Federal laws prohibit the interception of another’s electronic communications, but these same laws have multiple exceptions that generally allow employers to monitor employees’ email and internet use on employer-owned equipment or networks. As a result, under federal law, when private-sector employees use an organization’s telephone or computer system, monitoring their communications is broadly permissible, though there may be exceptions once the personal nature of a communication is determined. For example, under the National Labor Relations Act, employers cannot electronically spy on certain types of concerted activity by employees about the terms and conditions of employment.

Although monitoring is broadly permitted under federal law, some states require that employers notify employees that they may be monitored. Even in states that do not require notice, employers often choose to provide notice since employees who know they are being monitored are less likely to misuse corporate systems. It is good practice for an employer to have employees sign a consent or acknowledgment that monitoring may occur and to inform them that personal calls may not be made from particular telephones.

Employers may also monitor what an employee posts to social media. However, under some state laws employers cannot request that an employee provide his or her username and password to a social-media account in order for the employer to see content that was not published publicly. This would include, for example, posts that were made available only to an employee’s friends, or personal network. In addition, some state laws prohibit employers from requiring that their employees accept a friend request that would permit the employer to view friends-only social media posts.

Finally, some states prohibit monitoring of telephone calls on an employer’s telephone network without the consent of one or both parties to the communication.


Percent of employers who actively monitor their employees electronically.1


States that require notice to employees of electronic monitoring.2


States that introduced or considered legislation in 2016 prohibiting employers from requesting passwords to social media accounts.3

What to consider when crafting employee monitoring policies:

  1. Does your organization publish an acceptable use policy?
  2. Does the acceptable use policy explain what employees may and may not do over the Internet while at work?
  3. Does the acceptable use policy explain the disciplinary consequences of violating the policy?
  4. Do you have the ability to block or otherwise restrict access to Internet sites that are barred under the acceptable use policy?
  5. Does your employee handbook make employees aware of monitoring?
  6. Does the state in which the employee works require single or dual consent for monitoring telephone conversations, and have your employees consented?
  7. If your organization monitors phone calls, do you have a policy to cease monitoring when a call is clearly personal in nature, and do you follow it?
  8. Have you considered whether an employee might be able to argue that they have an expectation of privacy to their work emails or to their work phone calls?
  9. Are you monitoring emails to or from password-protected personal accounts?
  10. Are your employees using their own computer equipment to send emails or view the Internet?