WORKPLACE MONITORING and CORPORATE SURVEILLANCE
Case Written by MBA Student
November 8, 2006
II. Workplace Monitoring and Corporate Surveillance
In today’s global business environment, corporations are seeking novel
alternatives in their pursuit to remain competitive, thus new and innovative monitoring
tactics, that may be viewed as flying in the face of ethics, are being employed.
Employers are forced to ensure employee productivity, which may be compromised if an
employee is distracted by other influences. To that end, employers are watching their
employees at work. “When the stakes are high enough and tools are accessible, people
are going to use them,” says Peter Earnest, executive director of the International Spy
Museum in Washington, D.C. who spent 36 years working for the Central Intelligence
Agency. He adds, “75% of employers monitor their workers.” (Clark, 2006). Of interest
is that banks, brokerages, insurance, and real estate firms lead the pack when it comes to
monitoring their employees’ at work activity (American Companies Increase use of
Electronic Monitoring, 2006).
Observations can occur in a variety of forms ranging from performing
surveillance; monitoring e-mail, voice-mail, instant messaging, and Internet usage; and
criminal background checks to name a few of the conventional forms of corporate
snooping. “Employers want to be sure their employees are doing a good job, but
employees don’t want their every sneeze or trip to the water cooler logged. That is the
essential conflict of workplace monitoring.” (Employee Monitoring: Is There Privacy in
the Workplace? 2006).
Employers concerned with protection of trade secrets and proprietary information
are not only watching employees they are also watching moves of competitors (Peticolas
and Heslin, 2006). A recent article in Business Week, entitled Corporate Snoops, points
out what a challenging issue this has become as illustrated when a pharmaceutical analyst
for Bank of America Corporation hired a private investigator who uncovered the
Canadian drug maker, Biovail Corporation had removed office garbage in an attempt to
determine if evidence had been destroyed relevant to pending litigation (Orey, 2006).
Watching the behaviors of employees and investigating potential snooping into
the business of competitors brings up several privacy issues where existing case law is
being challenged and looked upon differently in light of today’s high-tech business
society. This paper will discuss the current state and address the prominent aspects
relating to ethics and privacy, legal considerations, public relations, and actionable
solutions to this ever-increasing global issue of workplace monitoring and corporate
Current State of Affairs
Most companies employ methods of pre-employment background checks but
what about other approaches to investigations after an employee is hired? Employees are
not hired to tend to personal Internet and e-mail matters – they are hired to perform
certain tasks in exchange for compensation (Beaver, 2002). E-mail or Internet usage that
may be offensive, sexually explicit, derogatory to a protected class, or in opposition to
the business mission, are being watched closely and on a frequent basis. Furthermore,
studies show that companies are losing major bucks, time, and resources on non-business
based computer usage (Beaver, 2002). Companies are very nervous as pointed out by
Louis Obdyke of SHRM, “Computers and electronic business methods have resulted in a
drastic increase in work related privacy litigation.” (Obdyke, 2002).
Organizations vary and union affiliation is just one of the aspects that must be
considered when implementing a monitoring system. Under a collective bargaining
agreement, the National Labor Relations Board (NLRB) mandates that searches be
collectively bargained for (Thelen, 2005). Thus, an employer at a unionized shop cannot
implement surveillance or searches without union notification and an agreement by the
parties to proceed has been reached.
An example of this occurred in 1998 when an administrative law judge ruled
Anheuser-Busch, Inc. unlawfully failed to bargain with the union over the installation and
use of cameras and unlawfully denied the union access to information about the cameras
use and installation. The NLRB upheld this decision. Subsequently, Anheuser-Busch,
Inc. appealed claiming the use of cameras did not impinge on employee privacy rights.
The company also argued that bargaining for camera use would undercut its legitimate
need for prompt surveillance. The court disagreed and the original decision was upheld
(Thelen, 2005). This case has been, and continues to be, quoted in unionized
organizations as companies attempt to continue furthering their use of employee
monitoring systems. This decision added to the difficulty collective bargaining efforts
have already encountered.
