpretation on the subject of employer monitoring of employee use of e-mail and the Internet will differ than the analysis and conclusion reached in the United States on the subject.17
Whether a general right to monitor employee e-mail and Internet usage exists in Canada was a subject of George Radwanski (Privacy Commissioner of Canada). In his Annual Report to Parliament 2000-2001, Mr Radwanski wrote while he believes employers have to protect their employees against harassment, he does not accept that the “protection necessarily translates into wholesale surveillance of e-mails or computer use. We accept that there are stringent limits on an employer’s right to read employees’ mail, eavesdrop on their telephone calls or rifle through their desk drawers. I think we have to look closely at e-mail communications to see what principles should apply there as well.”18
These comments were made in the context of a report on a complaint by a Department of National Defence (DND) employee. An unidentified person accessed the employee’s computer and printed messages written by the employer containing derogatory comments about colleagues. The unidentified person left the printouts on the desks of several other employees. The employee complained because DND turned the copies of his e-mails over to a consultant who was hired to investigate the incident.19
Although the commissioner found it was reasonable in the circumstances for the employer to give copies of the impugned messages to an investigator he took the opportunity to caution the employer from assuming employees have no rights when it comes to e-mail or Internet use. He was deeply troubled by the fact DND’s policy on the Management of Electronic Mail states there is no expectation of privacy on the part of employees when using e-mail systems. He did not agree that an employee’s privacy could be simply eradicated by telling them not to expect any.
Employers justify the position employees have no reasonable expectation of privacy in workplace e-mail or Internet arguing the employer owns the tools (i.e. computer networks, desktop systems, software, and Internet connections). Mr. Radwanski suggests accepted limits on an employer’s right to read employees’ mail, eavesdrop on telephone calls or rifle through personal effects in desk drawers may apply to reading employees’ e-mail messages.20 Others take a different view. For example, one American law firm writes, “in a sense, an email on a computer drive is no different than a file in a [filing cabinet] drawer.”21
In the Pillsbury case, the District Court of Pennsylvania noted, “unlike urinalysis and personal property searches, we do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system…”22 The court drew a distinction between e-mail and searches of belongings or testing of bodily fluids where something private or confidential is actually given up. The e-mail message in Pillsbury case was sent directly to the employer thereby releasing any expectation of privacy.
In a 1999 case the Texas Court of Appeals rejected the analogy between employee e-mail and an employee’s private locker finding, “password-protected e-mail messages contained on the company computer were not the employee’s personal property, but were merely an inherent part of the office environment.” The court held the employer provided the workstation so the employee could perform his job.23
Many Canadian commentators have accepted the filing cabinet as opposed to the desk drawer analogy, relying on the authority of Pillsbury24 and Camosun College.25 To date, Canadian cases addressing the issue of monitoring employee e-mail and Internet use tend to be in a union context. There are only a handful of cases.26 The jurisprudence generally follows the reasoning in Pillsbury, using Camosun College as a Canadian authority.
There is little Canadian case law involving the right to privacy with regard to e-mail and Internet use in the workplace in the non-union employment context.27 The cases tend to address whether actions committed by an employee over e-mail constitute just cause for dismissal, rather than the monitoring and privacy issues.
In a 1996 British Columbia case, Di Vito v Macdonald Dettwiler & Associates28, two employees were summarily dismissed after circulating an e-mail, based on a monologue performed by the controversial comedian, Andrew Dice Clay, describing in a vulgar and derogatory fashion, sexual acts with an obese woman. One of the employees altered the wording so that it referred to a female co-worker who suffered from a serious weight problem. The creator of the original e-mail saved it and sent it to other colleagues one year later. At that time, a printed copy of the e-mail was posted on a bulletin board; another copy was left in the female co-worker’s in basket. The court found sending the e-mail message itself does not warrant summary dismissal of the Plaintiffs. Subsequent dishonesty during the investigation, however, amounted to just cause for termination.
In De Vito the employer responded to workplace harassment involving e-mail. It should be noted only when the e-mail message was printed and posted on a bulletin board did management become aware of it and take action. The posted copy published the names of the departments from which and to which the message had been sent. There was no issue in the case as to the authenticity of the e-mail message or the admissibility of the printed copy. The Plaintiffs eventually admitted the full details of their involvement.
