I need 2-3 pages Analysis paper contains :

Article Overview

Analysis

Organization Analysis

References

For the article below within 2 hours.

 

READING 6.2: Monitoring Employee E-mails: Is There Any Room for Privacy?

William P. Smith

Filiz Tabak

Executive Overview

This paper reviews the current knowledge about e-mail monitoring and draws conclusions for practice. The discussion entails justifications for employers’ e-mail monitoring along with an analysis of supporting statutory and case law, Web-based private e-mails, and international implications of e-mail monitoring. The paper also provides evidence of work outcomes of e-mail monitoring regarding employee attitudes and behaviors such as organizational commitment, job satisfaction, and performance. The paper explores these considerations within the framework of existing research evidence and presents practical implications not only for e-mail monitoring, but also potentially for the broader issue of privacy in the workplace.

Communication is a rich process underlying all information exchange, decision making, and cooperative effort. New technologies such as e-mail, the Internet, global positioning systems, and wireless communication have expanded the types and scope of communication media used in organizations. These new media present two interesting implications for managers. First, they enable a wider range of monitoring practices that can capture and retrieve messages exchanged in the workplace. Second, new communication devices increase the speed and accessibility of information exchanges between organizational members and consequently are at least partially responsible for the blurring of work-life boundaries. As a result of these trends employees find themselves at a vortex of cross-currents. Employers can now require fuller, more continual forms of engagement while simultaneously expanding the range of employee communications to be monitored. More engagement means a wider range of communication contexts to be encountered and for which to be accountable.

The pervasiveness of e-mail in particular highlights the ubiquitous role of digital communication in the workplace. The American Management Association’s 2007 annual review of workplace monitoring and surveillance reported that 84% of employers have e-mail-use policies in place, 43% engage in some active form of e-mail monitoring, and 28% have terminated employees for inappropriate e-mail use (American Management Association, 2007). The 2007 survey suggested that e-mail monitoring by employers is connected with growing legal exposure associated with e-mail use; 24% of organizations had e-mail records subpoenaed in the year prior to the report (American Management Association, 2007). Employer monitoring of instant messages (IMs) and blogs so far is lagging behind; 43% have policies aimed at IM use, and 12% address employees’ work-related blogs. Recent estimates place the growth rate for e-mail monitoring software at about 30% per year (Tam, White, & Wingfield, 2005).

The U.S. legal system does not currently address rights and responsibilities associated with e-mail in the workplace. In spite of this legal vacuum, courts have consistently supported the rights of employers to monitor employee e-mails (Muhl, 2003; Rustad & Koenig, 2003). This paper first reviews the justifications for e-mail monitoring in the workplace and provides an analysis of supporting statutory and case law. However, the story does not end there. While there may be little in the way of legal impediments to monitoring, legitimate questions about employee privacy claims remain. The legality of monitoring becomes less certain as e-mail evolves to include more Web-based hosting services and transcends national boundaries. Finally, under certain circumstances monitoring may trigger a sequence of counterproductive attitudinal and behavioral responses from employees. Our paper addresses the attitudinal, behavioral, privacy, ethical, and international implications of e-mail monitoring and raises questions about its perceived benefits and costs for organizations.

Why Employers Monitor E-mail

Given the volume of e-mail traffic, why do employers go to the expense and effort to monitor all those messages? The basic answer lies in the twin goals of performance management and creation of a positive work environment. More specifically, monitoring advocates provide three basic justifications: (a) protecting the firm from liability risks, (b) protecting company assets, and (c) ensuring job performance.

Monitoring Reduces Legal Liabilities

While e-mail is known for being an easy, quick, and inexpensive method to send a message anywhere in the world, these virtues have a dark side. Whether through negligence, foolishness, or deliberate hostility, employees may transmit messages that are damaging to the employer or other parties. When objectionable or sensitive material is involved, employers may be held legally liable for any resulting damages. Implementing a message monitoring system represents a good-faith attempt to minimize this liability exposure (Echols, 2003; Hoffman, Hartman, & Rowe, 2003; Rustad & Paulsson, 2005). Sarbanes-Oxley also requires firms to store all e-mails related to financial transactions (Holton, 2009).

Employer responsibility for employee conduct while on the job is rooted in the legal doctrine of “respondeat superior.”1 Someone who has sustained damage through the misconduct of an employee may hold the employer accountable if the employer knew about the misconduct but failed to prevent it, or even if the employer was unaware of the misconduct but should have known (Fazekas, 2004). Sexual harassment provides a good example of this doctrine (Areneo, 1996). For example, Chevron Oil agreed to a $2.2 million settlement with a group of employees who were offended that an inappropriate e-mail (“25 Reasons Why Beer Is Better Than Women”) was allowed to circulate on the company’s e-mail system. The plaintiffs were able to establish that Chevron failed to provide the proper controls to prevent offensive messages from being circulated (Sherman, 2007).

Monitoring Protects Company Assets

Not only do firms face liability consequences if employee e-mails cause harm to stakeholders, but there is also the risk that e-mails might directly damage the firm. Two types of risks can be identified. First is the possibility that an e-mail might compromise the firm’s intellectual property or other intangible assets (Areneo, 1996; Echols, 2003; Greenlaw & Prundeanu, 1999). For example, it is quite easy to attach a document to an e-mail that could contain the company’s most recent pricing decisions, its customers’ records, technical details for a patented product, trade secrets, or similar sensitive information. Preventing the dissemination of such information or determining the source of damaging disclosures is clearly consistent with any firm’s self-interest.