On the contrary, non-union, private sector employers have the ability to conduct
searches as long as there is a legitimate business reason to do so. However, in both cases
it is an excellent idea to have a well-communicated policy in place that explicitly defines
what the employee can expect regarding work place investigations and monitoring
To complicate matters, monitoring could become mandatory. According to
Douglas Towns, an employment attorney in the Atlanta Office of Jones Day states, “I
envision a claim against an employer charging that had they monitored, they would have
foreseen that an event would have happened.” (Verespej, 2006).
Corporations are desperate to get the facts. They want to know, who is leaking
my company’s secrets? Why is this person attacking my reputation? When is my
competitor releasing its new product? Where are my goods being counterfeited?
Corporations are unable to get the answers to these questions through ordinary means
(Orey, 2006). Thus, private investigators fulfill this need and are not afraid to employ
unconventional methods such as dumpster diving, fictitious interviews, and infiltration or
shadowing to get the information they are hired to obtain. To amplify the situation,
globalization has increased the demand for investigation services due to a heightened
need for proprietary information in far-flung locations (Orey, 2006).
Going to such lengths to obtain surreptitious information, is clearly a problem
difficult to defend. Even though it seems this practice is becoming the norm, any firm,
big or little, is taking a chance when a corporate detective is hired (Orley, 2006).
Contrary to what most would believe, as stated by Alex Kline, a solo investigator in San
Francisco, who has worked for a number of larger agencies, “Many private investigators
are not aware of the many legal, ethical, and public relations traps that surround big
companies and that detectives frequently come from law enforcement where it is alright
to lie in trickery to obtain wanted information.” (Orley, 2006).
In point, everyone is aware of the Hewlett-Packard Corporation controversial
investigation to find press leaks where “pretexting,” or posing as a customer to obtain
directors’ home phone records, occurred (Burrows, 2006). This form of spying created
much strife at Hewlett-Packard during a time when profits were dramatically decreased
under the reign of CEO, Carly Fiorina who was later ousted in February of 2005. As a
result of the investigation, several members of the board of directors were driven out and
the non-executive Chairman, Patricia Dunn and the newly appointed CEO, Mark Hurd
were ordered to testify before a congressional subcommittee; however, Ms. Dunn left the
board in the interim period (Burrows, 2006). Contrary to what you would expect, Mr.
Hurd remained the CEO in the midst of these investigations leaving many questions
unanswered as to why he did not assume more responsibility in his capacity (Tchen,
Another example of corporate investigations involves William McGuire, CEO of
UnitedHealth Group, who will step down in December of this year as a result of a recent
inspection by a law firm of stock options that were backdated to maximize his personal
gain (Maurer, 2006). Even though Mr. McGuire’s holdings will be re-priced, this form of
activity has brought confidence levels to a low (Baxter, 2006). This is just another
example of what lengths corporations will succumb to ensuring shareholder interest is
protected. These issues stir many questions regarding ethics and privacy, legal
considerations, and public relations of the firm.
Ethics and Privacy
Unnecessary investigations create poor employee morale and employers that
target certain employees or groups of employees may expose themselves to
discrimination claims. In addition, if an employer targets a camera on one workstation, a
court may find the use of such selective surveillance to be overly intrusive (Can We Use
Video Surveillance to Monitor Our Employees? 2006).
So how does ethics and privacy play into the complicated issue of workplace
monitoring and corporate surveillance? This topic has been debated and many employees
surprising have a heightened expectation of privacy than an organization is legally
obligated to afford. On the contrary, most companies agree that it is not appropriate to
install cameras in areas such as bathrooms, dressing rooms, and locker rooms (Can We
Use Video Surveillance to Monitor Our Employees? 2006). Is this where the line should
be drawn, or is this an extreme example?
Many ethical issues are being compared to those of the European Union where
monitoring is only legitimate in exceptional circumstances, such as when an employee is
suspected of criminal behavior (Computer Monitoring often Not Acceptable Outside U.S.
2006). Thus, monitoring employee computer activity in regard to privacy is an issue
being compared globally and hotly debated by the American Civil Liberties Union and
the National Work Rights Institute (Employee Monitoring: Is There privacy in the
Workplace? 2006). This contradiction proves opinions are split on this issue globally.
Since September 11, 2001, companies are focused on security of their working
environments, which in turn has affected laws that govern employee privacy. As a result,
Congress passed legislation significantly broadening the scope of federal electronic
surveillance laws by adding terrorism offenses, computer fraud, and abuse offenses (USA
Patriot Act, H.R. 3162).