In O’Neil v Towers Perrin Inc.,29 an actuary sent an angry e-mail response to a co-worker during a discussion about space allocation. The judge characterized the e-mail as “emotional and understandable in the circumstances” and commented, “such inappropriate statements are the predictable result of technology which allows instant and unconsidered responses. The judge also found the employee’s emotional response to the circumstances facing him was snapped up by the employer and used to justify dismissal.30 The e-mail messages were used as evidence of inappropriate statements by employees as well as ongoing correspondence between an employer and an employee leading up to dismissal. As the offending e-mail messages were sent directly to employees and managers of the company, the employee’s privacy was not an issue.
The issue of employee privacy in e-mail use has not been fully addressed in the Canadian courts and as a result is a live issue. Arguments are yet to be made by both employers and employees.
Why Does This Matter? Electronic Data Recovery and the Smoking Gun
Employers are legitimately concerned with the rate at which personal Internet and e-mail use reduces worker productivity. In a survey of Internet and e-mail use by employees, eighty-seven percent of employees admitted to surfing non-work-related web sites a few times per week or more. Thirty-five percent of employees surveyed admitted to receiving more than five non-work-related e-mails per day, and twenty-five percent admitted to sending more than five non-work-related e-mails per day.31 The result is clear; a lot of time is spent by employees not working. One article warns, however, that many of the published surveys are actually conducted by, or commissioned by, companies that produce software for tracking employee e-mail and Internet activity so it is reasonable to be somewhat sceptical about some of the research results related to the amount of personal Internet and e-mail use by employees at work.32
Nonetheless, there are many documented stories of Internet and e-mail abuse at work. In a Canadian wrongful discipline grievance, eighty percent of an employee’s e-mail activity was found, by his employer, to be for personal use over a fourteen-month monitoring period.33 In another case an employee was found to have logged 328 hours of personal e-mail and Internet use in a five-month period, at the same time as logging 467 hours of overtime.34 Inappropriate use of e-mail can also make companies especially vulnerable to disclosure of trade secrets or other confidential information.
Arguably, however, the biggest threat posed by inappropriate e-mail and Internet use by employees is liability in lawsuits. E-mail can provide the “smoking gun” evidence in any number of types of legal actions, including breach of fiduciary duty, negligence, breach of contract, not to mention wrongful dismissal, sexual or racial harassment, and defamation. Recently, the media abounds with notorious stories of companies whose coffins were nailed in court by a few little words uttered in a careless e-mail.
American Home Products, for example, was sued for, among other things, reckless indifference to human life for problems associated with the diet drug, Fen-Phen. Plaintiffs’ counsel sifted through over 33 million e-mail messages before discovering a message from an employee in the accounting department complaining, “do I have to look forward to spending my waning years writing checks to fat people worried about a silly lung problem?”.35 The company settled the case for 3.75 billion dollars.
During proceedings against Microsoft Corporation, the US government discovered 3.2 million e-mail messages and found several that were damaging to Microsoft. One was an e-mail written by Bill Gates saying, “Gosh, we could just pay Netscape off and they’ll get the hell out of our way.”36
One approach to reducing employer risk is to monitor and filter all employee e-mail messages. A Canadian arbitrator has even suggested employers might be liable for not monitoring employee email if the result is a poisoned work environment or workplace harassment.37 In defamation cases, however, there is reason to believe that less editorial control by employers is advantageous. Scott Little reviewed the law of defamation in the context of employer-provided electronic bulletin boards and chat groups.38 Little suggests that employers may be treated analogously to Internet service providers in the determination of liability for “publication” of defamatory communications posted by employees on the employer’s interface.
The law in Canada has not crystallized. However, in the New York case of Cubby Inc. v CompuServe Inc.,39 an Internet service provider was not held responsible for a defamatory message alleged to have been published on one of its electronic bulletin boards. The court held CompuServe did not exercise sufficient editorial control over its computer bulletin board to impose upon it the same standard that is applied to a publisher of a newspaper.40
In Stratton Oakmont Inc. v Prodigy Services Co.,41 on the other hand, a financial computer bulletin board was held to have marketed itself as an online service that exercised editorial control over the content of posted messages, thereby likening itself to a newspaper.42
These cases suggest a greater level of editorial control increases the risk of liability for employers who provide electronic bulletin boards, chat groups, or e-mail distribution lists for employees. In order to avoid being characterized as the “publisher” of defamatory statements it may be desirable to refrain from exercising editorial control over the content of electronic messages. Once an employer becomes aware of a defamatory message posted on its interface, whether it exercises control or not, it must take immediate action to remove the posting.43
Production and Relevance of Electronic Messages in Litigation
Canadian laws have been modified to facilitate electronic discovery. The Uniform Electronic Evidence Act (UEEA) was adopted by the Uniform Law Conference of Canada in August 1998, and recommended for implementation by governments in Canada. The UEEA amends existing rules of evidence to facilitate the admissibility of electronic records in court proceedings.
