|
September 1, 2002
Passing Notes in Cyberspace:
Electronic Communication and Privacy in the Workplace
By Caylen Tichenor
As a modern education professional you pride yourself on taking every advantage of technology. One example: you keep your students' parents informed of their children's performance and behavior via Email, telling both the positives and the negatives. You believe these electronic messages are "private correspondence" sent in good faith and could not possibly have any repercussions. Don't be so sure. Another example: using the school's computer in your free time you constantly surf the Web seeking sites relevant to your lessons. But, being human, you sometimes find yourself at sites that are not so relevant. Oh, well, no one will be the wiser, right? Again, don't be so sure. In this case, what you don't know - about privacy-related issues - can hurt you.
In fact, many educators have not yet learned what business professionals have known for some time. Traditional views about what is and is not "private" don't always exist in Cyberspace. Consider what has happened in the workplace to date:
- 17% of companies surveyed have fired employees for misusing the Internet;
- 26% have handed out warnings;
- 20% have issued informal warnings.
Xerox fired 40 workers for inappropriate use of the Internet. The New York Times fired 23 workers for sending potentially offensive Email. In Arlington, Texas, a councilwoman was forced to disclose city-related messages on her personal account because she had listed it on her business card. And the list goes on.
While the Supreme Court has ruled that everyone is entitled to a "zone of privacy" (Griswold vs. Connecticut, 381 U.S. 479, 485 (1965)) they have also ruled the reality of the workplace may make some expectations unreasonable (O'Connor vs. Ortega, 1987). In a handful of cases (O'Connor; Skinner vs. Railway Labor Executives Association, 1989; United States vs. Simons, U.S. Dist. LEXIS 19646, No. 98-375-A, 1998) courts found that the rights of the individual are superseded by the rights of the organization to conduct business.
When it comes to electronic communication, the courts have found that consideration of a reasonable expectation of privacy depends on:
- Who owns the system;
- Who has access to the system;
- Whether the system is password protected;
- What policies and practices apply to the system.
In other words, if the organization owns the communication equipment/system and/or has a policy that outlines how it is monitored, the employee cannot expect a high reasonable level of expectation of privacy (Bourke vs. Nissan Motor Company, (Sup. Ct. Cal. 1991)). What's more the organization can change its policy of monitoring without prior notification to the employee (Symth vs. Pillsbury, 914 F.Supp.97 1996).
What does all this mean for the employee of a school system? Very generally it means that most communication sent out over school system property is not private or confidential. (A momentary digression is needed here. Private and confidential are not viewed by the courts as the same thing. Private means that the material is shielded from public view at the request of the owner. Confidential means the material is shielded from public view by law and is revealed only by a subpoena.).
What specific guidelines are there? Based on the court rulings listed above and others, here is a brief synopsis of technology and the privacy rights of employees.
Email/LISTSERVs
Email is one of the weakest areas when it comes to employee privacy. First of all, the courts have ruled (United States vs. Maxwell. 45 M.J. 406 (C.M.A.1996)) that messages sent to the public at large (i.e. chat rooms) or those that are sent to multiple recipients have a virtually non-existent expectation of privacy. So if an administrator implemented a policy that a teacher did not like and that teacher emailed all the other teachers in the school or even those teachers on his/her grade level, they would have no expectation of privacy with regard to who could see the message. The same is true for LISTSERVs.
Second, if the organization has in place a policy that requires the administration to monitor appropriate Email use, there is no expectation of privacy, (United States vs. Simons, op cit). The courts also ruled in Symth that an organizations' interest in preventing inappropriate or unprofessional comments override the employee's expectation of privacy.
Last but perhaps most importantly, according to the courts, the party that owns the equipment or the system owns the content. It doesn't matter whether the system owns the actual machine or just the account, or both. Either way the message does not belong to the employee.
Voicemail
The last two paragraphs also apply to voicemail. Unlike regular phone conversations which may only be monitored if they are business calls, voicemail is regarded as a "stored" medium. As such it is provided the same degree of privacy as Email, which isn't much. However like Email, there should be a written policy that deals with the monitoring issue.