Other than this most recent legislation, the two main restrictions on workplace
monitoring are the Electronic Communications Privacy Act (ECPA) (18 U.S.C. § 2511
et. seq.) and common law protections against invasion of privacy. The ECPA is the only
federal law that directly governs the monitoring of electronic communication in the
workplace. It was passed in 1986 as an amendment to the federal Wiretap Act. Whereas
the Wiretap Act restricted only the interception and monitoring of oral and wire
communications, the ECPA extended those restrictions to electronic communications
such as e-mail (Leonard and France, 2003). In simplest terms, the ECPA prohibits
intentional monitoring unless the employer can show a business purpose exception,
which permits monitoring oral and electronic communications as long as the company
can show a legitimate business purpose for doing so. The second is the consent
exception, which allows employers to monitor employee communications provided they
have employee consent (Leonard and France, 2003).
Privacy of corporate surveillance is more complex. There are no specific laws
against pretexting, for example, but that does not mean it’s not illegal. Without a
subpoena, a warrant or permission from the customer, the only way legally to obtain
personal records is to dig through someone’s trash, according to a spokesman with the
California attorney general’s office, which is investigating the Hewlett-Packard case
(Clark, 2006). In addition, as earlier stated, investigators are not entirely aware of the
legal, ethical, and public relations traps that surround big companies (Orley, 2006).
Companies must keep this aspect in mind when considering corporate surveillance, as
legal liability could become insurmountable in a very short period of time.
Another law that may be violated in situations of corporate surveillance is the
Sarbanes-Oxley Act of 2002. This federal law was passed in response to a number of
major corporate and accounting scandals including over inflation of stock prices
(Wikipedia, 2006). For example, in 1999, an employee of PairGain Technologies, Inc.
was charged with securities fraud for disseminating a false report that said PairGain was
being acquired for double its value (Leonard and France, 2003). That had the effect of
inflating the company’s stock price, which is a direct violation of Sarbanes-Oxley.
While guarding against a variety of risks, employers must be aware of the legal
restrictions that govern methods of workplace monitoring. Many employers might be
tempted to adopt an “ignorance is bliss” approach toward such employee misconduct;
however, under the doctrine of respondeat superior, an employer is legally responsible for
employees’ wrongful acts done within the scope of their employment even if the
employer was unaware of the misdeeds. A monitoring program alone will not necessarily
insulate an employer from discrimination or harassment claims, but it can be an effective
way of keeping track of employee misconduct (Leonard and France, 2003). This is why
it is so important that an effective plan is widely disseminated to all affected employees.
In addition, the ECPA contains a loophole that may limit employer liability for
electronic communications, which applies expressly to the transmission of such
communications and does not include the electronic storage of such communications.
Therefore, courts have distinguished between monitoring electronic communications
such as e-mail messages while they are being transmitted versus viewing e-mails while
they are in storage. Viewing stored e-mails is similar to searching through an employee’s
papers and files. Several courts confronting this issue have found that monitoring
electronic communications after transmission does not run afoul of the ECPA (Leonard
and France, 2003). Hence, the ability to distinguish status of transmissions is essential.
The ECPA merely sets the minimum restrictions on employee monitoring, thus,
individual states are free to impose greater limitations. Minnesota, Statute § 626A.02
states: It is legal for a person to record a wire, oral or electronic communication if that
person is a party to the communication, or if one of the parties has consented to the
recording – so long as no criminal or tortuous intent accompanies the recording (A
Practical Guide in 50 States and D.C., 2003). To prevail on a related claim, an employee
must assert a right to privacy with respect to the information being monitored. This is yet
another reason for employers to make it clear to employees that they have no expectation
of privacy when using the company’s information systems.
