Computers are a doubled-edged sword—a vital convenience for everyone while simultaneously a potential source of liability if used improperly by employees. Employers’ liability has expanded to the point where an employer may be liable to a third party for harm caused by an employee’s misuse of computer systems at work. For example, an employer may be held liable to a third party for failing to investigate an employee whom it suspects of using company computer systems to view child pornography. See Doe v. XYC Corp., 887 A.2d 1156 (2005). But, employers are not left helpless—every business should create and implement clear policies on employees’ use of computer equipment in the workplace. Employers must also be cognizant of how employees are using their computer systems and create a system by which computer use is monitored. At the same time, employees should be informed of such monitoring and that they will have little or no expectation of privacy when using company computers for personal matters.
In Stengart v. Loving Care Agency, 990 A.2d 650 (N.J. 2010), the court addressed the parameters of the attorney-client privilege for an employee who was using the employer’s computer system to communicate with her attorney through her personal Yahoo!© email account. The court found that because the employee had an expectation of privacy in her Yahoo!© account, she was entitled to the attorney-client privilege, despite her using the employer-monitored system. Here, a policy (and an employee acknowledgement) that notified the employee that her computer communications were not private may have helped the employer defend against the claim of privilege.
What about the use of Facebook®, Twitter©, and Instagram© at work? Employees’ use of social media raises legal issues about the outer limits of employer supervision. Some employers request login information for personal social media accounts as a condition of either obtaining or maintaining employment. But, more than a dozen states have enacted statutes regarding “social media privacy” that prohibit employers from requesting access to personal social media accounts as a condition of employment. Currently, S.B. 198 is pending before the Florida Senate, and, if the bill is made law, employers will be liable to employees for conditioning employment upon providing access to personal social media accounts. In addition, the federal Stored Communications Act, 18 U.S.C. § 2701 et. seq., could become a pitfall for employers that seek or force access to employees’ social media accounts. Any access to such an account must be authorized or must be obtained by a user for whom the information on the social media account was intended, such as a coworker who is a Facebook friend. See Ehling v. Monmouth-Ocean Hosp. Serv. Corp., 2013 WL 4436539 (D.N.J. Aug. 20, 2013). In light of these statutes, employers should avoid seeking to gain too much control over employees’ personal social media accounts.
So what should an employer do to prevent employees’ misuse of company computer systems and equipment? Some employers have managed the risks associated with company computer systems by instituting internet restrictions on the company computer system that block any attempt to access social media sites and other potentially hazardous websites. These “blocks” and attendant computer system policies explain that the employee’s attempt to access the site will be logged and further reinforce that employees have little or no expectation of privacy when using company computer systems. In addition, while employers may be restricted in monitoring the content of employees’ social media activity, employers are not restricted from creating strong policies regarding employee misuse.
In sum, supervision, monitoring, and strong policies should make internet use in the workplace more efficient and effective for both employers and employees.