In addition to protecting intellectual property, most firms find it necessary to monitor and control the efficient use of network resources (Hornung, 2003). As total e-mail volume (both business and personal) increases, firms may find their existing network systems less able to handle the traffic. Monitoring e-mail usage is a way of ensuring that a firm’s systems are not being excessively stressed by unauthorized use. Further, the more frequently e-mail is used for nonwork purposes, the more likely employees are to encounter virulent software in attachments and embedded links that might compromise network security. Since the employer has paid for the equipment and related support, it is appropriately within its purview to ensure that those resources are not compromised by careless e-mail practices.

Monitoring Helps Ensure Productivity

Curtailing lost productivity due to excess e-mail use by employees is another often-cited motive for employer monitoring (Echols, 2003; Greenlaw & Prundeanu, 1999; Hoffman, Hartman, & Rowe, 2003; Hornung, 2003; Rustad & Paulsson, 2005; Sherman, 2007). Again, the ease and accessibility of e-mail seems almost to invite overuse. In an extensive literature review Taylor, Fieldman, and Altman (2008) cited several ways in which e-mail can dampen productivity, including the time spent during message engagement (as compared with face-to-face messages) and characteristics of e-mail that can make it a particularly stressful form of communication. E-mail has become so prolific that some firms have begun to limit employee access to preapproved addresses (Reiter, 2006).

Legal Foundations Associated with E-mail Monitoring

E-mail monitoring is a widely practiced method of ensuring that employer interests are protected. But are employer interests consistent with prevailing legal standards, particularly in the United States? Are there privacy issues at stake that might mitigate against an employer’s right to monitor e-mails? Three levels of legal analysis help provide insight into these questions: (a) constitutional, (b) tort-related, and (c) statutory.

Constitutional Sources of Employee Privacy

The U.S. Constitution, including the Bill of Rights and all subsequent amendments, is silent on the issue of privacy. Despite the lack of explicit recognition, two sections of the Constitution have general implications with respect to privacy (Hor-nung, 2005; Rustad & Paulsson, 2005). The Fourth Amendment guarantees that “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.” In certain circumstances the Fourth Amendment can extend to public-sector employees’ claims to privacy rights while at work. The 14th Amendment, Section 1 (also known as the “equal protection clause”), ensures that “no State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.” The concept of liberty, similar to though not the same as privacy, is at issue here. The 14th Amendment has been at the heart of controversial topics such as abortion rights and same-sex marriages.

Most important, the Constitution outlines the rights of citizens and corresponding claims that can be made against the federal government (Hodson, Englander, & Englander, 1999; Oyama, 2006). These claims do not apply to nongovernmental entities. In fact, private-sector employees in the United States have no constitutional protections for privacy while they are at work (Rustad & Paulsson, 2005). At the state level, only ten states currently provide constitutional guarantees to their citizens.2 State courts have found that varying degrees of privacy do exist in the workplace, but that the plaintiff must prove a reasonable expectation of privacy (Hodson et al., 1999). As of this writing, however, state constitutional guarantees have failed to establish a right to privacy in e-mail cases (Rustad & Paulsson, 2005).

Torts and Privacy

Privacy claims do not always arise from legislation. There is also the possibility that the body of common law, or tort law, can provide protection if one party’s actions result in damages to another, even when a formal contract or relationship is absent. Tort law can be used as the basis for privacy claims in four ways (Prosser, 1960). One basis, intrusion upon seclusion, is probably most relevant to the workplace and e-mail monitoring.3 An actionable claim based on intrusion upon seclusion must meet two conditions: (a) the employee must have a reasonable expectation of privacy, and (b) the intrusion must be considered highly offensive to a reasonable person.4 Case law is an important guide to understanding how these two conditions have been applied in actual monitoring situations.

A reasonable expectation of privacy is most likely to occur when the actions of the employer suggest that such privacy is a condition of work. This was apparently the situation in Smyth v. Pillsbury (1996), one of the most commonly cited e-mail monitoring cases. When the company introduced an intranet-based e-mail system, it also issued a policy that messages on this system would remain confidential. Michael Smyth then sent several provocative e-mails to his supervisor. One message allegedly referred to the firm’s sales management team with a comment to “kill the back-stabbing bastards.” Another e-mail labeled a company social occasion as “the Jim Jones Kool-Aid affair.”

Despite the confidentiality policy the company reviewed these communications, determined the messages to be unprofessional, and dismissed Michael Smyth. Pillsbury’s monitoring and Smyth’s resulting dismissal were upheld because Smyth could not establish that he had a reasonable expectation of privacy. The judge’s ruling emphasized that e-mail communications are entirely voluntary (unlike other monitoring efforts such as drug testing) and that employers’ interests in preventing unprofessional comments in the workplace take precedence over employee privacy expectations (Echols, 2003; Rustad & Paulsson, 2005).

The Smyth case is one of the early cases of e-mail monitoring and helped established precedent for future cases. At the John Hancock Company two female employees were fired for forwarding sexually explicit e-mails. Following a complaint by another employee, the employer searched the contents of the plaintiffs’ e-mail folders. Both employees were terminated for violating company policy regarding offensive e-mails. The plaintiffs argued that e-mail policy was deficient in several respects and that they had reason to believe that the contents of their messages would be kept private. The court reaffirmed the essential precedents from the Pillsbury case: the primacy of the employer’s interests in preventing harassment and ensuring a professional work environment (Echols, 2003; Rustad & Paulsson, 2005).