The Government of Canada implemented the UEEA by amending the Canada Evidence Act in Part 3 of the Personal Information Protection and Electronic Documents Act,44 which was brought into force May 1, 2000. Ontario implemented the UEEA by amending its Evidence Act through the Red Tape Reduction Act,45 which came into force on June 30, 2000. Other jurisdictions such as Yukon, Saskatchewan and Manitoba have also introduced or passed legislation to implement the UEEA.46
The introduction of new rules for admitting electronic documents as evidence necessitates a philosophical shift for lawyers and litigants alike. Parties must be more conscious of taking advantage of electronic discovery and of protecting themselves from creating their own smoking guns. The new provisions of Ontario’s Evidence Act47 define data as representations, in any form, of information or concepts. An electronic record is defined as data that is recorded or stored on any medium in or by a computer system or other similar device, that can be read or perceived by a person or a computer system or other similar device, and includes a display, printout or other output of that data, other than an electronic record in the form of a printout that has been manifestly or consistently acted on, relied upon, or used as the record of the information recorded or stored on the printout. An electronic records system includes the computer system or other similar device by or in which data is recorded or stored, and any procedures related to the recording and storage of electronic records.48
The provisions apply only to the rules relating to authentication and best evidence. The person seeking to introduce an electronic record must establish its authenticity by evidence that the electronic record is what the person claims it to be. Where the best evidence rule is applicable, it is satisfied on proof of the integrity of the electronic record. The integrity of an electronic record may be proved by evidence of the integrity of the electronic records system by or in which the data was recorded or stored, or by evidence that reliable encryption techniques were used to support the integrity of the electronic record. An electronic record in the form of a printout that has been manifestly or consistently acted on, relied upon, or used as a record of information recorded or stored on the printout, is the record for the purposes of the best evidence rule.49
In the absence of evidence to the contrary, the integrity of the electronic records system by or in which an electronic record is recorded or stored is proved:
(a) by evidence that at all material times the computer system or other similar device was operating properly or, that the fact it was not operating properly did not affect the integrity of the electronic record, and there are no other reasonable grounds to doubt the integrity of the electronic records system;
(b) by establishing that the electronic record was recorded or stored by an adverse party; or
(c) by establishing that the electronic record was recorded or stored in the usual and ordinary course of business by a person who is not a party to the proceeding and who did not record or store it under the control of the party seeking to introduce the record.50
For the purpose of determining under any rule of law whether an electronic record is admissible evidence may be presented in respect of any standard, procedure, usage or practice on how electronic records are to be recorded or stored, having regard to the type of business or endeavour that used, recorded or stored the electronic record and the nature and purpose of the electronic record.51
Either party to litigation may take advantage of electronic evidence. Keeping in mind the definitions in the Evidence Act of “data” and “electronic record”,52 a party asking for discovery of a company’s e-mails is looking at an enormous job. In the American Home Products case, Plaintiffs’ counsel sifted through over 33 million e-mails before finding the smoking gun.53
Recognizing market opportunity businesses that provide services in preserving computer evidence and aiding with discovery have materialized. Computer forensics experts can be helpful to employers who wish to preserve their own evidence. If an employee alleges wrongful dismissal or sexual harassment employers will want to search for and preserve electronic messages and documents related to the alleged incidents. Experts may help companies to sift through e-mails and electronic documents obtained through discovery of the other side. Millions of e-mails and documents are of little use to lawyers unless meaningful information can be extracted.
D. Michael Brown argues in favour of using forensics experts to hunt for and preserve electronic evidence. “Inevitably, the process by which the information was recovered will become an issue in the litigation.”54 Forensics experts can obtain the digital history of an electronic document, showing information such as when and for how long the document was created and edited. Obtaining information about the properties of an electronic document must be done by taking a mirror image, or a bit image, of the hard drive. A simple copy can jeopardize the integrity of the hidden information that the company will want to save.55 It may also be beneficial to have experts present electronic evidence to a court in order to explain the origins of the “hidden” information that was gathered from a computer system.56
Effective Policies on E-mail and Internet Use at Work
Although there is no agreement between employers and privacy advocates about e-mail and Internet privacy at work, parties across the board acknowledge the importance of e-mail and Internet policies. Such policies are key to reducing employer liability. Policies must be clear, reasonable, and communicated to employees. Employees and their supervisors must be trained in order to debunk false impressions about the impermanence and informality of email. Employees should be encouraged never to write anything in an e-mail message that they would feel uncomfortable saying in an elevator crowded with colleagues and competitors.57 Finally, there must be effective enforcement mechanisms and processes by which the policy can be kept current. The following provides examples of guidelines and rules for policies.58 See also the attached sample policy in Appendix A.
