Home | Databases | WorldLII | Search | Feedback eLaw Journal: Murdoch University Electronic Journal of Law

Dirom, Pavlina B --- "Employers' Rights to Monitor Employee Email Under United States Law" [2001] MurdochUeJlLaw 26; (2001) 8(4) Murdoch University Electronic Journal of Law

Employers' Rights to Monitor Employee Email Under United States Law

§ Introduction

§ The Electronic Communications Privacy Act of 1986

(a) An Overview

(b) The Relationship Between the Wiretap Act and The Stored Communications Act

(c) Exceptions to the ECPA

(i) The System Provider Exception

(ii) The Business Extension or Ordinary Course of Business Exception

(iii) The Consent Exception

§   Employers protected from ESCPA through a comprehensive monitoring policy:

§   What is good for business is good for America!

(a) Congressional Efforts to Protect Employees' Privacy Rights

(b) The Individual Right to Privacy in Cyberspace Bound to Face Fierce Opposition

§ Conclusion

§ Notes

  Introduction

1. In a study completed in April 2000, the American Management Association determined that more than two-thirds of employers engage in some form of monitoring of their employees.[1] There are good reasons for monitoring because:

1. e-mail exposes an employer to an increased liability in employee discrimination suits;
2. it allows the employer to protect its company's information assets, including intellectual property, trade secrets and confidential information; and
3. it also helps the employer to make sure that employees are truly working, as opposed to doing personal business on company time.

2. But, by doing so, employers may incur liability for their intrusion into the employee's privacy rights.  Because the laws in this area remain unclear, many commentators[2] advocate implementation of a comprehensive e-mail monitoring policy to protect employers from the intrusion of privacy lawsuits by their employees.  These policies are consistent with the evolving legal standard, which suggests that as an individual's expectation that she is under surveillance increases, the scope of her expectation of privacy decreases.[3] It is only fair to warn an employee about monitoring because it may affect the choices she makes about what she says and what she does.  These choices are in part governed by her expectation regarding the extent to which knowledge of her actions may be used to her detriment.[4] On the other hand, as one commentator argues, an employer should be barred from manipulating employee expectations through notification, and instead, a "compelling business interest" standard of privacy should be implemented in this area, which would serve to reaffirm the "fundamental" nature of privacy.[5] This idea is just one of many suggestions devised by legal scholars to improve employee e-mail privacy.  In the meantime, American courts find themselves in "the unenviable position of having to adjudicate novel privacy complaints, brought by employees against employers, without precise constitutional or statutory guidance.[6]

3. This comment will give in Part II an overview of the Electronic Communications Privacy Act of 1986 ("ECPA").  It will argue that an employer can avoid liability by accessing an e-mail while in post-transmission storage because the current interpretation of the relationship between The Wiretap Act and The Stored Communications Act makes this differentiation possible.  It will further argue that the ECPA is limited in its coverage to the interception of the e-mail message before arrival and that even such limited protection has many exceptions to its application.  The ECPA thus gives an employer significant leeway in monitoring its employees.  In Part III, the comment will argue that because the ECPA is vague and ambiguous, and because the courts and Congress have done little to clarify these ambiguities, employers must be cautious in the way they do their monitoring to protect themselves from the privacy complaints.  Implementation and compliance with this comprehensive monitoring policy is thus essential. In Part IV, the comment will provide an example of the Congress's effort to protect employee privacy and it will argue that the individual right to privacy is bound to face fierce opposition.

  The Electronic Communications Privacy Act of 1986

(a) An Overview

4. Although e-mail communications are protected by the ECPA,[7] technological innovations have outpaced legislative reform to such an extent that the ECPA fails to protect employees in most situations involving e-mail monitoring by private or public employers. The ECPA [8] was introduced and passed in order "to update and clarify Federal privacy protections and standards in light of dramatic changes in new computer and telecommunications technologies."[9] The ECPA is an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, also known as the Federal Wiretap Law[10] The ECPA inserted the term "electronic communications" wherever Title III previously only protected wire and oral communications.[11] It extended the coverage by prohibiting unauthorized interceptions by all carriers, not just common carriers,[12] and prohibited the interception of electronic messages in transmission[13] and storage.[14] The ECPA has been noted for its lack of clarity[15] and described as leaving still too much leeway for monitoring employee communications.[16]