Another important case illustrates how difficult it can be for employees to establish a reasonable expectation of privacy for workplace communications. During an investigation into inventory shortages and sexual harassment, managers at Microsoft found a directory labeled “personal folders” on an employee’s computer. The employee, Michael McLaren, had sought to limit access to his computer and its contents through the use of passwords. Objectionable material was found on McLaren’s computer, and he was dismissed. McLaren maintained that marking folders as “personal” and protecting them with passwords established a reasonable expectation of privacy. The court disagreed, ruling that the employer’s ownership of the computers and the network preempted any reasonable expectation of privacy. Further, once e-mail messages had been transmitted to other persons on the network there could no longer be an expectation of privacy (Rustad & Paulsson, 2005).

Perhaps the sole example of a legal decision acknowledging the potential for privacy claims in employees’ e-mails is a case in the 1990s involving Burke Technologies. At the time, Burke Technologies had an internal e-mail system, but no policy and no notification about possible monitoring. After a supervisor informed the company president that an employee, Neil LoRe, was a frequent user of the system, the president used a special password to access LoRe’s e-mail. He found several e-mails between LoRe and another employee, Laurie Restuccia, with nicknames for the president and with reference to an extramarital affair between the president and another employee. LoRe and Restuccia were both fired for excessive use of e-mail (the content of messages was never cited as a basis for the dismissals), and the two sued, claiming they had a reasonable expectation of privacy that the employer violated.

The final disposition of the case is a bit confusing. The employees claimed that their messages were unlawfully intercepted. The court disagreed. But when Burke Technologies sought to have the employees’ complaints of a privacy violation dismissed, the court declined to do so, citing “general issues of material fact as to whether the plaintiffs had a reasonable expectation of privacy in their e-mail messages” (Sargent, 1997). From here the trail goes cold: There are no further references about the continuation of this case, suggesting that there was an out-of-court resolution. The denial of the employer’s motion to dismiss LoRe and Restuc-cia’s claims of privacy invasion makes this a unique case (Rustad & Paulsson, 2005).

All of these cases clearly demonstrate that court decisions on workplace e-mail monitoring have been decidedly pro-employer. Both of the requirements necessary to establish privacy-violation torts—that a reasonable expectation of privacy exists and that the intrusion is highly offensive—have been elusive for employees. Courts are not sympathetic to “reasonable expectations of privacy” claims given the inherently nonprivate nature of most work environments and the employer’s ownership of the computer and network resources (Gabel & Mansfield, 2003). “Highly offensive to a reasonable person” is also a difficult standard to meet, as monitoring employee work behavior is typically an employer prerogative (Fazekas, 2004).

Statutory Guidelines and Privacy In the United States the critical piece of federal legislation defining the extent and limits of employer monitoring is the Electronic Communications Privacy Act (ECPA) of 1986. Title I of the ECPA amends the Omnibus Crime Control and Safe Streets Act of 1968 (known more commonly as the Wiretap Act). The original law’s focus was the interception of wire and aural messages. The ECPA extends these prohibitions to wire communications and makes it a crime to “intentionally intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral or electronic communication.” Title II of the ECPA is known as the Stored Communications Act (SCA). This act makes it illegal “to access without authorization a facility through which an electronic communication service is provided” (Oyama, 2006, p. 506).

Even though e-mail was in its earliest stages of development when the ECPA was passed, federal court decisions have ruled that the provisions of the ECPA apply to e-mail. The law allows persons to initiate civil actions against any party they believe have violated rights outlined in the ECPA (Areneo, 1996). The privacy of e-mail communications is protected by both sections of the ECPA, depending on whether the communication is in transit or in electronic storage (Hornung, 2005). Title I covers transmission of e-mail messages. Title II limits the access of those messages from storage (Rustad & Paulsson, 2005). E-mail monitoring by employers is usually not considered illegal because of exceptions in both Title I and II.

The ECPA has four exemptions that give employers wide latitude in monitoring their employees’ e-mails (Hornung, 2005). First, interception is allowable if it occurs through a device or component that is associated with the ordinary course of business (King, 2003). Since network software that tracks and stores e-mail is a necessary part of network administration, the ordinary course of business exception can be easily applied. Second, service providers are allowed to monitor messages through proprietary communication systems. Hence, when an e-mail system is owned and maintained by the employer, as would be the case through operation of branded systems such as Microsoft Outlook and Novell GroupWise, there is no violation of the ECPA. Third, exceptions are made when users provide prior consent. Company policies and login messages usually inform employees of monitoring and make system use dependent on agreeing to these conditions. Such notification effectively establishes employees’ consent to potential review of their e-mails. Finally, interception must meet the “contemporaneity requirement,” i.e., e-mail interception is illegal only during message transmission. For instance, in the case U.S. v. Steve Jackson Games (Oyama, 2006), the Secret Service seized a computer owned by the defendant company and read and deleted electronic bulletin board system e-mails stored on the computer’s hard drive. The court found that the e-mail messages were in electronic storage and not subject to interception provisions of the ECPA.5 The Jackson case reaffirmed the concept of contemporaneity, that is, that interception of communication must occur during transit (Hornung, 2005).

Obviously, the contemporaneity requirement of Title I of the ECPA tends to exclude most e-mail monitoring. E-mail messages do not create a dedicated link between a sender and a receiver as would be the case in phone conversations. Most e-mail messages follow a “store and forward” basis of distribution. The extent to which messages can be located at any point in time depends on server capacities at

several points during delivery. Further, once e-mails are sent, received, and even deleted on a personal computer, service providers or employers (in the case of workplace e-mails) retain copies of those messages. Monitoring software can then be applied to gauge traffic patterns for each account, or message content can be reviewed with keyword searches.

Hence, employer review and monitoring of employee e-mails involves retrieval of communication, not interception. Rustad and Paulsson (2005, p. 853) concluded that Title I is basically “useless” to employees seeking to limit employer surveillance of workplace e-mails. Case interpretations of the ECPA have been consistent: Monitoring may occur with or without employee consent and with or without notice (Gabel & Mansfield, 2003).