The federal Wiretapping Act prohibits the interception of stored voice-mail
messages, as well as live telephone calls. However, employers may engage in legal
surveillance of oral telephone communications if they do it in the ordinary course of
business. This exception is particularly important to employers who maintain
telemarketing or customer service operations because of their particular interest in
ensuring quality control. Other legitimate reasons to monitor calls include protection of
trade secrets and ensuring compliance with noncompete agreements. In all cases where
the employer feels a compelling business need to monitor calls, the best practice is to
obtain the employee’s advance written consent. The EPCA provides that the moment an
employer realizes a telephone conversation is personal in nature, the employer must stop
listening. Even employee consent probably will not suffice to protect the employer,
unless the employee specifically consents to unlimited monitoring of both business and
personal calls (Leonard and France, 2003).
Employees and corporations must be aware of the implications of the law the
statutes cover. Violations are punishable by a fine of not more than $20,000, and a term
of five years in prison or both (Hidden Cameras, Hidden Microphones – MN, 2006).
Unnecessary eavesdropping can create poor employee morale (Leonard and
France, 2003). This is why employers must be able to justify any such monitoring as
protecting the legitimate interests of the business. It is important to communicate this
widely to all involved employees so they understand that monitoring is being done for the
good of the company as a whole and for the general protection of the workforce. In the
absence of communicating these reasons, employees are likely to assume the company
doesn’t trust them as individuals, which, in turn, will detract from employee morale and
diminish loyalty to the company. Ultimately, negative publicity such as this will further
erode employee and consumer confidence in the product or the corporation under
scrutiny. As a result of this negative publicity, the corporation may ultimately be faced
with the possibility of eroding stock prices as well.
These issues force employers to become proactive. To comply with the legal
restrictions governing employee monitoring, employers must establish and disseminate to
employees a clearly written notice that their e-mails, Internet usage, and telephone calls
are subject to monitoring, without any further warning (Leonard and France, 2003). Even
without a monitoring policy in place, an employer should state expressly that it is not
obligated to monitor employee communications. Otherwise, employees may claim that
the company failed to protect them if harmful or offensive conduct occurs and the
employer fails to catch it through monitoring. The following should be considered when
developing a computer and telephone policy (Leonard and France, 2003):
Specify what information systems are governed by the monitoring policy (i.e.
e-mail, Internet, telephone calls, voice mail, instant messaging) and inform
employees that monitoring can occur without further notice.
Establish that the company’s computer and telephone systems are the property of
the company, albeit the fact that employees have their own passwords for
accessing the systems.
Specify that employees should not maintain any expectation of privacy while
using the company’s computer or telephone.
Specify that the company’s computers and telephones are generally intended for
Prohibit the transmittal or downloading of material that is offensive,
pornographic, obscene, profane, discriminatory, harassing, insulting, derogatory,
or otherwise unlawful.
Prohibit the transmittal or dissemination of the company’s confidential
information or trade secrets to any outside source.
Explain to employees that all communications and files are subject to employer
monitoring, and that the employer has access to all such files, even those files that
the employee has deleted from the system.
Inform employees that any unauthorized usage of the company’s information
systems can result in discipline up to and including discharge.
Implement any disciplinary action taken pursuant to this policy fairly and
consistently to avoid claims of discrimination.
Require all employees to sign a written acknowledgement that they have read and
understand the policy, and agree to abide by its terms as a condition of
employment with the company.
Approaching the issue of monitoring with sensitivity to employee privacy rights
will help alleviate the employee discontent that often accompanies workplace monitoring.
Further measures that are being investigated include monitoring employee activities and
whereabouts through the use of global positioning systems (GPS); which will certainly
raise many new and interesting privacy, ethical, and legal considerations (Verespej,
“Keep in mind, monitoring is not a substitute for good management practices,”
according to Lewis Maltby, president of the National Workright Institute in Princeton,
New Jersey. Malbty further stresses, “Employers would be better served in the long run
by removing the emphasis from monitoring and employ management practices that
monitor the quality of the work their employees are producing.” (Verespej, 2006).
Another helpful hint is to keep in mind that policies on employee monitoring are
much easier to integrate as early on as possible in the life of your company because it is
only human for employees to resist giving up their “privacy” once they’ve had it for a
while. Establish trust, and let your employees do their jobs with the knowledge that if
they do something that you define as unacceptable, there will be consequences. This
way, employees will know what to expect. Until the courts sort it all out, it is up to each
individual company to decide where to draw the line as employers should have the right
to decide how their own property is used (Beaver, 2002).
