A well-drafted computer-use policy can provide evidence to uphold a termination for cause and can protect an employer from harassment claims, as recent case law illustrates.

The scene is well-known in the workplace: an employee receives an e-mail joke or photo from a colleague down the hall, has a giggle, and forwards the message to other colleagues, friends at other organizations, and relatives who might appreciate the joke. In minutes, a complete cyber network is created, and it has passed along a message.

Sometimes the message is innocuous, e.g., it involves cute images or funny expressions. Other times, it involves racist, sexist or pornographic jokes or images.

In most organizations where employees use computers for their jobs, employers draft and implement computer-use policies that limit personal — and prohibit inappropriate — computer use. The Alberta Court of Appeal decision in Poliquin v. Devon Canada Corporation underscores the importance of employers adopting, and enforcing, these policies.

The Devon Case

Mr. Poliquin was a long-time employee of Devon and had supervisory responsibilities over other employees.

Devon had a Code of Conduct that included a provision on appropriate computer use. The company permitted employees to use its computers for limited personal use, but specified that the system “should not be used for sending pornographic, obscene, inappropriate or other objectionable messages or attachments via e-mail.” Poliquin acknowledged that he had read, understood and accepted the terms in the Code of Conduct.

Poliquin violated the computer-use policy on several occasions by forwarding pornographic, derogatory and/or racist e-mails. Apart from these incidents, he was considered a valued employee and had received positive performance appraisals and exemplary performance ratings.

Nonetheless, Devon dismissed him for cause, and the Court of Appeal upheld this decision.

Although the case technically revolves around the issue of whether summary judgment was appropriate in the circumstances, the court makes some notable observations on the limits of employees’ privacy in the workplace and on employers’ right to monitor computer usage, including that “the workplace is not an employee’s home; employees have no reasonable expectation of privacy in their workplace computers.”

The court also specifically acknowledges the employer’s right to set ethical, professional and operations standards for their workplace. It indicates that the ramifications for failure to enforce a reasonable computer-use policy may be extreme and may even go beyond the walls of the organization. An employee’s misuse of the employer’s computer system to access, receive and disseminate inappropriate materials could:

  • compromise the employer’s reputation in the community, as e-mail messages forwarded from work computers often carry the organization’s signature and may be viewed as sent on behalf of the organization;
  • adversely impact the work environment; ? diminish the productivity of the employee in question;
  • expose the employer to lawsuits for failing to protect its employees from harassment or discrimination; and
  • introduce worms and viruses “through inappropriate accessing of pornographic or racist websites, or through receiving tainted material downloaded from these websites.”

In light of these significant risks, the court concluded that “an employer is entitled not only to prohibit use of its equipment and systems for pornographic or racist purposes, but also to monitor an employee’s use of the employer’s equipment and resources to ensure compliance.”

McCarthy Tétrault Notes:

Devon is a goldmine of valuable hints and quotes for Alberta employers. It clearly supports the employer’s right to manage the workplace and enforce reasonable policies. Employers should:  

  • Implement a clear-cut and comprehensive computer-use policy that sets out permitted and proscribed uses of workplace computer systems. If an employer does not want an employee to have a reasonable expectation of privacy over any data found on a computer or the employer’s network, then this should be clearly stated in the policy. This policy, like all policies, should be carefully drafted and subsequently reviewed to ensure its continued applicability and validity.
  • Ensure that all employees receive copies of the policy and acknowledge their receipt and understanding of the policy.  
  • Send out periodic reminders of the terms and conditions of the policy; these may include requiring employees to click on an “acceptance box” before being granted computer access.  
  • Conduct regular monitoring to ensure compliance with the policy.  
  • Hold all employees, including supervisors, to the same standards and expect them to adhere to the policy.
  • Not take violations of the policy lightly.