The Stored Communications Act, Title II of the ECPA, has greater applicability to employer monitoring of e-mails, given the essential characteristics of e-mail and the nature of most monitoring software. Like Title I of the ECPA, the SCA provides exemptions for service providers and participant consent. These exemptions support e-mail monitoring practices, since most employers establish and maintain these systems for the benefit of their employees and with the intent of supporting work-related purposes (Oyama, 2006; Rustad & Paulsson, 2005). In addition, the law provides specific exceptions when participants in the system have consented to have their communications monitored and stored (Echols, 2003). Hence, the SCA has also provided a limited basis for employee claims to privacy in their e-mail communications.

In summary, there are few legal impediments to employer monitoring of employee e-mails. There is no constitutional recognition of privacy rights that applies to employment contracts. It is possible in principle for employees to seek tort-based remedies for privacy violations, provided that they can establish a “reasonable expectation for privacy” and that monitoring conducted by the employer is “highly offensive to the average person.” Practical experience has proved these legal standards to be unattainable in the vast majority of circumstances. Existing statutory provisions, specifically Titles I and II of the Electronic Communications Privacy Act, have limited applicability to the privacy of employee e-mail messages during both transmission and storage stages. Not surprisingly, legal scholars Rustad and Koenig asserted that “in a decade of Internet-related work-place privacy cases, private employers have prevailed in every case” (2003, p. 95).

Challenges for Employer Monitoring

Given the compelling incentives to engage in monitoring and the strong legal justifications for doing so, the popular press often advises people to assume that the boss is reading everything. We cannot discredit either the basis for this advice or the logic that allows monitoring to continue. However, we offer four considerations that may limit the propriety of unfettered surveillance in the workplace: (a) remaining questions about privacy in the workplace, (b) e-mails using Web-based personal accounts, (c) international implications and varying legal and cultural standards around the world, and (d) attitudinal and behavioral implications of e-mail monitoring.

Remaining Questions About Privacy in the Workplace

Philosophers typically consider some level of privacy to be a right for individuals because it is necessary in the exercise of self-determination (Rogerson, 1998) or as a basis for self-protection (Velasquez, 2006). These interests are somewhat mitigated because most workplaces can be considered public (Fazekas, 2004), and employers generally provide advance notification of monitoring. Both conditions tend to argue forcefully against any legitimate expectation of privacy in e-mail communications made at work. However, there are other issues that support employees’ privacy claims in workplace communications (including e-mail messages).

It is worthwhile to consider the implications that personal communication and reasonable expectations of privacy are not relevant considerations in the workplace. This line of thought may have been consistent with prevailing management practices during the time of Frederick Taylor, but seems ill-suited to the workplace of the 21st century. It is difficult to conceive of any working person today, whether at a desk, on an assembly line, or in an executive suite, who doesn’t conduct some personal business during the course of the workday. The practice is widespread, and with good reason. Occasional personal communications (e-mail, phone, text messages) allow employees to take more control over their lives and their work. With the proliferation of modern communication tools (cell phones, PDAs, laptops) come overlapping boundaries between work and personal life. If work messages can intrude into evenings, weekends, and vacations, one can reasonably argue that an e-mail message to a spouse or family member can take place between 9:00 a.m. and 5:00 p.m.

We should also acknowledge that some measure of privacy already exists in the workplace. For example, employers initiate and implement systems that protect employee privacy in areas such as access to personnel records, genetic testing, drug testing, searches of employee property and personal effects, and other forms of communication (e.g., personal conversations, written correspondence). If employees expect privacy regarding such employer practices, is it reasonable to expect privacy in e-mail communications as well?

Finally, even if privacy claims can be easily dismissed it is worth asking the question: Can there be too much monitoring? Digital communication has the advantages of being relatively inexpensive, easy to use, widely accessible, and instantaneous in delivery. However, these advantages are realized only to the extent that people use, and trust, such communication. Monitoring is counterproductive to the extent that it leads to a lack of trust, discourages open and free exchange of ideas, and reduces creativity. Certain forms of monitoring might go too far. An example is keystroke monitoring. If, in the heat of the moment, an employee types a comment such as “the boss is an idiot,” but changes his or her mind, backspaces and deletes “an idiot,” and types “mistaken” (or something more diplomatic), even if there is no e-mail sent or received, keystroke monitoring will record the original “idiot” entry. Has the employee engaged in any communication? Or is this a thought crime? These are questions employers need to consider before implementing e-mail monitoring systems in their organizations.

E-mails Using Web-Based Personal Accounts As currently written and interpreted, U.S. law is extremely clear. Private-sector employees have very limited privacy rights associated with e-mails sent or received through employer-hosted e-mail accounts. However, Internet access allows employees the opportunity to establish Web-based e-mail accounts such as through Yahoo, Gmail, or Hotmail. While employees may be accessing these accounts using equipment and Internet access provided by the employer, Web-based e-mail presents a set of characteristics worthy of consideration. For instance, employers cannot claim that the e-mail system is exclusively their property. Lack of complete ownership may be a particularly relevant factor, since employees frequently access these accounts from a variety of locations, and not just while they are at work. If an employee accesses a Hotmail account on one occasion while at work, is all prior and subsequent e-mail traffic in and out of that Hotmail account subject to employer review? Employees may have more compelling claims of “reasonable expectation of privacy” given that these accounts are established and maintained outside of the immediate work environment. As long as the use of these Web-based accounts is not too frequent (leaving aside for the moment the specific standards that would establish such limits), employees’ privacy expectations may be more legitimate. In addition, the monitoring software for Web-based e-mails is fundamentally different than that for internal e-mail. Copies of Web-based e-mails are not automatically stored on the company’s server (Echols, 2003). Commercially available software can record keystrokes, enable views of computer screens, or make and return copies of outgoing messages on chat programs or Web-based mail servers. Installing these special programs that create copies of such messages tends to crowd the definition of interception (Hornung, 2005).