(b) The Relationship Between the Wiretap Act and The Stored Communications Act

5. There are two Acts within the ECPA that affect an employer's right to monitor an employee's e-mail: The Wiretap Act[17] and The Stored Communications Act.[18] "Courts and scholars have struggled to determine the precise boundaries of and also the intended relationship between the Wiretap Act and the Stored Communications Act by looking to the language of the statute, legislative history, and basic understanding of communication technology."[19] The Court in Fraser held that the Wiretap Act provides protection for private communication only during the course of transaction, and that the Stored Communication Act provides protection only for messages while they are in the course of transmission, concluding that retrieval of a message from post-transmission storage is not covered by the Act.[20] Similarly, the Court in Bochan reasoned that the City of Reno did not violate the ECPA because "2701(c)(1) allows service providers to do as they wish when it comes to accessing communications in electronic storage."[21] The ECPA thus protects employees only when an employer "intercepts",[22] or "accesses" the message while it is stored in the "intermediate" or "back-up storage", which means that the message is acquired "before arrival".[23] Even though some courts are permitting monitoring communication once in storage, employers should be aware that there are courts, which are ready to embrace the reasoning that such blanket permission is an "unsupportable result given Congress's emphasis of individual privacy rights during passage of the ECPA."[24]

(c) Exceptions to the ECPA

6. In addition, the ECPA provides several far-reaching exceptions, which allow employers to monitor communications that would otherwise fall under the "intercepts" or "accesses" inclusion. They are

1. the system provider exception,[25]
2. the business extension or ordinary course of business exception,[26] and
3. the consent exception.[27]

           (i) The System Provider Exception

7. This exception allows network providers to intercept, assess, disclose, or use employee e-mail if intrusion is made during the ordinary course of business and is either:

q (a) necessary to rendering of service or

q (b) necessary to protect the rights or property of the company.[28]

8. There are two major interpretative issues regarding this exception:

q (a) who is the provider, and

q (b) what happens when a private network provider allows a significant number of outsiders to utilize its system.

9. However, at minimum, the provider exception should not apply to employers who furnish networks through public providers.[29]

10. In Bochan, the court held that the City of Reno did not violate the ECPA because it was a provider of an internal voice messaging system.[30] Similarly, the court in Andersen held that UOP LLC (UOP) did not violate the ECPA when it disclosed e-mail messages from Andersen employees to the Wall Street Journal.[31] The Andersen employees had been working for UOP as contractors, and had been using UOP's e-mail system in the course of their contract work for UOP.  Andersen argued that UOP was a public provider.  The court found that UOP was not a public service provider under 18 U.S.C. 2702(a)(1); but only provided services to its employees which included the Andersen employees, and dismissed the Andersen's action.[32]  The outcome of the case therefore assumes that UOP was a service provider. 

11. While these cases do not definitely answer the questions, they are inclined to interpret this grey area in favor of firms providing e-mail services to its employees.  In addition, there have been several California cases that addressed the issue of workplace e-mail monitoring which concluded that there simply is no ECPA violation if the company providing an electronic communication service examines everything on the e-mail system.   The California court, which is known for its innovative approaches to the law and which is bound by its state Constitution that establishes privacy as a fundamental right, refused to extend the privacy right to employee e-mail, suggesting that such a determination should be left to the legislature. [33]

          (ii) The Business Extension or Ordinary Course of Business Exception

12. This exception focuses on the type of equipment used to access transmission.  It permits a network provider to access e-mail so long as

q the intercepting devise is part of the communications network, and

q the device is used in the ordinary course of business, where the courts would inquire into whether an employer has a "legal interest" in monitoring communications.[34]

13. Courts tend to approach the cases either by looking at the context[35] of intrusion or by looking at the content of communication. Applying the content approach, the court will first determine whether communication is "personal" or "business", and then use the result to decide whether the employer's business interest justifies the intrusion.[36]

14. The context approach relies more heavily upon the questions of workplace environment, including notification and legitimate business interest.[37] It is settled law that unlimited monitoring is unlawful under the ECPA that courts will explore the reasons behind employee monitoring, and limit the scope of monitoring if necessary.[38] Unlike the context approach, the content approach focuses on the subject matter of the communication. The courts have ruled that employers can lawfully intercept "business" communications, but have limited rights to monitor "personal communications".[39]

