Congress Weighs E-Mail, Net Monitoring Legislation

Computerworld - A bipartisan trio of lawmakers recently introduced legislation in both houses of Congress that would prevent firms from secretly monitoring employees' e-mail and Internet use.
Sen. Charles E. Schumer (D-N.Y.) and Reps. Charles Canady (R-Fla.) and Bob Barr (R-Ga.) jointly proposed the Notice of Electronic Monitoring Act, which would require companies to notify workers if their e-mail messages, Internet activity or phone usage are being monitored by supervisors.
"We would never stand for it if an employer steamed open an employee's mail, read it and put it back. It is the same thing with an employee's e-mail," said Schumer.
Legal Debate
But Marcelo Halpern, an attorney at Gordon & Glickson LLP in Chicago who specializes in Internet law, said the proposed legislation "is pretty intrusive, quite frankly, because it's trying to afford electronic-communications privacy [that's] not afforded to nonelectronic communications."
For example, companies have the right to open paper correspondence without notifying the employee to whom it's addressed, Halpern said. He added that the existing Electronic Communications Privacy Act already allows employers to check e-mail.
"Certainly, monitoring of e-mail is pretty well established," he said.
The bill comes as companies are wrestling with the issue of employee privacy vs. their own liability for the e-mail and online activities of their employees. For example, pharmaceutical giant Merck & Co. in Whitehouse Station, N.J., recently announced that it had fired or disciplined an undisclosed number of employees for inappropriate use of e-mail and the Internet.
The bill would permit secret electronic monitoring if an employer has reason to believe that a worker is engaging in conduct harmful to the company or another employee.
One possible good result of the new legislation is that it could force companies to create monitoring policies, Hal-pern said. But the bill would also introduce "a level of technicality . . . that's just sort of asking for someone to mess up," he said. And that would increase the potential for litigation between monitored workers and their employers, he noted.
Patrick Hellman, director of information security at Denver-based J. D. Edwards & Co., said the legislation won't affect his company much.
"Each employee, when they're hired, within 30 days must acknowledge electronically that they have read and understand the policy," he said, and employees must review and sign the policy annually.

Read more about software in Computerworld's Software Knowledge Center.