There are two cases involving employer monitoring of employees’ Web mail accounts: Fischer v. Mt. Olive Lutheran Church (2002) and Booker v. GTE.net (2003). In the first case, the plaintiff served as a youth counselor for a church. Church employees overheard Fischer involved in sexually provocative conversations over the church phone. Church officials then hired a computer expert, conducted a search of Fischer’s Hotmail account, and found evidence of sexually oriented e-mails. Fischer was terminated and subsequently sued his former employer for defamation, invasion of privacy, and ECPA violations. The court granted Mt. Olive’s petitions for summary judgments on defamation but denied summary petitions for ECPA and privacy violations. Hornung (2005, p. 149) analyzed the court’s decision and suggested that the Fischer case “does not say much about the ECPA when it is applied in the context of employer monitoring of Web-based mail.” Given the trend of pro-employer decisions, however, an ambiguous decision may signal a foothold for privacy advocates.

The second case, Booker v. GTE.net (2003), is also complex and does not provide clear guidelines for monitoring employee Web-based accounts. Jarmilla Booker, an employee in the office of the Kentucky attorney general, was questioned about an e-mail sent to a Verizon customer via a Web-based account and bearing Booker’s signature. A summary of the problematic e-mail, allegedly from Booker, follows:

I would just like to take a moment and tell you how disgusted I am that someone would waste so much time over INTERNET ACCESS! You sir are pathetic and I would greatly appreciate it if you would take me OFF of your ridiculous e-mail list! If you are having this much trouble getting INTERNET ACCESS, then go through another company. This is not a difficult thing to understand. The whole reason we de-regulate such things is to give you, the customer, the opportunity for more selection.

I sympathize with you over your troubles, but come on [Verizon customer], why don’t you put on your pampers and ask for your bobba OR cancel the service altogether! Your repeated e-mails lambasting people for doing the job for which they were trained to do is baseless and petty. You sir are a grumpy, horrible man who needs to grow up and realize that you are on earth, not some crazy place where everything works out for [Verizon customer] and company!

Frankly, I hope you NEVER get this internet service and sit on perpetual hold, waiting for a “live” human to answer the phone.

[Verizon Customer], if you want to waste precious time spreading libel around about Verizon, which by the way is illegal, then that is your business. Please stop sending me these despicable e-mails at once!!

Sincerely, Mrs. Booker (Booker v. GTE.net, 214 F. Supp. 2d 746)

Further investigation determined that two ill-meaning Verizon employees, not Booker, were responsible for the message, which was intended either as a prank or as true sabotage. Booker sued Verizon based on principles of vicarious liability and respondeat superior. It can be argued that the messages were sent within the employees’ scope of employment and thereby establish Verizon’s respondeat superior responsibility because the messages were created at work, on Verizon equipment, and communicating via e-mail was part of the employees’ job responsibilities. However, the court was swayed by Verizon’s defense that the employees acted outside of their job responsibilities, since sending intentionally offensive e-mails is not expected from employees.

The Booker decision stopped significantly short of resolving questions about monitoring Web-based e-mail accounts. Echols (2003) and Hornung (2005) reaffirmed the potential for employer liability arising from Web-based accounts, whereas Sherman (2007) argued that the Booker case acknowledges limits to employer liabilities and consequently impedes employer interests related to such monitoring. Lasprogata, King, and Pillay (2004) argued that the ECPA does not clearly provide any protections for Web-based email. However, their analysis suggests that monitoring of off-site e-mail accounts not provided by the employer may run the risk of violating the ECPA.

International Implications: Legal and Cultural Considerations

Business is an increasingly global endeavor. Because e-mail can quickly and cheaply link people anywhere in the world, it has become an important medium of business communication. Moreover, since e-mail messages can easily traverse geographical boundaries they face differing legal and cultural conditions with respect to monitoring. Employers can face more stringent conditions on monitoring employee e-mail and different cultural expectations about privacy, particularly in the European Union.

Variation in Laws and Regulations

Privacy in the United States is operationalized in a different manner than in countries such as Canada or members of the European Union. In the United States, privacy can be viewed as a commodity, meaning that it can be bartered away when individuals feel it is in their interests to do so. In Europe, however, privacy is viewed as more fundamental, something that persons cannot be induced to forfeit. At the center of European public policy is Article 8, a policy directive6 originating from the 1995 European Convention for the Protection of Human Rights and Fundamental Freedoms. Article 8 was established to protect personal privacy during an era of accelerating computer and information technologies (Laspro-gata, King, & Pillay, 2004; Rustad & Paulsson, 2003). It recognizes that individuals have a right to secrecy of correspondence that extends to communications made while at work (Lasprogata, King, & Pillay, 2004). The directive acknowledges that “everyone has a right to respect for his private and family life, his home and his correspondence” (Rustad & Paulsson, 2003, p. 872). Article 8 has been extended to include business relations and electronic correspondence. Yet employer monitoring of employee e-mail can be justified if it meets standards such as “necessity” and “legitimacy.”

