by Alexander Wolfe, Editor at Large
The uproar over the Hewlett-Packard spy scandal has brought to the forefront the issue of companies spying on their own employees. Executive employees of Hewlett-Packard employed private investigators to spy on members of HP's board in an effort to determine where leaks pertaining to internal operations originated from, and they are now facing criminal charges in California. But to what extent may a company legally monitor the activities of its employees, both in and out of the work place?
Generally, employees have a reduced expectation of privacy in the work place. Public employees enjoy some protections as a result of the application of the Fourth Amendment to state and local governments, but employees of private employers have historically not received much protection of their privacy. Congress dealt with such privacy issues only incidentally in the last 1960's with the passage of a comprehensive wiretap law that essentially made it illegal to intercept communications between persons. This law was updated in 1986 by the Electronic Communications Privacy Act, which extended the protections of the original wiretap law to e-mail and other electronic communications. Because of exceptions in the law that created uncertainty of the extent to which the act regulated private employers, legislation was introduced in Congress that would not ban electronic monitoring, but would provide that employers must give notice to employees that they may be monitored while performing job-related duties. This legislation failed to make it out of committee.
Many states make provisions for the protection of an employee's privacy. Some states, such as California, recognize employee rights in the workplace where a reasonable expectation of privacy exists. However, state courts have undermined such protections in narrow readings of such an expectation as it relates to video surveillance and e-mail.
Employees who find themselves the target of monitoring or surveillance can in some instances pursue a remedy at common law for tortuous invasion of privacy. As with much state legislation, an objectively reasonable expectation of privacy is key, and even where such an expectation is found it can be outweighed by the countervailing legitimate business interests of the employer. Many employees have found this to be a high hurdle to overcome, as in a Texas case where an employee had no privacy expectation in a password protected personal folder on the company's network, or another where the employee had no privacy expectation in personal emails despite the employer's assertion that the employee e-mails would remain confidential.
Such results have led some to call for greater protection of employee privacy rights, in the form of an Employee Privacy Bill of Rights or model statutes on electronic monitoring, or drug testing. However, efforts to increase employee privacy protection at both the state and the federal level have not met with much success in recent years.