If, however, an enterprise provides wire or electronic communication services in its ordinary course of business, it is exempt from the FWS.

The business exception to the FWS generally lets employers monitor computers and networks the company owns. Enterprises providing a wire or electronic communication service to the public, however, can monitor and observe network traffic only for "mechanical or service quality-control checks." Once an electronic communication reaches a storage facility, Title II of ECPA, the Stored Wire and Electronic Communications and Transactional Records Act, prohibits intentional, unauthorized access to stored communications.

ECPA defines electronic storage as "any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission" and any storage for backup purposes. Entities that provide wire or electronic communications service are exempt, except for public providers, like America Online. This has created a broad exception for employers that provide electronic communication in-house. This may also include anyone authorized by a provider, such as a service provider, to monitor stored messages. Critics, however, caution employers from relying on the exception, since Congress's intent in passing ECPA was to strengthen individual privacy rights.

If Congress intends to strengthen individual privacy rights in the workplace, that intent has not manifested itself into law. In 2000, legislation proposed in both houses of Congress failed to require employers to inform employees if they monitor computer, Internet or telephone use. Although the proposed Notice of Electronic Monitoring Act died in committee, it has resurfaced in the Senate as the Spyware Control and Privacy Protection Act (see "Right to Privacy Legislation" chart, below). This bill sets out to mandate disclosure of information collection through computer software and other means.

Although many state wiretap laws follow the federal law, employers should not engage in electronic monitoring without checking applicable state and common laws on electronic monitoring in the workplace. Several compilations of laws on monitoring are available. LRN, a legal research and analysis firm, offers papers on "Monitoring and Recording of Employee Telephone Calls, Voicemail" and "E-mail: A Federal Law and Fifty State Survey." In addition to the applicable laws, employees expect certain privacy rights, and employers should respect them.

Technology today enables employees to work long hours both in and out of the office. Often, those hours require employees to devote a fair amount of time to personal or family life while on the job. Employees may have to take calls from schools or hospitals during the day to field family emergencies; they may have to coordinate child care with a spouse; and they may need to contact stores, banks and so on. Most workers will make the occasional personal phone call from work or use the office copy machine for a random photocopy. And many people will use an e-mail system for personal as well as work-related mail.

Right to Privacy Legislation Click here to enlarge

Yet there may be abuse -- in content, purpose and the sheer amount of time spent on such mail. Some people may also surf the Internet to attend auctions and sales or download games and other programs and run them on office computers. Others may harass workers with e-mail, view pornography or even mail corporate secrets to competitors. If you don't monitor the workplace, you may have little concern for the welfare of your employees until one files a harassment suit. And you may have little worry that employees are divulging corporate information until your competitor files a patent with your intellectual property.

If these concerns alone don't keep you up at night, keep in mind how much network bandwidth and Internet access dollars you are losing to such activities. In the past, when companies recognized that equipment was used or abused for purposes other than business, they placed controls on the devices. For instance, many of us now use a code to access long-distance services and photocopy equipment. For the network, the costs are even more daunting. Businesses upgrade wiring, switches, routers and leased lines. For example, 256-Kbps leased lines are upgraded to T1, T3, OC-3 and even OC-12 to handle increased loads. If these loads do not equate to business needs, there's unnecessary overhead that needs to be recognized and reduced. If employees know the network is monitored, the reduction in nonbusiness-related "surfing" can free up bandwidth, increase performance and reduce costs.

Monitoring the corporate network makes good business sense, but doing it responsibly -- by employing up-to-date tools and adhering to an established company policy -- makes better sense. Otherwise, you may find yourself the subject of a lawsuit. For example, a Massachusetts court found that reviewing employees' mail using a supervisor's password violated state law against "unreasonable, substantial or serious" interference with privacy (Restuccia vs. Burk Technology). Employees were permitted to use the e-mail system to send personal communications, and the employer never informed them that messages would be monitored using a supervisor's password.

The federal government has started to address the hard questions of how data is collected, accessed, and transferred or shared (see "Keeping Data Private"). But most U.S. legislative efforts have fallen short of the comprehensive privacy schemes found in Canada and the European Union in favor of allowing enterprises to police their own privacy practices. In response, enterprises have beefed up their privacy policies and appointed privacy officials to ensure that customers are given notice of what information the business collects, how it uses the information and how it discloses that information. But is this enough?

Although legislation is in motion to ensure the public's privacy rights in the information age, little has been done to update the FWS or provide employers with a clear guide to balancing electronic monitoring and privacy. Furthermore, advances in technology continue unabated. Digital convergence and the wedding of voice and data on networks enable both employers and the federal government to monitor network activity, going beyond the scope of the FWS. Today's networks carry voice and data packets that include origin, destination and content on the same channel, and all may be monitored and reported on one device. This has implications for the watcher and the watched.

For example, as enterprises adopt VoIP (voice over IP) on the corporate network, voice traffic will be as easy to monitor as Internet traffic, such as e-mail, FTP, HTTP and telnet. Voicemail will be stored in the same medium as e-mail and susceptible to the same tools now used to scan e-mail messages; the potential to infringe on employees' privacy will be greater than ever. Unfettered and unannounced monitoring that scans both voice and data traffic on the network may cross the lines of respectability and infringe on employees' rights to privacy.

Enterprises need tools that can reduce the risks and costs of doing Internet business. These tools should inform companies when confidential information, such trade secrets and intellectual property, are communicated on the Internet. In addition, these tools should provide the enterprise with information on how its network resources are being used and easily identify abuse. At the same time, the tools should ensure a safe, hospitable environment for employees to engage in productive, creative work and afford them respectability and comfort in the workplace.