The implications of public policy instruments relevant to e-mail monitoring can be far-reaching. A case illustration (Onof v. Nikon) from France is helpful in illustrating the notion that not all countries take the same approach as we do in the U.S. In 2001, Nikon retrieved and read an employee’s stored e-mails marked “personal.” The employee, Onof, was dismissed for engaging in personal pursuits in violation of company policy. The French supreme court ruled that the employer is not permitted to read employee e-mail and that doing so is a “violation of the fundamental right of secrecy in one’s private correspondence even if that correspondence is conducted on the employer’s e-mail system and in violation of company policy” (Lasprogata, King, & Pillay, 2004, p. 54). Even though this case has similarities to McLaren v. Microsoft, the legal principles used to resolve the dispute were very different. Establishing a reasonable expectation of privacy is easier for employees in France than in the United States. In another recent case (2007), Copland vs. United Kingdom, Lynette Copland, an employee of Carmarthenshire College in Wales, won a judgment against her employer for monitoring her phone calls and e-mails.

Cultural Differences About Privacy

Legal systems can be viewed as a country’s formalized set of expectations for its citizens. Other values, not always so formalized, are also important when considering the appropriateness of particular practices. As argued here, employer monitoring of employees goes to the heart of critical assumptions about what types of information employers may collect about their employees. We would expect that cultural perceptions of privacy will shape stakeholder perceptions about this issue.

Milberg, Smith, and Burke (2000) tested a conceptual model on the interrelationships between cultural values, corporate privacy policies, and government regulation by surveying information systems analysts from 25 countries. Their research focused on perceptions of privacy for consumer information, which may offer some early insight into cross-cultural dimensions of employee privacy. Milberg and her colleagues reported that the United States and Japan tend to have “low involvement” or “hands off” (p. 36) tendencies for government’s role in workplace privacy; European nations tend toward more government regulation. Consequently, the United States and Japan adhere to market-based approaches to privacy, whereas in Europe government regulations are more likely. These control strategies are rooted in cultural values such as those proposed by Hofstede

(2000). Milberg and her colleagues reported that the cultural dimensions of power distance (power inequalities are acceptable), individualism (individual rights and interests tend to supersede those of a collective), and masculinity (traditional masculine values such as achievement and competition are emphasized over more feminine virtues such as caring) are positively associated with privacy concerns, whereas uncertainty avoidance (preference for unambiguous and structured situations) has an inverse association. These same dimensions also explain, in similar directions, a country’s tendency to use public policy instruments to ensure privacy interests. The findings from this research are in need of replication (particularly as related to workplace privacy) and its implications are rather complex; still, the fundamental conclusion is relevant: “[S]ocieties’ values and assumptions about privacy vary greatly” (2000, p. 53). The inclusion of survey respondents from many nations argues in favor of the study’s generalizability, though its reliance on a single professional category may be a compromising factor.

Strong implications also exist for a growing trend: global virtual teams (GVTs). GVTs offer several advantages to employers, including fast response to rapidly changing business conditions, increased ability to pool cross-functional expertise across geographically dispersed locations, and reduced travel costs (Bergeil, Bergeil, & Balsmeier, 2008). Given the dual trends of globalization and technological advancements, it is not surprising that there is a growing interest in understanding how and under what circumstances GVTs can be effective. Much of this research tends to be descriptive and rather basic in nature, but more substantial inquiries are beginning to emerge. For instance, GVTs tend to be inherently multicultural and lacking in opportunities to establish familiarity and intimacy, characteristics that are more conducive to misunderstandings among team members. In contrast, dysfunctional forms of politics and influence tactics are less prominent in GVTs than in face-to-face groups (Elron & Vigoda-Gadot, 2006). In another exploratory study, Kankanhalli, Tan, and Wei (2007) reported that GVTs that rely extensively on e-mail as the primary communication medium tend to encounter high levels of task conflict due to information overload and lack of feedback immediacy. Malhotra, Majchrzak, and Rosen’s (2007) field research suggested that confidentiality is a common norm for virtual teams and instrumental in establishing trust between members.

We have yet to see any investigations on how e-mail monitoring may influence processes or outcomes of GVTs. Will monitoring e-mails be beneficial or detrimental to these teams? The complexity of coordination and the need for accountability argue for a system where messages can be readily retrieved for verification. However, early research emphasizes the importance of establishing trust and overcoming cultural differences among members. It is likely that the nature of monitoring rather than its existence will be especially critical with GVTs. There may be benefits to allowing these teams access to media that are not subject to unfettered review by managers.

Attitudinal and Behavioral Issues Associated with E-mail Monitoring

Obviously, there are several perceived advantages for companies engaged in e-mail monitoring that may be measured in terms of increased productivity through decreased time spent on personal emails. However, there are also many disadvantages that may be somewhat indirectly associated with the bottom-line measures of increased cost and reduced productivity. For example, employees’ feelings of being degraded, stressed, and frustrated (Ariss, 2002; Zimmerman, 2002) may increase voluntary turnover rates and may lead to performance declines.

Critics argue that negative job attitudes and reduced morale are likely to result from employers’ electronic monitoring (Kemper, 2000; Tabak & Smith, 2005). Employees who are aware that they are monitored may have a difficult time getting involved and committing themselves to work, as they know that they are constantly being watched. Organizational commitment may suffer in an environment where distrust exists, leading to higher levels of stress and frustration (Tabak & Smith, 2005). Electronic monitoring, in general, may increase levels of stress at work and lower job satisfaction, and is likely to be viewed as unwelcome and intrusive (Aiello, 1993; Aiello & Kolb, 1995; Hodson, Englander, & Englander, 1999; Kallman, 1993). Many employees are also concerned that their basic rights such as privacy and due process are being violated as a result of e-mail monitoring in the workplace (Ambrose, Alder, & Noel, 1998), which may result in less engagement in organizational citizenship behaviors due to the negative impact on employees’ perceptions of privacy and fairness as well as employee resistance (Alge, 2001; Stanton, 2000; Taylor & Bain, 1999).

