If you don't think Internet or e-mail misuse or abuse can happen in your company, guess again.
Just ask the company that got a letter from the FBI last November that said one of its employees was accessing child pornography sites from the workplace. As if that news wasn't bad enough, the company in question had not developed an Internet policy.
"That's the problem," says Joseph G. Schmitt, labor-employment law attorney with Halleland Lewis Nilan Sipkins & Johnson, Minneapolis. "A lot of companies just haven't thought about [having a policy] or don't think they'd ever want or need to monitor [electronic communications]. Then a case arises where they need to monitor, and they can't because they don't have a policy in place."
That's not an isolated case, either. One-third of the 4,000 executives surveyed three months ago by Management Recruiters International Inc. (MRI), Cleveland, said that even though 80% of their management-level employees now have access to the Internet from desktop personal computers, their companies did not have a policy in place to govern the use of computers and e-mail in the workplace.
That's almost incomprehensible given the legal risks with regard to harassment, bias, discrimination, and offensive sexual behavior from Internet and e-mail abuses that recent firings and court cases have underscored, says attorney Elizabeth du Fresne, chairperson of the labor and employment practice of Steel Hector & Davis, Miami. She says that the first place attorneys today turn for evidence in a sexual-harassment or racial-discrimination lawsuit is the Internet, since that is often where the offensive behavior can be proved.
"The Internet is just the source of the problem," says du Fresne. "The problem is that, during the day, someone obtained offensive material from the Internet and brought it into the workplace."
"They [employees and managers] all know that they can't hang up a Penthouse calendar in the workplace. They all know that they can't make a racist or sexist joke in the workplace," says du Fresne. "I don't understand why they think they can send racial and sexist jokes via e-mail or download pornography at work. Why they don't understand that the same rules of life apply when they get such material from the Internet and pass it on to others in the workplace, I don't know."
And, she says, CEOs are as guilty as their employees. One CEO of an international company settled out of court when it was documented that all his hits on the Internet were porn sites and that he had 81 dirty jokes in his personal folders, classified by category.
In another case, the plaintiff's attorney produced six months of sexually harassing e-mail from a CEO, prompting a quick out-of-court settlement. And, in a case where there was never even a lawsuit, a CEO paid $1.5 million to a female employee after he downloaded pornography, showed it to her, and asked her to do the same things.
"The whole concept of what computers retain and do not retain is black magic to people," says du Fresne. "They hit the delete button and think it [the e-mail or the picture] went off to e-mail heaven." While most CEOs involved in such behavior retain their jobs, other employees aren't as lucky.
Internet Abuse
Xerox Corp., The New York Times, and First Union Bank last fall announced the firings of employees for inappropriate Internet abuse. What triggered those dismissals and similar recent firings at brokerage firms were inappropriate workplace behavior and declining work productivity that could be traced to the use of the Internet.
Some employees simply spent too much time on the Internet, and others sent e-mails with offensive content to other employees. Still more engaged in heavy Internet surfing of pornographic or gambling sites while at work or ran personal businesses on the Internet during company time. Some even sent to other employees, via e-mail, materials that included videos of people engaged in sex.
Those firings came in the aftermath of three separate but highly publicized lawsuits that were filed in a five-month period from December 1996 to April 1997 -- against Citibank NA, Morgan Stanley & Co., and WorldCom Corp. -- because of offensive e-mails sent to employees. The cases cost those companies adverse publicity and legal costs, even though each eventually was found innocent of wrongdoing for its employees' actions. (Each of the courts ruled that a single offensive e-mail -- or a handful of e-mails -- did not by itself constitute a hostile environment for racial bias or sexual harassment and that the companies had acted promptly and appropriately to discipline the employees and prevent such incidents from occurring again.) Others haven't been that lucky.
- After Chevron Corp. was sued because of an e-mail circulated within the company that listed 25 reasons why beer is better than a woman, it settled out of court, also for $2.2 million.
- It cost a West Coast company $250,000 to settle an age-discrimination lawsuit after an e-mail search uncovered that the company CEO had written an e-mail instructing human resources to "get rid of" a female employee.
- Microsoft Corp. settled for $2.2 million a sexual-harassment suit involving pornographic messages sent within the company via e-mail.
Those types of legal risks alone "underscore the folly" of operating without clear ground rules governing the use of the Internet and e-mail by employees while using company equipment on company time.
"It is only a matter of time until someone opens a door or peers over a shoulder and it becomes a matter of inappropriate materials that create a hostile environment and also undermine your sexual-harassment policy or antidiscrimination policy," says Maria Sorolis, attorney in the Tampa office of the Florida-based law firm Allen, Norton & Blue.
In addition, such guidelines or policies are needed to prevent the electronic disclosure of trade secrets and confidential information and to help prevent the personal use of electronic technology from reducing worker productivity.
Another reason is to allow companies to access electronic information should they be involved in legal proceedings stemming from Internet or e-mail activity.
"Sexual harassment is, by far, the biggest problem, particularly hostile-environment claims," says Halleland Lewis' Schmitt. "The second biggest issue is the disclosure of confidential information. Those two account for at least 75% of all problems with the Internet and e-mail use and abuse."
Gregory Valenza, attorney in the San Francisco office of Jackson Lewis Schnitzler & Krupman, concurs. This is not, he says, about "the employer being sneaky" and monitoring employee activity.