15. The court in Watkins held that a personal call might not be intercepted in the ordinary course of business, except to the extent necessary to guard against unauthorized use and to determine whether the call is personal or business.[40] Since companies can be held responsible for the content of employee's electronic correspondence, e-mail policies are spreading. For example, in Seattle, a woman sued her former employer for age discrimination.  Her complaint seemed unlikely to succeed until her attorney hired a computer consultant specializing in e-mail retrieval.  This specialist used software, which is capable of "unerasing" a supposedly deleted e-mail message. The e-mail implicated the company's president, and the company settled for $250,000.[41] In Blakely v. Continental Airlines, the New Jersey Supreme Court held that derogatory and potentially offensive e-mails posted on an electronic bulletin board provided by the employer could support a hostile work environment claim under New Jersey's anti-discriminatory laws.[42] As a reaction to this trend, employers began to apply strong disciplinary actions when they discovered offensive e-mails, because the company's actions upon discovering damaging e-mail can be taken into account in determining whether a hostile work environment exists.[43]   In 1999, Xerox Corp. fired about 40 employees for inappropriate use of the Internet, and last year, the New York Times Co. terminated nearly 20 employees for sharing allegedly offensive e-mails on the company network.[44] In sum, both approaches indicate two trends:

q an employer who notifies employees of the monitoring is highly insulated from invasion of privacy claims, and

q an employer can lawfully intercept an e-mail transmission to the extent needed to determine whether the message is business-related or personal."[45]

16. As for the notification, the protection is not iron-cloud. As one commentator argues

 "an employer who publishes such a policy is thus only limited in that the scope of its intrusion must match the legitimate business interest justifying the invasion, and employers can expand the permissible scope simply by offering legitimate interests justifying broad monitoring policies."[46]

17. In Smyth v. Pillsbury Co., the court determined that under Pennsylvania law, a company's interest in preventing inappropriate comments over its e-mail system outweighs any privacy interest the employee may have in those comments.[47] Furthermore, the question still persists about how far into an e-mail message a person can read before the "business or private" distinction is made. The solution might lie in the technology itself. The programs could be installed to screen the stored records "in search of names, phrases, or other references that indicate the nature, source, or target of communication."[48]

          (iii) The Consent Exception

18. Prior consent exception appears to be the most certain protection against liability under the ECPA because interception of electronic communication is expressly allowed by the ECPA when "one of the parties to the communication has given prior consent".[49] However, the courts are not clear whether consent must be expressed or can be implied.

19. In Watkins, the court stated that the implied consent should not be "cavalierly applied," and that mere knowledge of monitoring capability cannot be considered implied consent to an employer monitoring all calls.[50] While the employee's acceptance of employment with knowledge of the firm's policy of monitoring solicitation calls as part of its training program did act as consent to monitoring all sales calls, the court held that it did not include consent to monitoring of personal calls beyond the point necessary to determine the nature of the call.[51] Similarly, the court in Deal v. Spears argued that mere knowledge of a possibility or threat of monitoring is insufficient.[52] On the other hand, the court in Bochan found that the consent exception includes a person's implied consent to the accessing of message, when it is known by him that other parties prior to using the system can access messages in the system.[53] Despite this ambiguity, however, these cases bespeak the idea that e-mail could be accessed under the authority of published monitoring policy.[54]

Employers protected from ESCPA through a comprehensive monitoring policy

20. E-mail is fast and easy to use - maybe too easy! Many users consider e-mail less formal and potentially more personal. These attributes are also e-mail's biggest shortcomings. Employees are devoting less attention to what is written and are including information that might be confidential or offensive believing that they are sending a private message for the recipient's eyes only. In addition, the e-mail can be distributed, copied and read without the sender's knowledge once he hits the "send" button. Many employees also mistakenly believe that if they delete the message from their in or out box, the message is gone, but instead the message is stored on the network system and can be retrieved for review at any time. Because the e-mail messages, including deleted e-mails, are discoverable in federal court,[55] employers are exposed to liability in many ways. Firms must find a way to balance their legitimate interests in monitoring employees with employees' rights to privacy in the workplace.