Initiation and implementation of e-mail monitoring systems at work may be an antecedent condition to the beginning of a decline of trust between the employees and the employer. The employer by the very act of starting to monitor essentially signals that the employees are no longer viewed as trustworthy (Tabak, 2006). Further, there is evidence that organizational monitoring reduces trust in virtual teams in that members become more watchful and nontrusting of teammates who are perceived as unreliable, engaging in more monitoring themselves (Piccoli & Ives, 2003). Hence, monitoring may erode the current levels of trust among employees as well as between management and employees, and actually create an atmosphere of mistrust (Manning, 1997).

Why is this important? Researchers through several years of empirical and conceptual research have recognized the significance of relational trust in leadership (McAllister, 1995; Tabak, 2006). There is meta-analytic evidence that trust in leadership is directly related to work attitudes of increased job satisfaction, increased organizational commitment and goal commitment, and increased satisfaction with the leader (Dirks & Ferrin, 2002). On the behavioral side, trust is significantly and positively related to organizational citizenship behaviors and performance, and negatively to intent to quit (Dirks & Ferrin, 2002).

In an electronic monitoring study, Alder, Noel, and Ambrose (2005) found that giving employees advance notice about electronic monitoring and perceived organizational support significantly and positively affected postimplementation trust. According to Alder et al.’s study, trust, measured as “organizational trust” using McAllister’s (1999) scale, also significantly affected employees’ job satisfaction, organizational commitment, and turnover intentions. Increased levels of control can then be associated with managers’ and employees’ lack of trust and may lead to employee outcomes such as increased voluntary turnover and lower organizational commitment (Tabak & Smith, 2005). There is also evidence that individual task performance declines when performance is monitored unless individuals have control over monitoring (Douthitt & Aiello, 2001). In summary, this line of research strongly supports the conclusion that it is prudent for organizational decision makers to consider these employee outcomes before implementing e-mail monitoring. Even though e-mail monitoring may lead to short-term productivity gains, decision makers need to take into account longer term effects of turnover and performance declines resulting from increased negative work attitudes as well as individual forms of resistance, such as falsely giving impressions of doing work under intense monitoring when actually no work is being done (Taylor & Bain, 1999). Last but not least, since e-mail monitoring is already so pervasive in organizations, those organizations that have such monitoring systems in place might need to reconsider the costs and benefits of continuing the practice.

Electronic monitoring can be associated with organization structure as well as management’s desire for control. For example, bureaucratic cultures and mechanistic structures may respond more favorably to electronic performance monitoring than supportive cultures and organic structures (Adler, Noel, & Ambrose, 2001). In an early work on trust and power, Luhmann (1979) explained monitoring and trust as alternative control mechanisms for organizations, which still seems to be applicable today. However, e-mail monitoring may also originate from a desire to cut costs and focus on tight controls to monitor levels of productivity. This is especially true for organizations following a cost leadership strategy in their markets (Porter, 1980). For these organizations, tight cost control requiring frequent and detailed control reports and intense supervision of labor, as well as a structured system of responsibilities, are common characteristics that could easily accommodate and justify e-mail monitoring. In fact, there is evidence that low trust in terms of expected employee performance leads to increased monitoring by employers (Alge, Ballinger, & Green, 2004).

Bottom Line: Is Monitoring Employees’ E-mails Acceptable?

The answer to this question isn’t easily available. E-mail monitoring is a complex issue. We have identified several important reasons such monitoring can be justified. But these reasons have their limits, because employer interests are only part of the picture. We have sought to provide a balanced review of the monitoring question and have advocated that initiatives aimed at monitoring employee e-mails, in particular the common “capture and retrieve” methods, should balance advantages against potential concerns.

We have summarized the important arguments on both sides of the monitoring question and presented them in Table 1. We hope practitioners and academics will find the items listed in the table useful in developing an understanding of the implications of e-mail monitoring. Again, we begin with the recognition that it is every organization’s right to protect its resources and investments and manage its workforce to achieve high performance. Employers are also obliged to follow the law in those instances where monitoring may be necessary (e.g., Sarbanes-Oxley) and when liability risks must be reduced. Correspondingly, we also share a view similar to that advocated by Freeman and Gilbert (1988): Individuals are entitled to some measure of autonomy and self-determination while at work. Organizations need not be viewed as coercive entities with interests detached from their members, but rather can be communities of persons committed to mutually supportive interactions. Idealism acknowledged, we advocate that legal acceptability is an insufficient basis to establish the unfettered legitimacy of employer monitoring of e-mail.

Table 1 reminds us that when properly introduced, personal expression and privacy represent opportunities for employers. Many organizations are experimenting with new forms of performance management that allow employees greater personal control over how, where, and when they do their jobs (Conlin, 2006). Emerging and innovative forms of social networking, more often than not driven by new technologies, encourage rethinking assumptions about individual-group-organizational linkages. The “heavy hand” of monitoring, with its focus on conformity and suppressed individuality, may be at odds with the social and economic benefits of these new technologies. It is well beyond the scope of this paper to identify all the situational factors that explain when e-mail monitoring is appropriate and when it is not. With more time and experience we look forward to the creation of a framework where such explanations are possible.