"Electronic communications has become a way of quickly and efficiently sending information," says Valenza. The Internet "has become [both] a gateway through which people can divulge company information and a vehicle for harassment." If that's the case, why do many companies, as the numbers from the MRI survey suggest, still operate without such policies?
"Many just haven't thought about it," says Schmitt. Others, adds Valenza, "are reluctant to communicate to employees 'news' that they might not want to hear -- that the company is going to reserve the right to monitor and access the Internet and e-mail usage of its employees." Yet that is precisely why they need to develop and implement policies and communicate them to employees.
"Employers have a legal obligation to prevent harassment and discrimination in the workplace," says Valenza. "So, at the very least, you need to give employees fair warning that you have the right to peer in so that they will at least think twice" about their personal Internet and e-mail practices.
The Need for Internet Policy
Neil Fox, chief information officer at MRI, points out, "Too many employees are still unaware that they are representing their company when they use company equipment to visit a Web site or send an e-mail. You have to let them know" that their identity -- and the company's -- follows them around during such activities and that such activities aren't private. E-mail, for example, is routed through a variety of servers before it reaches its final destination, and Internet sites "save" information on people who visit them so that they can be "identified" when they revisit.
In addition, says Eric Greenberg, director of management studies at the American Management Assn. (AMA), New York, without a policy that reserves for the company the right to monitor -- regardless of whether a company ever decides, or needs, to use that right -- a company can run into a slew of legal problems.
"A company has to keep good files," says Greenberg. "That is just part of taking care of business. If the alternative is not storing and maintaining e-mail files and Internet connections, what do you do when you receive a subpoena for a lawsuit?
"It's easy to try to turn this into a Big Brother issue," says Greenberg. However, the reality is that of companies with monitoring policies -- based on AMA's 1999 workplace-privacy survey -- the overwhelming majority (90%) do only spot checking and usually only after a complaint or when an individual's work performance has dropped.
"Monitoring frequently creates a problem with employee morale," says Valenza. "It is better to have an open-door policy so that if something offensive occurs the offended employee will feel free to tell management, which can then monitor."
There are certain parameters every Internet/e-mail policy should have. But, in the long run, "each company has to decide what type of policy is appropriate" for it, says MRI's Fox, himself a proponent of allowing personal use of the Internet -- as long as the work gets done -- as a quality-of-life issue.
"There are as many policies as there are corporate cultures," says Fox. MRI's survey, for example, found that some companies had an absolute prohibition against personal Internet and e-mail use. Others allowed employees to use the Internet for personal use before and after work and during lunch hours. And some permitted either limited or even unlimited personal use. More important, he says, is that the policy spells out what's acceptable or not.
"It lets the employee understand what level of personal use is tolerated and clears up the ambiguities for the employees."
Companies also must understand that they should discipline employees whose problems stem from Internet or e-mail abuse or overuse in the same way they would handle the issue if no electronic communications were involved.
"A racially charged joke over the Internet system should be treated from a discipline standpoint the same way you would treat a racially charged joke made in another context of the workplace," says Martin H. Samson, an attorney in the New York office of Phillips Nizer Benjamin Krim & Ballon, who specializes in Internet-related litigation.
"You have to look at the offense and the offender and whether it is a first-time offense or a repeat offense. You have to ask yourself how would you react to a similar situation if there were no electronic issues involved."
Similarly, unless it involves harassment, discrimination, visits to sex sites, or the like, attorneys suggest companies react to excessive personal use of the Internet (some surveys estimate that one-third of Internet usage at work is personal) the same way that they would react when an individual wastes company time in other ways.
"When an individual visits porn or inflammatory sites, harasses other employees, or does stock trading, something illegal, or something disruptive to another company's Web site," says Jackson Lewis' Valenza, there should be immediate discipline. "There is a difference between using the Internet to steal time or to download pornography. Someone who is reading Sports Illustrated online," he says, "is not going to be punished in the same way as someone who reads Hustler online or downloads their images because of the risk that someone else will see that and be offended."
Allen, Norton & Blue's Sorolis agrees. "You have to view theft of time on the Internet -- as long as a person is just visiting noninflammatory sites -- the same way you would view abuse of coffee breaks, informal chats with other employees, or personal phone calls."
"You want to cut off excessive time on the Internet for hourly employees because if they are spending three hours daily on the Internet, they might be working overtime for three hours at time-and-a-half to get their jobs done," says Sorolis. "But salaried employees are supposed to get their work done regardless. So as long as [salaried employees] get their work done, it is not a problem."
Halleland Lewis' Schmitt agrees. "A company shouldn't care whether employees spend one or 10 hours on the Internet as long as they are getting their jobs done -- and provided that they are not accessing inappropriate sites" or harassing others. It is probably better that the employer stay away from the issue. Otherwise, it might lose an incredibly productive employee. Besides, contends MRI's Fox, that is a more enlightened management approach.
"More and more, the line is becoming blurred between personal time and company time at many organizations," says Fox. "Employees are willing to put in 60 hours to 80 hours of work each week, but they want, in exchange, quality-of-life improvements from their employers -- more flexible hours, the ability to work at home, and the ability to surf on the Internet as their break from work. . . . It is time to focus on the quality and quantity of work rather than the amount of time an employee's butt is in a chair."