21. One way to manage the many risks presented by e-mail is to have a formal e-mail monitoring policy. The employer, however, needs to follow it and stay within its scope for it to be effective. An employer has little room to defend himself when he violates the boundaries of the policy by excessive, unwarranted or unnecessary monitoring; therefore, monitoring should be limited to the extent of protecting the employer's legitimate business interest by applying the least intrusive method of monitoring; disclosure should be limited only to those who have a legitimate need to know; and excessive intrusion into personal communications should be avoided.[56] The policies should differ depending on the business needs; it should be given to all employees and placed in the employee manuals; and the policy should specify that the e-mail system is the property of the employer and is subject to monitoring at any time, with or without notice, at management's sole discretion.[57]

22. As one commentator agues, there are at least six elements to an effective monitoring policy which would reduce any reasonable expectation of privacy: notification that (1) e-mail is solely or primarily for business use, published in the handbook and/or provided as a message on the employee's monitor at every log-in; (2) the system should not be used to convey any improper messages; (3) the company endorses a no-solicitation rule and provides instead an electronic bulletin board for this purpose; (4) deletion of a message or file may not fully eliminate the message from the system; (5) an employee must sign a form acknowledging the employer's absolute right to access; and (6) violation of policy or abuse of the system may result in disciplinary actions.[58] In addition, e-mail messages should be treated as non-confidential.

  What is good for business is good for America!

(a)  Congressional Efforts to Protect Employees' Privacy Rights

23. Because the current ECPA case law provides minimal restraint on a firm's access to the user's e-mail communications, additional congressional efforts will be needed to protect employees' and users' e-mail communication privacy. In 1993, the Privacy for Consumers and Workers Act ("PCWA")[59] was introduced into Congress, and even though none of this legislation has been enacted into the law, it remains one of the most pronounced efforts to further the right to privacy.  For example, the PCWA imposed requirements that employers must provide notice to all employees with details of the form of surveillance to be used, the data that will be collected, and the use that will be made of the data collected. Additionally, employers must provide advance notice of the time the monitoring will occur, and the possibility to review and correct information that they believe to be in error. [60] The PCWA was criticized for inadequately balancing the needs of the employer and employee; however, it is an indication of the way Congress may frame the issue of employee monitoring in the future.[61] As a result of the defeat of the PCWA in Congress, many observers have offered their own proposals.[62]

(b)  The Individual Right to Privacy in Cyberspace Bound to Face Fierce Opposition

24. The individual's right to privacy is generally subordinated to the interests of corporations because the "balancing" of interests that courts and legislatures pursue makes use of an "ideologically distorted scale that gives the benefit of the doubt to corporate interests."[63] The firm is more often than not identified with the social collective and an idealized "public interest", which weighs more heavily with the firm than with the interests of an individual. As one commentator observes, most states that recognize the tort for invasion of privacy do not receive it favorably.[64] On the other hand, he argues that "the interests of the corporate sector cannot be assumed to be wholly, or even primarily, coincident with the interests of an entire society. Thus, while individual interests may conflict with, and sometimes ought to prevail over, the interests of the social collective, the 'interests' of a corporate entity can never be assumed to be anything other than subordinate to those of society."[65] It is thus foreseeable that there will be fierce opposition against efforts to increase the ability of individuals to assert their rights in this area.[66]

Conclusion

25. The technology of e-mail poses new employer's liability and workplace privacy issues. The ECPA is too vague and ambiguous to resolve any of those issues. Until new federal legislation is put in place, employees are left with minimal protections and employers are forced to operate in an intricate legal environment.

Notes

[1] Allison R. Michael & Scott M. Lidman, Monitoring of Employees Still Growing, NAT'L L.J., Jan. 29, 2001, at B9.

[2] See Thomas R. Greenberg, E-Mail and Voice Mail: Employee Privacy and the Federal Wiretap Statute, 44 AM. U. L. REV. 219, 249-50 (1994); Jarrod J. White, E-Mail-Work.Com/Employer Monitoring of Employee E-Mail, 48 ALA. L. REV. 1079, 1103-04 (1997).

[3] Oscar H. Gandy, Jr., Legitimate Business Interest: No End in Sight? An Inquiry into the Status of Privacy in Cyberspace, 1996 U. CHI. LEGAL F. 77, 78.

[4] Id. at 78.

[5] Alexander I. Rodriguez, All Bark, No Byte: Employee E-mail Privacy Rights in the Private Sector Workplace, 47 EMORY L.J. 1439, 1467 (1998).

