May 31, 2013
This series of blogs gives the reader a perspective on the rights, duties, and responsibilities of employers and employees with respect to digital sexual harassment in the workplace.
Part Four. Review of an Employer’s Technological Systems
In the previous post I discussed a possible framework for courts to use in approaching the use of monitoring software to prevent digital sexual harassment in the workplace. I want to expand on the analysis in this post and explain exactly how courts could implement this approach.
In the first step of this analysis, a court should determine whether the employer’s technological infrastructure had the capability to monitor and block the particular digital communications alleged in the plaintiff’s action. To determine this, the court should explore various aspects of a defendant’s technological environment, including infrastructure and policies.
First, the court should ask whether the defendant protects valuable digital information such as financial data, customer records, or sensitive intellectual property. The court should be mindful that an employer who protects its digital information is likely to monitor its web applications because early detection enables the defendant to avert serious economic damage. For example, employers in the media industry protect their media with both physical and digital technologies, often using some form of encryption and an access monitoring tool, to ensure that employees do not make unauthorized copies of the media for pre-release.
Second, the court should consider whether the defendant employs any real-time suspicious activity and policy violation detection technologies. Some financial institutions, for example, implement instant messaging systems with real-time logging capabilities that not only enable the institutions to comply with the message storage requirements that are established under the Sarbanes-Oxley Act but also allow them to track instant message conversations as they occur. The court should examine whether the defendant’s inaction with respect to digital sexual harassment is reasonable in light of the specific capabilities of its monitoring technology. When such technology is actively used, the court should further explore the process and design of the system, focusing on whether the defendant monitors and blocks communications.
Third, the court should examine whether the defendant utilizes user tracking technology capable of recording employees’ actions with respect to a particular Web-based tool set, such as the “research trail” provided by Westlaw. When an employer uses such tracking devices, the court should ascertain whether the employer could have reasonably modified this monitoring and tracking technology to protect employees from sexual harassment in the digital workplace.
Fourth, the court should determine whether the defendant uses real-time technology to monitor its systems for suspicious behavior related to the activities of its users. For example, when a user mistypes his or her password three times, the system may flag the account or send an alert in real-time to a monitoring party. Such technology assists banks in preventing fraud or abuse of financial accounts and is common in the financial sector.
Fifth, the court should review all of the defendant’s logging systems. Financial and medical organizations rely heavily on these systems to access data that enables forensic computer experts to construct an audit trail and deliver evidence of transactions. Hospitals also often use this technology to track the protection of patients’ digital records and demonstrate that the records are released only to authorized parties.
Sixth, the court should determine whether the defendant uses a form of early end-user management monitoring technology. This technology monitors end-users from the end users’ location. For example, global companies with worldwide customers use tools that monitor the location from which their customers communicate. Employers frequently use this technology to ensure that employees perform work off-site and that clients receive authorized services.
These six elements are intended only as guidelines for courts, since different companies combine them uniquely and in addition to other forms of technology. Regardless of the individual characteristics of the different tools and their uses, however, these guidelines can help determine the degree of actual tracking, monitoring, and blocking of digital activity in light of the capabilities of an employer’s particular technological system.
In the next and final post in the series on digital sexual harassment in the workplace, I will give a few final thoughts on responding to sexual harassment in the 21st century and alternative means of response from the bench.