Creating and Updating the Policy
Appoint a person in the organization to take the lead on coordinating efforts to develop a policy or to head up revisiting and updating the policy on a regular basis.
Involve employees in developing the policy especially in the case where the organization has operated for a long time without any restrictions on e-mail or Internet use. Involving employees will help to ensure commitment to the policy down the road.
Consider the objectives of implementing an e-mail and Internet use policy. Create a policy that meets those objectives in the most reasonable and least intrusive way in all circumstances. When balancing an employee’s right to privacy against the employer’s interests, courts can be expected to look at what is reasonable in the circumstances. Draconian policies that do not allow for any flexibility and result in termination of an employee will likely not be upheld in a wrongful dismissal action.
Explaining the Policy, and the Risks of E-Mail Use
Provide an explanation of why the company has implemented an e-mail and Internet use policy. Explain that the company is concerned, not only about the amount of time spent by employees on personal matters throughout the day, but about the impact of electronic discovery.
Explain that e-mail messages stored in the company computer systems may be recovered as evidence for the purposes of civil or criminal proceedings as well as employment tribunal proceedings.
Explain that even though an e-mail message is deleted, it never really disappears. Explain that whether the employer monitors e-mail or not, e-mail messages and other computer documents or records can be obtained by an opposing party in a law suit.
Explain that even e-mails that are sent only to one person can be easily forwarded to a large number of people. Confidential information about people or the business that is disclosed this way can be embarrassing, and effect the reputation of the individual or the company.
Explain that when employees send e-mail from their workplace addresses, they are representing the organization. They should be cognizant of how the messages they send reflect on their employer, keeping in mind that the employer’s good reputation is a key component of its ability to keep people employed.
Setting Parameters for Personal Use
Keeping in mind the reasons for the policy and the explanation of the risk of uncontrolled e-mail, set parameters for what kind of personal e-mail or Internet use (if any) will be permitted. Restrictions may be based on amount of time per day or week, and on the content of the activity.
Restrict content of electronic messages and downloads from the Internet. Prohibit messages and downloads that are defamatory, profane, obscene, tortious, offensive or, otherwise unlawful. Prohibit employees from receiving or distributing copyrighted material.
Specifically state e-mail should not be used as a platform for sexual or racial harassment or to foster a poisoned work environment.
Prohibit employees from sharing company trade secrets and confidential information.
Restrict downloading material from the Internet, including games, music, movies, and executable programs. Explain these activities bog down the network and are counterproductive to everyone’s interest in, efficient computer systems.
Set limits or address conduct expected of employees who engage in chat groups. Explain certain chat groups or bulletin boards may be seen as an extension of the workplace, and that employers may be liable for harassment that occurs on such bulletin boards or chat groups.
List e-mail risks to make users aware of the potential harmful effects of their actions. Advise users they should not put anything in e-mail they would not want someone else, including a judge or jury, to read.
Explain policies on document retention and/or deletion and ensure employees comply with legislation relevant to retention of records.
Provide guidelines on how employees should deal with confidential information and trade secrets, for example how to use encryption software.
Consider automatically adding a confidentiality disclaimer to employee e-mails.
Filtering and Monitoring
Be up-front with employees. If the employer is using filtering, tracking, or monitoring software, explain the software that has been installed to block access to certain types of web sites.
Provide information concerning a monitoring program, including notice to employees that e-mail and Internet use may be monitored; an explanation of the purpose of the monitoring; a description of the extent of the monitoring; explanations of the means and frequency of the monitoring.
Enforcement
Notify employees of the specific disciplinary consequences of unauthorized or improper use of computerized resources. Ensure these consequences are compliant with any other company discipline or dismissal policies.
Develop procedures to encourage early reporting of offensive practices by employees.
Communicate to supervisors and managers the importance of early reporting of policy abuses and carefully monitoring policy compliance. Explain that allowing e-mail misconduct to go unchecked may result in arguments the employer condoned inappropriate behaviour.
