Providing a company email account, telephone line and access to the company intranet to an independent contractor, while often essential to the role, can give rise to a number of legal issues, the least of which may be misclassification risk.
The issue of paramount concern to most employers often is that of employment classification, but it may not actually be the most significant — the mere provision of an email account will not, of itself, be significant in determining employment status.
But there are other types of risks to consider. Email communications in particular may lead to a variety of legal problems for employers, whether those communications are from or between employees and non-employees.
For example, employers may be liable for sexual harassment and a hostile work environment based upon email between employees and/or contractors. Email comments may provide evidence of unlawful discrimination.
Harassment/discrimination. Both employees and contractors may claim an expectation of privacy in relation to email, unless the employer clearly states otherwise in a policy or other communication. Invasions of privacy may create civil liability and prevent effective investigations of criminal misconduct.
Privacy. The National Labor Relations Board (NLRB) has indicated that, in their view, email exchanges may create protected “concerted activity” — which is when two or more employees take action for their mutual aid or protection regarding terms and conditions of employment. Discussing work-related issues beyond pay — such as safety concerns — with each other over email, or a single employee communicating on behalf of others, may amount to concerted activity.
Confidentiality. Communicating confidential information by email to a third party may jeopardize attorney-client privilege. Further, intellectual property and trade secrets may be lost by careless email disclosures.
Authority. In addition to all of these scenarios, which illustrate the risks inherent in the widespread use of email in the workplace, the case of PanAmerican Operating Inc. v. Maud Smith Estate shows how email may ‘clothe’ an independent contractor with apparent authority to represent the employer.
Apparent authority arises when a reasonable person exercising due diligence would think that an independent contractor had authority to act as an agent for the employer principal. Actual authority is granted by one person (the principal) to another (an agent) to act as the representative and create legally binding contracts on his or her behalf. An individual’s conduct may cause a third person to justifiably believe that actual agent authority exists. Supposed authority can only be created by the principal’s conduct, not by the would-be agent’s.
PanAmerican allowed an independent contractor to use a company email account, physical address and phone line. The contractor negotiated an oil and gas lease contract via email, claiming to represent PanAmerican. Subsequently PanAmerican denied that the independent contractor was its agent and refused to honor the agreement. While other factors also indicated actual authority, the email account was of special note in the case.
The Court acknowledged that merely granting an individual an email account does not automatically create apparent authority. Nevertheless, knowing that this individual would negotiate with third parties required PanAmerican to order the independent contractor to inform third parties that no agency existed and to more closely monitor the individual’s conduct — which PanAmerican did not do. This was not a situation in which an individual sent an email unrelated to the company claiming to be an agent. Pan American was bound by the negotiated contract.
Public relations. Beyond legal issues, offensive or embarrassing emails or social media activity by workers may become a public relations disaster.
All employers should have well-drafted e-communications policies for all workers, but those that engage non-employees who are permitted to use electronic communications during employment with the company should consider some important protocols to protect theorganization:
- Records. Make sure you have a comprehensive record of all contractors who have access to your system, communications infrastructure, data and technology. Be clear about the levels of access afforded to each contractor and consider monitoring emails of those who are client-facing — and ensure that you have informed the contractor that monitoring will be carried out. Also, restrict the email distribution lists to which non-employees are added so that they receive important company and job-related information, but do not receive internal communications intended for employees only.
- Email addresses. Some organizations use a distinguishing feature within the address that indicates that they are non-employees. For example, if the standard address is firstname.lastname@example.org, contractors may be given addresses with the suffix -ext., i.e., email@example.com.
- Intranet and document management system (DMS) access. Non-employees’ access to the company’s intranet and DMS should be strictly limited to that information to which they absolutely need to have access. Their access should be reviewed and monitored.
- Policies. Employers should have comprehensive policies that govern the use of the company’s systems and equipment, as well as nondisclosure and confidential information policies. All individuals who have access to company technology and electronic communications — independent contractors as well as employees — should be required to agree to such policies. These should cover the use of email and other means of communication for the purposes outlined above (harassment. discrimination, confidentiality, information about levels of monitoring and the commercial justification for it, authority in representing the company, public relations and password protocols).
- Hardware, phone numbers and business cards. Employers should be reluctant to give non-employees equipment and phone extensions. In addition, any business cards and voice-mail messages issued to nonemployees should clearly indicate they aren’t company employees.
- Access protocols. Non-employees’ electronic access should end at a certain time and, if necessary, require approval to be reinstated. Independent contractor roles and assignments can change and a nonemployee may no longer need the access they were previously given.
A comprehensive e-communications policy, some basic protocols and regular staff training on acceptable e-behavior go a long way towards protecting an employer from liability for wilful or negligent activity by employees and independent contractors.