|
|
|
Legislation Chases Innovation
Tyler Cooper's O'Brien discusses technology changes and the law
|
Business New Haven
3/1/2004
By: BNH
|
George O'Brien Jr. is a partner with Tyler Cooper & Alcorn, LLP in New Haven, and chairs the firm's labor and employment practice. He also serves on its technology committee. He spoke with BNH regarding technological advances and the law.
What are companies' concerns regarding employee e-mail?
Spammers are extremely aggressive and ingenious, and no matter how good your software is, some of the stuff gets through. If an employer knows that employees are receiving these pornographic e-mails - even if they are unsolicited and coming from outside the company - does the employer have the obligation to take steps to prevent the delivery of the e-mail? And if [the employer] doesn't do that, has it allowed the creation of a hostile work environment?
What's that mean?
An employer is responsible to stop harassment of its employees by non-employees if the employer is aware of the harassment. The employer must take prompt and effective action to stop it. In the case of e-mail, when it is brought to your attention, you have an obligation to do something about it. You may not be able to make it perfect, but the growing feeling is that an employer can be liable for failing to prevent the hostile work environment that is created by pornographic spam. The bottom line for the employer in that when there is a complaint from an employee, it has to be taken seriously.
What if the employer is aware of spam e-mails, but employees are not complaining?
Then the employers have to act prudently in their own best business interest. Someone who is consenting to it one day by not complaining about it might be complaining about it tomorrow. And the unbusinesslike atmosphere that you allowed to exist may come back to hurt you.
How should personal e-mails and jokes forwarded by e-mail be handled?
Today, business communications systems are one of the most expensive investments that a company makes, and they are interrelated. There is integrated computers, phones, e-mail, faxing, remote computer access, cell phones, BlackBerrys where you get remote e-mail. All those together form an incredibly important asset of the company. A company that wants to get the most out of these assets should get a policy that they are for business and not personal or non-business use. The big problem with e-mailed jokes is when they extend to the level of sexual harassment, and employers have been held liable where employees have been harassed by e-mails, phone calls, messages, signs tacked on the wall and writing on the bathroom stall. All of those kinds of offensive communications can form a hostile work environment. It can apply to men as well as women, though women who have been the victims bring the higher proportion of the cases.
What kinds of communications policies should companies have?
There should be a written policy. The policy should [include] the point that communication facilities are business resources, not there for personal use, and that personal use of them should be limited. The second element is the security of those resources, because for most companies the business assets are your information. The policy should require no one to share passwords or access to crucial information and assure confidentiality with regard to what information is in the system. Employees should understand proper use. You don't go to porn sites, send e-mail with defamatory material in them, do transactions on the Internet that can open the company up to a liability, no discriminatory harassment. The policy should also say that you respect software licensing to avoid an audit by a software company. The company must require compliance with the laws and particularly laws that employees might cause the company to violate and pay a heavy price for.
Can employers access employee e-mail to retrieve needed information? What happens if the employer discovers personal information?
In general, because these are the employer's assets, the information is available to the employer. The policy that you communicate to employees should say that the employer has the right to review e-mails, any personal or business-related files collected. If they are on the employer's system, the employer has the right to review them, and when employees work in the system, having been informed of that, they have consented to it. In Connecticut there is a statute that employers who engage in electronic monitoring need to give prior notice to employees. This includes e-mails, closed-circuit television and almost any kind of indirect monitoring of what people are doing. Employers are supposed to post a written notice in a conspicuous place and the types of monitoring that may occur should be [specified].
Are there penalties for unauthorized disclosure of patient information?
The Health Insurance Portability & Accountability Act (HIPAA) provides very serious penalties against the unauthorized disclosure of patients' 'individually identifiable' health information. One instance of unauthorized disclosure can bring a fine in the $10,000-to-$25,000 range. An intentional unauthorized disclosure can be ten times that.
What is authorized disclosure?
Doctors can send out a notice of privacy practices. It is required by HIPAA to give this out. If the doctor [says] that he may send protected health information to the patient by e-mail or fax and the patient doesn't object, then it is okay to send it.
What about between a doctor and a health-insurance company?
There are companies now doing a substantial business trying to provide insurance companies, hospitals and large medical practices with secure e-mail systems. The Internet developed around the same time HIPAA was being implemented. Companies are trying to make use of all the technology they can, but have to find a way so that people who are not supposed to get individually identifiable health information do not. [Companies] are using encryption techniques and electronic signatures so when they send documents over the Internet, no one can get them. Both the medical practice and the health insurance company are responsible for protecting the privacy of the patient.
What are other employer/employee issues?
During the last legislative action the General Assembly passed a law that amended the personnel file access law, where every employee has the right to examine and make copies of their personnel file, [and] personnel files were redefined to include e-mail and faxes. This would be e-mail that pertains to an employee that was used by the employer in making a decision in a personnel matter concerning that employee. The employee has the right to it.
Does the company have an obligation to save every paper memo regarding an employee?
The Connecticut statute defines personnel files in a functional way. A personnel file consists of all documents used by an employer in reaching a personnel decision regarding the employee. That would include the file the supervisor keeps, notes the personnel department representative made when speaking with the supervisor and the file folder in the personnel department. Employers who really try to abide by this end up keeping [memos]. Another issue an employer has to think about is archiving, and whether e-mails disappear. Employers should be careful about what they send and say because they could create what amounts to a permanent record.
Is there a legal difference between e-mail memos and paper ones?
One way the law distinguishes between written and oral statements [with regard to] defamation: that a written statement is libel and an oral statement is slander. Generally, e-mails are regarded as libel when they are defamatory. That means they are regarded as written statements because they have the staying power of a written statement.
What are employers' rights with regard to the use of Global Positioning Systems (GPS) tracking of employees?
The rule in the past has been that an employer is free to put new monitoring devices into play. The employee does not have a right to complain about it because if they were following the rules in the first place, the fact that now there is a time clock does not change anything. The GPS is such a spectacularly precise monitoring device. In trucking companies where the monitor system is placed in vehicles, the company has a record within ten feet or so where the truck was and when it was there. They can watch the vehicles move around on a map in real-time and they can go back and reconstruct every place they were throughout the day. Employees have complained about these things. One of the legislative changes I would expect employee groups to lobby for are some kind of [restrictions on] the way the GPS can be used.
|
Go FirstGo PreviousGo
NextGo LastGo
to Index
|
|