Implement internal procedures to facilitate prompt, fair investigation of complaints involving the use of Internet and e-mail transmissions. Specify whose role it is to investigate and what process will be followed.
Publish and circulate the policy.
Set timelines to re-evaluate and update the policy.
Provide training to employees and supervisors on the policy, the reasons for its existence, and the consequences of its contravention.
Conclusion
Electronic mail has revolutionized business communications in the western world. The advantages of e-mail include its speed, informal nature, and access through a broad range of formats. The disadvantages of e-mail also relate to its instantaneous and informal nature. The fact electronic communications are permanently recorded on computer hard drives, and even when deleted can be reconstructed, make e-mail a litigator’s boon or bane. Canadian rules of evidence have recently been altered to facilitate the admission of electronic evidence at trial. Because damaging e-mail messages can be discovered in the litigation process, employers are motivated to monitor employee e-mail use to prevent its abuse or misuse. This leads to privacy concerns. It is unclear whether e-mail and Internet use of employees in the workplace is private. Despite same, employers may limit liability by developing, implementing, and enforcing clear, reasonable, relevant e-mail and Internet use policies.
The most important step is to educate employees about the risk of e-mail usage. Employers need to ensure employees appreciate there is no such thing as a “confidential e-mail.” This may be accomplished by training employees on appropriate use of e-mail while emphasizing the risk of embarrassment, lost reputation, and financial liability when electronic communications are used incorrectly. If employers decide to monitor e-mail and Internet use, they should not do so under the assumption employees have no right to privacy. Any monitoring should be undertaken with full knowledge of employees. The consequences of inappropriate use of e-mail should be reasonable in all the circumstances.
Appendix A
Sample Workplace E-mail and Internet Use Policy
[Name of employer] has implemented this policy out of concern that the inappropriate use of its computer systems, electronic mail and Internet systems has negative repercussions for the entire organization.
This organization receives a great benefit from e-mail and the Internet. This policy is implemented in part to emphasize to employees that e-mail messages can be retrieved and reconstructed even after they are deleted.
This organization’s computer network, electronic mail, and Internet system are provided primarily for the purpose of carrying out company-related business. While personal use is not prohibited, inappropriate use of computer systems, e-mail or the Internet system is subject to disciplinary action up to and including termination of employment.
Examples of inappropriate use of computer systems, e-mail and the Internet include, but are not limited to:
a. Accessing offensive or inappropriate material that may create an intimidating or hostile work environment for our staff or clients. This includes sexual, homophobic, or racist material.
b. Using the computer network, e-mail or Internet system for purposes other than those specifically related to company business.
Using the computer network, e-mail or Internet system for business purposes other than [name of employer] business.
Sending or receiving confidential information.
Employees should send and receive e-mail and use the Internet for personal purposes at home, using their own personal computer systems and personal accounts.
E-mail and Internet usage is monitored using XYZ software. The software monitors amount of time spent on non-work related usage, and searches for potentially offensive or confidentiality breaching messages.
This policy is subject to this organization’s usual progressive discipline policy.
To ask a question or for further advice please contact Melynda at melynda.layton@careerlaw.ca or by telephone at 613-225-4400
1 In a survey of 1004 employees, 45% said e-mail had replaced phone calls and 80% said e-mail had replaced traditional mail for the majority of their business correspondence. “Vault Survey Results: E-mail Behaviour in the Workplace” (May 2000) (online: www.vault.com/surveys/email_behavior/email_behavior.jsp) (date accessed: 15 July 2002).
2 T. Loomis, “Beware: Electronic Mail” (2002) N.Y.L.J (online: law.com)(date accessed: June 4, 2002).
3S. Taylor, “Firing off e-junk can cost you your job,” The Ottawa Citizen (7 March 2001) F10; d. Moulton, “Workplace email raises liability, privacy concerns,” The Lawyers Weekly (February 23, 2001) 11.
4 “E-mail at work: trials and tribulations” The Canadian Employer, 14:10 (October 2001) 1.
5Smyth v The Pillsbury Company, 914 F. Supp., 97 (E.D. Pa., 1996) [hereinafter Pillsbury].
6Ibid. at 99.
7 See S. Taylor, “Firing off e-junk can cost you your job,” The Ottawa Citizen (7 March 2001) F10; see also J. B. Payne, “Termination for Cause Update: A briefing for Human Resources Professionals,” Nelligan O’Brien Payne, March 2001 (unpublished).
