09/06/00 Subcommittee on the Constitution Hearing Witness Testimony

Statement of Michael Robert Overly

before the

Subcommittee on the Constitution of the

Committee on the Judiciary

United States House of Representatives

September 6, 2000

Mr. Chairman, and Members of the Subcommittee. Thank you for the opportunity to appear before you today to testify regarding this important subject.

My involvement with technology in the workplace and, in particular, the creation, storage, and transmission of electronic information began when I worked as a research engineer many years ago in the defense industry and has continued to the present day in my practice as an attorney. I currently devote the majority of my practice to working with businesses and their employees to address the unique challenges posed by technology in the workplace. I see first hand the wide array of issues that can arise from employee use of a business' computer resources.

Businesses have three general areas of concern regarding employee use of their computer resources: (1) minimizing potential liability of the business to its employees or third parties; (2) protecting sensitive business information from unauthorized disclosure; and (3) reducing potential waste of computer resources. These concerns require businesses to have the ability to monitor and review employee use of their computer resources to insure those resources are used properly.

Employees, on the other hand, generally evidence a profound lack of appreciation of the potential liability that may arise from use of their employer's computer resources, particularly e-mail. Much of the problem results from the incorrect perception of most employees that their electronic communications are entirely ephemeral in nature: existing for only a short time and then permanently erased. Nothing could be further from the truth. Records of e-mail and computer use may be maintained for many years. Even deleted messages and files may be retrieved weeks or months after they were thought deleted.

The lack of appreciation by employees, even technically astute employees, of the unique nature of e-mail and other forms of computer use has lead me to become a strong advocate of computer use policies: written policies that provide employees with a clear and understandable statement of their duties and obligations regarding use of their employer's computer resources. In particular, I believe it is essential to make clear in these policies that the employer must, at least under certain identified circumstances, be able to review and monitor employee computer usage. Employees must be placed on notice that anything created, stored, or transmitted through their employer's computer system can and likely will be reviewed by others and that if they desire privacy, they should not use their employer's computer system.

It is for the foregoing reasons that I support notice legislation such as H.R. 4908. I look at such legislation as compelling businesses to do what they should have done anyway. That is, adopt clear policies regarding employee use of their computer resources.

I do, however, have two concerns regarding the text of the Notice of Electronic Monitoring Act. First, I believe the notice requirements in Section (b) require clarification. To avoid unnecessary litigation, employers should have a bright line rule regarding what is required to satisfy the notice requirement. As written, Section (b) is unduly onerous and will almost certainly lead to litigation as to whether or not a notice included sufficient detail. I believe a simpler approach, such as the one proposed in California SB 1016 last year, be considered. Under that proposed notice statute, the employer was simply required to "distribute to all employees, by hardcopy or electronic notice, the employer's workplace privacy and electronic monitoring policies and practices." To insure actual notice of the policies and practices, the California bill would have required each employee to sign or electronically verify that he or she had read, understood, and acknowledged receipt of the policies and practices. If an employee declined to sign or electronically verify the foregoing, the employer could comply with the notice requirement by having the person who provided the policies and practices to the affected employee sign and retain a statement to that effect and provide a copy of the statement to the affected employee.

My second concern relates to whether or not this bill is intended to provide an exclusive remedy to the employee. As written, it is unclear to me whether this bill is intended to give employees a stand-alone cause of action, separate from and in addition to any claim the employee may have for invasion of privacy or any other right. In other words, can an employee maintain a cause of action against an employer under 4908 and a separate cause of action for damages for invasion of privacy? Similarly, if a state enacts its own notice statute (as California nearly did), can an employee maintain an action under both the state and federal laws? Or will the federal law preempt the state laws in this area? I believe it is critical that the issue of exclusivity be specifically addressed in the proposed statute.

Mr. Chairman, and Members of the Subcommittee, thank you for your attention in this matter, and for the opportunity to provide this testimony. I will be happy to answer any questions you may have.

Michael Robert Overly

Partner, e-Business & Information Technology Group

Foley & Lardner

2029 Century Park East, 35^th floor

Los Angeles, California 90067

310-975-7959

moverly@foleylaw.com

In accordance with House Rule XI, clause 2(g)(4), I hereby certify that I have received no government grants, contracts, or subcontracts in this or in the two preceding fiscal years.

Biographical Material: Michael R. Overly is a partner in the e-Business & Information Technology Group in the Los Angeles office of Foley & Lardner. His practice focuses on counseling clients regarding technology licensing, copyright law, electronic commerce, and Internet and multimedia law. Prior to becoming an attorney, Mr. Overly worked as a research engineer in the Space and Technology Division of TRW Inc. He received his MSEE and BSEE degrees from Texas A&M University, and his J.D. from Loyola Law School in Los Angeles. Mr. Overly writes and speaks frequently on the legal issues of doing business on the Internet, technology in the workplace, e-mail, and electronic evidence. Mr. Overly has written numerous articles on these subjects and has authored several treatises. He is the author of the best selling e-policy: How to Develop Computer, E-mail, and Internet Guidelines to Protect Your Company and Its Assets (AMACOM 1998) and Overly on Electronic Evidence (West Publishing).