III. Case Questions
1. In a union shop, what convincing ethical arguments would you (the company)
offer in bargaining for a system to monitor employee activity in the workplace?
2. When implementing a policy to monitor employee e-mails, Internet usage and
telephone calls, what is the best process to disseminate information to the
workforce? Remember, in the future you may have to defend this was done.
3. If you were in a management position within a company, and you became aware
of a violation of the e-mail policy, but the offender was your distant relative, how
would you handle this? Remember, the company has a zero tolerance policy.
4. When confronted by an employee comparing the privacy laws in our country to
that of the European Union, what ethical arguments could you make to defend the
current privacy laws in either country?
5. Do you see any plausible argument why members of the board of directors,
including the CEO, should not be required to follow monitoring policies?
6. Do you think the board of directors and the CEO should have to disclose more
about their private lives and their personal expenditures?
7. Since dumpster diving is not illegal, can you think of any possible situation where
it is acceptable?
8. Overall, do you agree there are times when surveillance is appropriate or do you
believe it is an unacceptable invasion of privacy?
9. What would you do if you had strong suspicions that your company was being
snooped upon by a competitor?
10. What other proactive measures could a company employ to discourage violations
of monitoring policies or other corporate snooping?
IV. List of Sources
A Practical Guide in 50 States and D.C. (2003). Can We Tape? 1-5.
American Companies Increase Use of Electronic Monitoring: AMA Calls on
Employers to Raise Level of Dialogue with Employees (2006). American Management
Association, 1-2. <http://www.amanet.org/research/specials/elecmont.htm>
Baxter, A. (2006). McGuire Out at UnitedHealth Amid Options Scandal.
Minnesota Public Radio, 1-2.
Beaver, K. (2002). Where Do You Draw the Line On Employee Monitoring?
Risk Management Strategies, 1-5.
Burrows, P. (2006). Controlling the Damage at HP. Business Week, October 9,
Can We Use Video Surveillance to Monitor Our Employees? H.R. Solutions.
H.R. Magazine, October, 2006. 46.
Clark, H (2006). Are You Being Watched at Work? Companies Relying on
Surveillance From the Cubicle to the Boardroom. MSNBC, 1-4.
Computer Monitoring Often Not Acceptable Outside U.S. (2006). H.R.
Technology Library – Privacy and Security. SHRM Home Report, 1-4.
Electronic Surveillance Laws (2006), Laws and Enactments. The USA Patriot
Act, H.R. 3162, 1-5. <http://www.ncsl.org/programs/lis/CIP/surveillance.htm>
Employee Monitoring: Is There privacy in the Workplace? (2006). Fact Sheet 7:
Workplace Privacy, 1-5. <http://www.privacyrights.org/fs/fs7-work.htm>
Hamm, S. (2006). Good Timing, Carly. Business Week, October 2, 2006. 32.
Hidden Cameras, Hidden Microphones in Minnesota (2006). At the Crossroads
of Journalism, Ethics, and the Law, 1-3.
Leonard, D.C. and France A.H. (2003). Workplace Monitoring. Balancing
Business Interests With Employee Privacy Rights. SHRM Legal Report, 1-6.
Maurer, H. (2006). News You Need to Know, Options Watch. Business Week,
October 30, 2006. 32.
Obdyke, L. (2002). Searches and Surveillance in Today’s Workplace. SHRM
White Paper, 1-3.
Orey, M. (2006). Corporate Snoops. Companies Everywhere are Using Pros to
Dig Up Dirt. Business Week, October 9, 2006. 46–49.
Peticolas, S. and Heslin K.R (2006). Electronic Communications in the
Workplace: A New Challenge in Employment Law. SHRM Legal Report, 1-5.
Tchen, H. (2006). What About Those Leaky Board Members? Business Week,
October 30, 2006. 20.
Thelen, J.B. (2005). Employers Must Bargain Over Use of Hidden Video
Surveillance Cameras, 1.
Verespej, M. (2005). Who Should Be Monitoring Your Employees’ Messages?
SHRM Home Report, 1-2.