[6] Id. at 1472 (giving examples - Professor Lawrence Tribe's proposed Twenty-Seventh Amendment to the Constitution protecting privacy rights, creating statutory presumption against the waiver of right to privacy in order to shift the current reasonableness balancing test between employee expectations and business interests in favor of privacy interests, etc.).

[7] See Steve Jackson Games, Inc. v. United States Secret Serv., [1994] USCA5 2826; 36 F.3d 457 (5th Cir. 1994).

[8] Electronic Communications Privacy Act of 1986, 18 U.S.C. §§ 2510-2711 (1998).

[9] Fraser v. Nationwide Mut. Ins. Co., 135 F. Supp. 2d 623, 633 (E.D. Pa. 2001) (quoting S. Rep. No. 99-541, at 1 (1986), reprinted in 1986 U.S.C.C.A.N. 3555).

[10] See 18 U.S.C. § 2511 (1998); S. REP. NO. 99-541, at 1 (1986), reprinted in 1986 U.S.C.C.A.N. 3555.

[11] See 18 U.S.C. § 2511(1)(a) (1998) (adding "electronic" communications).

[12] See 18 U.S.C. § 2511(2)(a)(i) (1998). See also Alexander I. Rodriguez, All Bark, No Byte: Employee E-mail Privacy Rights in the Private Sector Workplace, 47 EMORY L.J. 1439, 1449 n.56 (1998) (arguing that legislative history reveals that Congress intended the ECPA to extend protection to private telephone networks, not just common carriers).

[13] See 18 U.S.C. § 2511(1) (1998) ( The Wiretap Act provides a civil cause of action against "any person who - (a) intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept any wire, oral, or electronic communications").

[14] See 18 U.S.C. § 2701(a) (1998) (The Stored Communications Act establishes civil liability of one who:

"(1)intentionally accesses without authorization a facility through which an electronic communication service is provided; or

(2)intentionally exceeds an authorization to access that facility; and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such

system... . . .").

[15] See, e.g. Fraser v. Nationwide Mut. Ins. Co., 135 F. Supp. 2d 623, 633 (E.D. Pa. 2001) (citing United States v. Smith, [1998] USCA9 1719; 155 F.3d 1051, 1055 (9th Cir. 1998)); Konop v. Hawaiian Airlines, Inc., [2001] USCA9 15; 236 F.3d 1035, 1042 (9th Cir. 2001) (calling the ECPA the "statutory thicket").

[16] Gandy, supra note 3, at 106.

[17] See 18 U.S.C. § 2511(1) (1998).

[18] See 18 U.S.C. § 2701(a) (1998).

[19] Fraser v. Nationwide Mut. Ins. Co., 135 F. Supp. 2d 623, 633 (E.D. Pa. 2001).

[20] Id. at 28, 33.

[21] Bochan v. City of Reno, 932 F. Supp. 1232, 1236 (D. Nev. 1996).

[22] Konop v. Hawaiian Airlines, Inc., [2001] USCA9 15; 236 F.3d 1035, 1044 (9th Cir. 2001) (arguing that acquisition does not have to be contemporaneous with transmission).

[23 Fraser v. Nationwide Mut. Ins. Co., 135 F. Supp. 2d 623, 633-35 (E.D. Pa. 2001).

[24] Konop v. Hawaiian Airlines, Inc., [2001] USCA9 15; 236 F.3d 1035, 1045 (9th Cir. 2001).

[25] See 18 U.S.C. § 2511(2)(a)(i) (1998). See also 18 U.S.C. § 2701(c)(1) (1998) (stored communication).

[26] See U.S.C. § 2510(5)(a).

[27] See U.S.C. § 2511(2)(d).

[28] Rodriguez, supra note 5, at 1451.

[29] Rodriguez, supra note 5, at 1452.

[30] See Bochan v. City of Reno, 932 F. Supp. 1232, 1235-36 (D. Nev. 1996).

[31] Andersen Consulting L.L.P. v. UOP, 991 F. Supp. 1041, 1041 (N.D. Ill. 1998).

[32] Id. at 1042.

[33] Peter Schnaitman, Comment, Building a Community Through Workplace E-Mail: The New Privacy Frontier, 5 MICH. TELECOMM. & TECH. L. REV. 177, 177 nn.126-40 (1999).

[34] Rodriguez, supra note 5, at 1453.