Telephones
The advent of cell phones has brought about a split policy with regards to employee's expectations of privacy. According to Title I of the Electronic Communications Privacy Act (ECPA), monitoring of phone calls from traditional phones (i.e. corded models), is not allowed unless it is a business call. However calls made from cell phones are viewed differently. Because conversations on these phones may be received or broadcast to other parties, the courts ruled (United States vs. Smith, 978 F2d 171 (5th Cir. 1992), that it was not reasonable to expect privacy on these calls.
Mobile computers
More and more teachers are taking their computers home with them. In some cases these laptops serve double duty. Teachers often use them not only to do school related work but also as "personal" computers. While the courts have ruled that where there is inappropriate material stored on the hard drive of a computer, (Simons, op. cit.), employers have the right to monitor personal files, they have not made a decision as to whether other types of personal files are "private". However since courts traditionally side with the employer in cases involving privacy issues, it would not be unreasonable to assume that they would view all files on a school-owned laptop as being property of the school. Teachers would probably be well advised to store all personal files on disks rather than the hard drive of the laptop.
The purpose of this article is not to scare readers away from using communication technology. Rather it is to simply point out the parameters that exist in monitoring those communications. In reality few network administrators have the time or the energy to read every Email or to monitor every site visited. Monitoring exists primarily for the purpose of preventing or detecting inappropriate use of technology. Those employees mentioned earlier who were fired for inappropriately using their Email or Internet were not fired for shopping on the clock or for sending out greeting cards to friends and family. They were fired for engaging in behavior that was either gender or racially offensive or for using "on the clock" time to pursue personal interests. In the school setting there is a difference between a teacher who goes to Amazon.com on their school computer after school to order a Christmas gift and a teacher who hands out worksheets to students so they can follow the last few hours of an Ebay auction. By the same token, most administrators don't mind if teachers Email each other during the day. But the teacher who engages in "anti-Email," i.e. Emails that are sexually, racially or otherwise offensive certainly bears monitoring.
The other purpose of this article is to point out a common thread in many of the previously discussed court cases. In all but a few cases, the argument against the search and seizure of computer files, Emails, etc. hinged on whether notification of procedure was given and if the procedure was carried out fairly. Problems seem to arise when employees are not notified of monitoring policies and/or changes to that policy. To avoid possible problems school systems may want to engage in the following steps in planning and implementing any monitoring process.
- Discuss privacy issues with all staff. In a short 10-15 minute faculty meeting, all staff can be brought up to date on privacy laws in the workplace. This can be done utilizing the board attorney or some other qualified individual.
- Provide training sessions to demonstrate capability of general monitoring. Theodore Roosevelt said it best: "Speak softly and carry a big stick." Rather than talking about monitoring, show the staff a page of URL's that were accessed during one school day. People need concrete proof that the policy can be carried out.
- Have in place an updated "working" AUP (Acceptable Use Policy). Many schools wrote their AUP when they first received Internet Access. Working policies cover not only Internet use but also voicemail and Email use. These policies need to be covered at the beginning of each year with changes made when necessary.
- Handle monitoring notification separately from AUP. The policy outlining monitoring of electronic communications is too important to be buried at the back of the AUP. Then too, the AUP and the monitoring policy serve different purposes. The AUP is an agreement that the individual will use the electronic medium appropriately. The monitoring notice informs the user that monitoring can take place at any time. When the individual signs the monitoring policy they are not agreeing to the monitoring, they are simply indicating that they are aware that monitoring can take place.
Monitoring need not be seen as a bone of contention between the administration and the staff. Nor does it need to be viewed as an "invasive" threat to privacy. Even though electronic communications are replacing traditional communications, if teachers follow the same protocol they used in their handwritten notes or oral conversations they can be assured that their electronic "note passing" will probably be afforded the same degree of privacy they have come to expect.
Email: Caylen Tichenor
|
