Legal Perils of Employee Email

While email communication between a firm’s staff or with its clients and the public may be fast and easy, it is also potentially dangerous. Here are some tips on how firms protect themselves by regulating employee use of email and the Internet.

With the increasing use of technology in the workplace, email has become an accepted and acceptable mode of communication. It can be created easily and transmitted with virtually no difficulty, either within a firm or over the Internet. Email encourages an informality and directness of communication that is hard to achieve, even in person or over the telephone. It allows for the rapid dissemination of ideas, plans, documents, and images at a click of the mouse.

Also consider for a moment the potential problems that email can create for a law firm. For example:

• Is a firm liable when an employee sends harassing email, or downloads pornographic material from a Web site and distributes it to fellow employees?
• Can a company be held responsible if an employee sends libellous email over the Internet?
• What if an employee is angry or malicious enough to send privileged or confidential information to competitors or anonymously post such information on the Internet?
• What if an employee decides to leave a job, but only after he or she emails confidential customer or client information or trade secrets outside the firm for improper post-employment use?

The difficulties of email communication are magnified a thousand-fold because it is, in a very real sense, becoming ubiquitous and very rapidly becoming ‘the’ way to communicate, within a business or over the Internet.

Ease of Use or Abuse

The problems posed by email are very real and have resulted in very real liability for several companies. The very ease with which email can be created and disseminated appears to reduce a user’s inhibitions.

In the United States, an employer can be held liable for sexual or racial harassment perpetrated or furthered by email. There is some suggestion that prompt action to remedy a hostile atmosphere thus created may exculpate the employer. It would be dangerous for an employer to hope that it will escape liability merely because it does not know that such harassment is ongoing, especially if the probability of such harassment is foreseeable. Of course, email is just one of many vehicles by which offensive conduct may occur in the workplace. However, unlike other forms of misconduct, the average employer may have more difficulty detecting or preventing email harassment.

Some courts in the United States have held employers subject to liability if an employee with apparent authority libels a third party or inflicts trade disparagement in the furtherance of his or her employer’s business. The problem for an employer who permits a large number of employees to send out email over the Internet from a company Internet server or from a company computer, lies not just in the fact that employees may be viewed as clothed with apparent authority. If an employer also maintains a Web page, Internet email that travels across international boundaries may potentially subject an employer to the jurisdiction of foreign courts, with all of the difficulties and costs that inevitably attend the defence of an action far from the employer’s home jurisdiction.

If an angry employee publishes confidential information anonymously over the Internet, or sends it to a competitor, the information loses its confidential protection and becomes part of the public domain. Obviously, given the sophistication of today’s Internet email systems, confidential information and trade secrets can be easily shared with unauthorised third parties.

Protecting Against the Misuse of Email

Email abuse can and will occur. Unfortunately, guarding against such abuse is not easy. There will be a growing inter-relationship between internal, or ‘intranet’, email systems and Internet email systems in the years ahead, especially if companies such as Microsoft have their way. The potential will soon exist for an uncomfortable transparency between an office environment and the Internet. Therefore, regardless of how firms police the email activities of their employees, they must exercise considerable caution in implementing new technological solutions that permit their employees extensive access to the Internet.

One possibility, would of course be to prepare a protocol or acceptable use policy on employee email and to explain to employees the dangers of and to extract undertakings from them to refrain from unlawful/unacceptable activities. Where an employee is given his/her personal account number, he will be held responsible for any outgoing and incoming email and this should be made clear to him. A password protection feature may be introduced on a single-user basis. 

Examples of acceptable uses

1. Respect laws and legal protection accorded to programs and creative content and data by legal principles of copyright.
2. Protect data from unauthorised use or disclosure other than as required by law.
3. Respect the integrity of computing systems.
4. Only use email facilities for matters appropriate and incidental to the employee’s offical assignments and job responsibilities.
5. Report any observations of security violations.

Examples of unacceptable uses

1. Transmitting any message or material that is unlawful, obscene, harassing, threatening, offensive, abusive, libellous, seditious or encourages conduct that may constitute a criminal offence.
2. Transmission, distribution, storage, use or publication of any information data or material in violation of any law.
3. Activities unrelated to the firm’s business or to the employees’ official assignments and/or job responsibilities.
4. Interference with or disruption of any network or network use, service or equipment.
5. Any activity meant to foster or lead to the personal gain by any person.
6. Revealing or publicising proprietary, privileged or confidential information.
7. Representing personal opinions as that of the firm.
8. Sharing of passwords or accounts with others.
9. Sending of chain letters.

And one last reminder: email is still considered an unsecured form of communication as with the right skills, a third party can intercept and read them!