Table 1: Countervailing Factors Influencing the Appropriateness of Monitoring Employee E-mails*

Factors That Support the Monitoring of E-mails	Factors That Make Monitoring Potentially Problematic
The firm’s liability exposure is limited, because reckless employee conduct and communications (e.g., sexual harassment) can create problems.              Firms are legally responsible for employee conduct (“respondeat superior”).	Externally hosted e-mail accounts may limit organizations’ claims based on property rights and the extent of employer liability.
Monitoring assets and resources is appropriately within the organization’s domain.              Monitoring may be necessary to protect intellectual property and network security.	Employee privacy interests always exist in the work-place; some personal/nonwork communication is inevitable, and in certain circumstances it may be in the organization’s interests to protect it.
Employees’ efforts are appropriately directed. Excessive time spent on e-mail (or Internet sites) may constitute time theft.	Excessive or poorly implemented monitoring programs can become counterproductive. Reduced trust and openness and increased stress may be unintended consequences of monitoring.              Cultural values about privacy vary around the world.
In the United States monitoring is strongly supported by court rulings and interpretations of the Electronic Communications Privacy Act.              Monitoring may be legally mandated in specific instances, such as Sarbanes-Oxley compliance and financial reporting.	Legal standards about e-mail and workplace privacy vary around the world.              Legal justifications do not always ensure desired results.

*

These factors have been presented in parallel formats for the convenience of organization, not as assertions that these are well-defined continua.

A specific illustration of this point may be seen in the Smyth v. Pillsbury case. Smyth’s e-mail message was perceived to be extreme, and from a strictly legal perspective, Smyth failed to meet the necessary standards for a reasonable expectation of privacy. Yet from an ethical and behavioral perspective, we believe there is still room to consider the advantages and disadvantages of Pillsbury’s actions, particularly in light of earlier assurances of confidentiality. How exactly should other Pillsbury employees interpret this situation? Pillsbury may have justifiably terminated an employee for inappropriate and unprofessional comments, but the company very likely paid a price for doing so, and subsequent assurances, whether about e-mail confidentiality, job security, or any other matter of policy, may no longer be trusted.

Where Do We Go From Here?

Collectively, research on e-mail monitoring has shown that monitoring has significant negative effects on employee attitudes such as job satisfaction, stress, and trust. Future research should look into the mediating mechanisms that explain the link between e-mail monitoring practices at organizations and employee attitudes; such mechanisms could be individual and group cognition, and attribution processes. What does implementation of monitoring indicate to the employees? What message is being delivered? How are such practices perceived? How do characteristics of monitoring programs influence these relationships? This line of research could help managers introduce and implement such practices in ways that would alleviate employee concerns and not foster distrust.

Another beneficial area for investigation is the fit between organizational culture and monitoring practices. For example, the competing values framework (Cameron, Quinn, Degraff, & Thakor, 2006) proposes a culture typology based on the dimensions of organizational focus (internal/external) and organizational preference for flexibility/discretion or stability/control. It would be interesting to investigate whether employees in some organizational cultures are more accepting of e-mail monitoring practices than those in others. It would be prudent for managers in certain organizational cultures to show more care and attention to the type and extent of e-mail monitoring systems they choose to implement. The fit may determine the success of the initiation and implementation of monitoring systems. It will also be worthwhile to investigate how various techniques to foster ethical behavior in organizations (e.g., anonymous hotlines, employee ethics training and development) can be used to control and prevent undesirable employee behavior so that electronic monitoring becomes unnecessary.

It is also worth noting that the current class of college graduates, the next generation of managers, have spent their entire lives online. A major portion of their communication has occurred through instant messaging, texting, and social networking sites. What significance do concepts such as “privacy,” “monitoring,” and “control” hold for this new cadre of workers with hundreds of friends on Facebook? We expect that age will be an important demographic variable to consider for research in this area.

What does all this mean for practitioners? E-mail monitoring, like many other workplace programs, involves careful consideration of multiple trade-offs that can enhance yet also damage employee well-being. In parallel, organizational decision makers need to design e-mail monitoring systems based on the fit among organizational environment, technology, structure, and culture. For example, decision makers in an organic structure with a clan culture may find it more cost-effective to rely on informal methods of control such as social pressure, group dynamics, and trust than on electronic monitoring methods. Further, it might be more cost-effective for many organizations to pursue avenues designed to foster ethical behavior among employees or to combine techniques such as hotlines and training with less intrusive forms of electronic monitoring.

Finally, it is important to bear in mind how the pace of technological change continues to shape our thinking about workplace monitoring. E-mail grew in popularity in the 1990s but today is only one of many types of electronic communication. (Consider that students are likely to send e-mails when communicating with their professors, but among themselves use primarily text messaging.) The misuse of company computers is a much broader issue than simple e-mail monitoring, including nonwork-related surfing, shopping, and gambling on the Internet. The cases and scenarios described in this paper are mostly based on relatively straightforward examples of employees sending e-mails during work hours, while at designated work locations, and using company-owned computers, e-mail software and servers. In such circumstances employer property rights and the primacy of work responsibilities establish a strong legitimacy for monitoring. However, the current trend with communication technologies is toward cheaper, portable, multifunctional devices that make use of multiple access points (e.g., WiFi). We will certainly see a wider variety of corporate-issued devices enabling communication (work- and nonwork-related) to take place anywhere and anytime. These innovations will bring with them new questions for which old answers are insufficient. It remains likely that employees (particularly those in the United States) will find weak legal protections when it comes to privacy of electronic messages. Still, we emphasize that trust remains a core virtue of high-performing work environments and that privacy is a necessary component in trusting relationships. Managers, as they always have been, will be challenged to ensure the viability of their enterprises, including understanding the trade-offs between properly protecting the firm from legal liabilities and dysfunctional practices on one hand and respecting, even nurturing, the creative and occasionally chaotic contributions of a talented workforce on the other.

Source: Academy of Management.