Scenario 1: An employer finds several of its employees have used the company’s email system for months to circulate racial and ethnic jokes and sexually-oriented pictures found on the Internet. The employer fears these items could be used against it in a sexual or racial harassment suit alleging a hostile work environment. The company fires the employees. They sue, alleging the employer invaded their privacy by monitoring their e-mail. Will they win? Probably not, but the outcome may depend in part on what the employer has done to inform them that company e-mail is not private. Scenario 2: Same as above, except here, the employer first learns of the specific e-mails when other employees sue the company for race and sex discrimination. The plaintiffs claim the employer knew or should have known about pervasive misuse of its e-mail system to circulate these derogatory jokes and sexual pictures. The employer tries to “put the genie back in the bottle” by firing the employees who circulated the e-mails. The discrimination plaintiffs demand broad-ranging discovery into all the company’s e-mails, including archived and supposedly “deleted” e-mails. Did the employer act too late to avoid liability in the discrimination lawsuit? Has the employer now whipsawed itself into facing suits by the discrimination plaintiffs and the terminated e-mail abusers? One thing is certain: The employer will spend a lot of money just in sifting through (possibly even reconstructing) and producing its reams of e-mails in litigation discovery. These two scenarios are composites of situations faced at various companies. Here’s a third one, involving a current case in the Southland: An employer provides an executive with a computer at his desk and another for him to use when working from home. A few months later, the employer finds the office computer has pornography on it, and terminates the executive. He sues, alleging he was fired because valuable stock options he held were about to vest. He claims the porn on his computer came from sites that “just popped up” while he was working. The employer’s counsel, seeking to establish a pattern of the executive having accessed pornographic web sites, demands he turn over the home computer. The executive refuses, saying it contains personal information such as his tax returns that he has a right to keep private. That won’t wash, will it? Again, probably not – but that case is still pending. In the rapidly developing world of the technology-enhanced workplace, the law is having a hard time keeping up, especially in the realm of employers’ rights to inspect, monitor, and control their workplace, versus employees’ asserted privacy rights. The issue is one of growing concern, not just because of the potential for lost productivity as employees ogle porn sites or manage fantasy sports teams on company time. The courts over the past several years have expanded the circumstances in which employees’ personal use of company computers and e-mail systems can expose employers to civil or even criminal liability. Traditionally, a employer has been held liable for acts committed by employees that are within the “scope of employment” or in furtherance of the employer’s interest. A trucking company, say, could be liable if one of its drivers got drunk and killed someone with a company truck in a road accident. On the other hand, if the driver took the company truck to his estranged wife’s home and shot her, the company should not be liable, as long as it had no reason to believe he would do that. More recently, however, courts have not predictably applied the standard that the employee be acting to further the company’s interest. Virtually any activity involving company facilities or equipment can create liability if it can be shown that the company knew or should have known about it. In the electronic realm, the existence of backup files containing e-mails, logs and pages accessed on the Internet can be enough to argue the company should have known. Thus, firms can be exposed to liability for everything from sexually or racially harassing e-mails, to the display of pornography on computer screens, to a day-trading employee’s attempt to manipulate a share price by sending false information to an online bulletin board or chat site. On the other hand, the courts also have given employers fairly broad protection against claims of invasion of privacy in monitoring employees’ e-mails and use of company computers. The catch: Employees first must be made aware that their computer use is subject to monitoring. In a case closely tracking Scenario 1 above, the court decided the employer had a legitimate business interest in firing the employees because they were creating a potentially hostile work environment for other employees. The court also relied heavily, however, on the company’s written e-mail policy, which said e-mails were to be used for business purposes only. In the third scenario above, in which the executive withheld the computer he had taken home, the trial court initially upheld the man’s argument and refused to order him to produce the computer. A Los Angeles court of appeal overturned that ruling earlier this year, finding that the executive did not have a “reasonable expectation of privacy” (the legal standard for invoking privacy protection) because he had signed the company’s computer-use policy, which clearly stated the company could and would monitor use. The court of appeal also said personal information such as tax returns could be the subject of a protective order accompanying the order to produce the computer, to bar that information from being copied or distributed by the company attorneys. So, what can employers do to protect themselves while not stepping across the invasion-of-privacy line? If an employer provides Internet or e-mail access to employees, that access should be conditioned upon employees’ documented acceptance of a clear company policy that: 1) states that the access is to be used for business purposes only, and that any harassing or offensive communications are strictly prohibited and could result in disciplinary action, including termination. This will help reduce liability as well as make employees aware of the proper use of the Internet and e-mail, cutting down on lost productivity. 2) states that the employee’s use is subject to monitoring and review. 3) is in writing and effectively communicated to employees. An employer’s best protection is to have employees sign copies of the policy in which they acknowledge they have read and understand it, and include those in their personnel files. As added protection, some employers install a pop-up or pre-logon screen that re-notifies users of the company’s policy each time they turn on the computer. 4) is strictly enforced. Employers should take action promptly (and even-handedly) if they detect improper or illegal computer use. These steps can help shield employers from invasion of privacy lawsuits while giving employers the tools to nip in the bud activities that could expose the company to civil or even criminal liability. Jim Morris is a partner in the Labor and Employment Department at Rutan & Tucker LLP, representing management. He can be reached at (714) 641-5100 or by email at email@example.com.