Not a Member? Get access to HR news and resources that you can trust.
HR professionals can play a key role in creating business efficiency—starting with their own department.
Is your employee handbook ready for the New Year? With SHRM’s Employee Handbook Builder get peace of mind that your handbook is up-to-date.
Get the HR education you need without travel expenses or time out of the office.
We don't just visit a city, we take it over. Join us in NOLA -- June 18 - 21, 2017.
Employers can take steps to shield themselves from privacy claims
E-mail privacy is at issue in a bill before Congress.
A bill to protect individuals' electronic communications passed unanimously in the House of Representatives but has stalled in the Senate, even though it has much bipartisan support. The E-Mail Privacy Act passed the House April 27 but hasn't budged in the Senate since then. The bill would require state and federal government agencies to obtain a warrant to access the contents of any e-mail from third-party service providers, like Yahoo and Google. Its application to employers and the e-mail systems they provide is not clear, said Joseph Lazzarotti, an attorney with Jackson Lewis in Morristown, N.J.Pamela Ploor, an attorney at Quarles & Brady in Milwaukee, said the legislation would not offer employers any more protection than exists now. However, Lazzarotti said, "Let's see how the legislation develops.""The reality is that the vast majority of employers, when faced with a formal or informal request for e-mail from a government entity, are likely to voluntarily comply with such requests," said David Gevertz, an attorney with Baker Donelson in Atlanta. Employers complying with government requests for e-mail can take steps now to shield themselves from privacy claims.
Bill Would Require Warrants
The act would require government agencies to obtain warrants to access any e-mail or other electronic communications, no matter how old the communications are. "Currently, government entities can obtain any of these communications that are more than 180 days old by obtaining a subpoena or court order," Gevertz noted. A warrant is required only to access e-mail in remote storage that is unopened and stored for 180 days or less.The legislation would require government entities to obtain a warrant to access older e-mail. It also would require any law enforcement agency within 10 business days after receiving the contents of a customer's communication, or any other government agency within three business days, to provide a customer with a copy of the warrant and notice that the information was supplied to the government. "There is a great deal of bipartisan support for this act," Gevertz said. "This is largely because the Electronic Communications Privacy Act (ECPA) is antiquated. When it was enacted in 1986, e-mail was not a part of everyday life for most people, and there was no real effort to preserve these messages for any length of time." Fast forward to today, and e-mail makes up a significant portion of day-to-day communication, he noted. "There has been a push in recent years to amend the ECPA in order to protect electronic communications from being obtained with no strong safeguards in place," he added."Unlike a subpoena, a warrant requires the government to show 'probable cause' to obtain the requested electronic information and involves review by a court or magistrate," Ploor said. For all of the legislation's support, the Securities and Exchange Commission (SEC) opposes the bill because it would make investigations more difficult, she observed.The act would slow down enforcement activities by other agencies as well, such as the Federal Trade Commission, Lazzarotti said. "Sen. Chuck Grassley [R-Iowa] seems to be sympathetic to those concerns," he noted. Grassley chairs the Senate Committee on the Judiciary, where the bill has been referred.
Steps Employers Can Take Now
Employers may require the government to comply with the ECPA before access is granted to employee e-mails, Gevertz said. Employers should state that employees ought to expect no privacy on the company's system, Ploor stated. "They also should make explicit that the company reserves the right to review and to disclose e-mail and other electronic communications to third parties, including law enforcement, when necessary to ensure compliance with its own policies and the law," she said. "Some employers have faced privacy claims when they have voluntarily turned over child pornography on their systems to law enforcement. Policies like those just mentioned make clear that employees have no privacy expectation on the company's system."
You have successfully saved this page as a bookmark.
Please confirm that you want to proceed with deleting bookmark.
You have successfully removed bookmark.
Please log in as a SHRM member before saving bookmarks.
Your session has expired. Please log in again before saving bookmarks.
Please purchase a SHRM membership before saving bookmarks.
An error has occurred
Recommended for you
Join SHRM's exclusive peer-to-peer social network
SHRM’s HR Vendor Directory contains over 3,200 companies