[35] Rodriguez, supra note 5, at 1453 (citing cases using the context approach: United States v. Harpel, [1974] USCA10 48; 493 F.2d 346 (10th Cir. 1974); James v. Newspaper Agency Corp.[1979] USCA10 34; , 591 F.2d 579 (10th Cir. 1979); and Deal v. Spears, [1992] USCA8 1412; 980 F.2d 1153 (8th Cir. 1992)).

[36] Rodriguez, supra note 5, at 1453.

[37] Id.

[38] Rodriguez, supra note 5, at 1453 n.85 (citing: Sanders v. Robert Bosch Co.[1995] USCA4 241; , 38 F.3d 736 (4th Cir. 1994) and Deal v. Spears, [1992] USCA8 1412; 980 F.2d 1153 (8th Cir. 1992)).

[39] See Briggs v. Am. Air Filter Co.[1980] USCA5 2270; , 630 F.2d 414, 420 (5th Cir. 1980) (employer can intercept business communications); Watkins v. L.M. Berry & Co., [1983] USCA11 510; 704 F.2d 577, 583-84 (11th Cir. 1983).

[40] See Watkins v. L.M. Berry & Co., [1983] USCA11 510; 704 F.2d 577, 582-83 (11th Cir. 1983).

[41] See Christopher P. Reynolds, Employment Litigation in the New Millennium - Technology Considerations, MONDAQ BUS. BRIEFING, June 29, 1999, at n.28-29 (citing H. McNeil & R. Kort, Discovery of E-Mail: Electronic Mail and Other Computer Information Should Not Be Overlooked, The Or. St. B. Bull., Dec. 1995).

[42] See Blakely v. Cont'l Airlines, 751 A.2d 538, 549 (N.J. 2000). But see Owens v. Morgan Stanley & Co., 96 Civ. 9747, at 6 (S.D.N.Y. 1997) (noting that objectionable e-mail alone is not sufficient to sustain a claim of a hostile work environment).

[43] See Wendy Leibowitz, As E-Mail Use Expands - Case Law Follows, N.Y.L.J., July 20, 1999, at 3.

[44] Allison R. Michael & Scott M. Lidman, Technology Advances Bring Increased Monitoring, EMP. L. STRATEGIST, Mar. 2001, at 2.

[45] Rodriguez, supra note 5, at 1457.

[46] Rodriguez, supra note 5, at 1457 (quoting Larry O. Gantt, II, An Affront to Human Dignity: Electronic Mail Monitoring in the Private Sector Workplace, 8 Harv. J.L. & Tech. 345, 358 (1995)).

[47] See Smyth v. Pillsbury Co., 914 F. Supp. 97, 101 (E.D. Pa. 1996).

[48] Gandy, supra note 3, at 109.

[49] See 18 U.S.C. § 2511(2)(d) (1998).

[50] See Watkins v. L.M. Berry & Co., [1983] USCA11 510; 704 F.2d 577, 581 (11th Cir. 1983).

[51] See id. at 581.

[52] See Deal v. Spears, [1992] USCA8 1412; 980 F.2d 1153, 1155-56 (8th Cir. 1992).

[53] See Bochan v. City of Reno, 932 F. Supp 1232, 1236 (D. Nev. 1996).

[54] Rodriguez, supra note 5, at 1460.

[55] FED. R. CIV. P. 34(a).

[56] See Hall Adams, III et al., E-Mail Monitoring in the Workplace: The Good, the Bad and the Ugly, 67 DEF. COUNS. J., Jan. 1, 2000, at 32 n.43-44.

[57] See Christopher P. Reynolds, Employment Litigation in the New Millennium - Technology Considerations, MONDAQ BUS. BRIEFING, June 29, 1999, pt.

[58] Id.

[59] See H.R. 1900, 103d Cong. (1993); S 984, 103d Cong. (1993).

[60] See H.R. 1900, 103d Cong. §§ 4(B), 5(B)(3), 7 (1993).

[61] Jarrod J. White, E-Mail-Work.Com/Employer Monitoring of Employee E-Mail, 48 ALA. L. REV. 1079, 1101 (1997).

[62] Rodriguez, supra note 5, at 1465 (introducing proposals such as "reasonable" monitoring and necessity of showing "compelling business interest").

[63] Gandy, supra note 3, at 119.

[64] Id. at 119.

[65] Id. at 134.

[66] Id. at 135.