8Camosun College v Canadian Union of Public Employees, Local 2081 (Metcalfe Grievance), [1999] BCCAAA No. 490 (November 15, 1999) [hereinafter Camosun College].
9Ibid. at para. 27
10Taylor, supra note 7.
11 J. T. Beamish, “Internet Misconduct: Grounds for Termination?” (The Canadian Employment Law Super Congress III, Canada Law Book, Toronto, 2000) (online: www.millerthomson.ca/ArticlesPDF/a_JTBInternet.pdf.) (date accessed: 15 July 2002).
12Charles Morgan, “Employer Monitoring of Employee Electronic Mail and Internet Use” (1999) 44 McGill L.J. 849 at para. 57 [hereinafter Morgan].
13Ibid.
14See text accompanying note 5 above.
15Pillsbury, supra note 5, citing Borse v Piece Goods Shop, Inc., 963 F.2d 611 (3d Cir. 1992).
16Morgan, supra note 12 at para. 64.
17Ibid.
18 Canada, Privacy Commissioner of Canada, Annual Report to Parliament 2000-2001, (Ottawa: Minister of Public Works and Government Services Canada) at 39.
19 Ibid. at 38.
20 Ibid. at 39.
21 “E-Mail: New Concerns For Employers,” Schmeltzer, Aptaker & Shepard, P.C., Counsellors at Law, Washington, DC. (online: www.saspc.com/art_702.htm) (date accessed: 10 July 2002).
22 Pillsbury, supra note 5 at 101.
23 N. A. Legault, “Internet and E-mail Security” (Canadian Institute Conference, Ensuring Corporate Security in an Age of High Worker Mobility: What You Need to Do Now, Ottawa, January 2001) [unpublished] [hereinafter Legault] citing McLaren v Microsoft Corp. 1999 Tex. App. LEXIS 4103. Note: pursuant to the Texas Rules of Appellate Procedure, unpublished opinions shall not be cited as authority by counsel or by a court.
24 Pillsbury, supra note 5.
25 Camosun College, supra note 8.
26 See e.g. Re Telus Mobility and TWU (Lee) (2001), 102 L.A.C. (4th) 239 at 249-50; Re BSOIW, Loc 97 and Office and Technical Employees’ Union, Loc. 15 (Garanito), [1997] BCCAAA No. 630 (QL) (C. Bruce).
27 See Legault, supra note 23; See also J. Bailey, “What Lawyers should know about E-mail: A Survey of E-mail-Related Litigation Issues,” (Lawyers & the Internet: A Three Part Series, University of Ottawa, The Advocates’ Society, 2002).
28 Di Vito v MacDonald Dettwiler & Associates (1996), 21 C.C.E.L. (2d) 137 (B.C.S.C.).
29 O’Neil v Towers Perrin Inc. (2001), 12 C.C.E.L. (3d) 137 (Ont. S.C.J.).
30 Ibid. at para. 32.
31 “Results of Vault.com Survey of Internet Use in the Workplace” (Fall 2000) (online: www.vault.com/surveys/Internetuse2000/index2000.jsp) (date accessed: 15 July 2002).
32 G. Robinson, “All work and not play: the dangers of personal email and web use at work” Internet Magazine (March 2000) (online: www.findarticles.com/cf_0/m0CXD/2000_March/60086886/print.jhtml) (date accessed: July 10, 2002).
33 The Union of Northern Workers v Northwest Territories (Minister Responsible for the Pubic Service Act) (del Valle grievance), [2002] C.L.A.D. No. 180 (April 25, 2002) online: QL (CLAD).
34 Legault, supra note 23.
35 Loomis, supra note 2.
36 D. Carlson, “Building discoveries with all the facts, and more” Law Times (February 25, 2002) 11.
37 Re Insurance Corp. of British Columbia and Technical Employees’ Union, Loc. 378 (unreported decision) (January 27, 1994) cited in Re Telus Mobility and TWU (Lee) (2001), 102 L.A.C. (4th) 239.
38 S. Little, “Libel & Slander: E-Sults” (Business Aspects of Technology Update, County of Carleton Law Association 8th East Region Solicitors Conference, Chateau Montebello, 3 May 2002).
39 Cubby Inc. v CompuServe Inc. 776 F. Supp. 135 (S.D.N.Y. 1991).
40 Little, supra note 38.
41 Stratton Oakmont Inc. v Prodigy Services Co., [1995] WL 323710 (N.Y. Sup. Ct. 1995).
42 Little, supra note 38.
43 Ibid.