Wikipedia (2006). From Wikipedia, the free on-line encyclopedia. Redirected
from Sarbanes oxley, 1-9. <http://en.wikipedia.org/wiki/Sarbanes_oxley>
V. Additional Information
Employees who have sued their employers for invasion of privacy based on e-
mail monitoring generally have not enjoyed much success. Below is a selection of
relevant cases that clearly illustrate that point:
Monitoring E-mail Communications
Smyth v. Pillsbury. In the case of Smyth v. Pillsbury, a Pennsylvania federal
court concluded that no reasonable person would consider an e-mail interception as a
highly offensive violation of privacy. The employee sent unprofessional comments to his
supervisor via the company’s e-mail system. Specifically, the messages threatened that
the employee would “kill the backstabbing” colleagues, and referred to a holiday office
party as the “Jim Jones Kool-Aid affair.” The employer intercepted these e-mails and
fired the employee who sent them. The court determined that the company had a
business privacy interest. This employer-friendly ruling is especially compelling given
that the employer had no written policy regarding employee monitoring and had informed
employees that all e-mail communications would remain confidential and privileged
(Leonard and France, 2003).
Bourke v. Nissan Motor Corporation. Likewise, a California court concluded
that Nissan’s employees did not have a reasonable expectation of privacy when sending
workplace e-mails. Nissan reviewed e-mail messages of a personal and sexual nature
between two employees and ultimately terminated one of the two. The other employee
voluntarily quit after receiving a final warning regarding her performance. The two
employees sued for, among other things, invasion of privacy and violation of the ECPA
because Nissan had monitored and reviewed their e-mail communications. The court
noted that the employees had signed a computer registration agreement that limited their
use of the computers to company business, and that they were aware that their e-mails
previously had been read by individuals other than the intended recipients. Given these
circumstances, the court concluded that the employees’ expectations of privacy were not
reasonable and dismissed the case before trial (Leonard and France, 2003).
Monitoring Internet Usage
Continental Airlines. In the late 1990s, a female employee sued Continental
alleging that postings on a company-affiliated electronic bulletin board created a gender-
based hostile working environment. The female pilot’s male counterparts posted
messages that she claimed disparaged her female status – one message in particular
referred to her as a “feminazi.” The pilot’s lawsuit claimed that Continental had failed to
take appropriate measures to stop the discriminatory Web postings. The New Jersey
court first grappled with the issue of whether an electronic bulletin board maintained by
an outside company could serve as a basis for a workplace harassment claim, but the
parties settled the case before the New Jersey court could definitely answer this question
(Leonard and France, 2003).
Monitoring Telephone Calls and Voice Mail
Sanders v. Robert Bosch Corp. Bosch Corporation, an employer doing business
in South Carolina surreptitiously recorded all employees’ calls, including their personal
calls, 24 hours a day, seven days a week. An employee sued alleging that the employer’s
unlimited monitoring of calls violated her rights under the federal wiretapping law. The
employer defended its practice on the ground that the monitoring of calls violated her
rights under the federal wiretapping law. The employer defended its practice on the
ground that the monitoring was in response to bomb threats. However, the court
concluded that such a measure was drastic and not properly tailored to address the threat
issue. Therefore, the business purpose exception was inapplicable (Leonard and France,
Watkins v. L.M. Berry & Co. Berry and Co., an Alabama employer had
listened to an employee’s entire telephone conversation, even though the employer had
quickly realized that the employee was talking to a personal friend about social topics.
The court in Watkins interpreted the business purpose exception to mean that an
employer may monitor an employee’s telephone call up to the point that it determines
that it is personal in nature, and then the employer must cease (Leonard and France,
Copeland v. Hubbard Broadcasting, Inc. Under state court interpretations,
when an employee of a local television station secretly videotaped a veterinarian treating
a pet in a private home for an investigative news report, the station did not violate the
wiretapping law because its employee was a party to the communication and it had no
tortuous intent. Regardless of the fact that allegations of tortuous trespassing existed, the
court found the station’s intent was commercial, not tortuous (A Practical Guide in 50
States and D.C., 2003).
Clearly these cases point out how complicated the issues of workforce monitoring
and corporate surveillance are. The importance of well-developed policies cannot be
overstated. Of equal importance is that policies are disseminated to the workforce in an
understandable manner and contain an exception in the form of an express statement that
the employer is not obligated to monitor communications. Following these guidelines
will help ensure employees are protected for the overall good of the company.