The Catholic University of America

Summary of Federal Laws

Miscellaneous Laws that Might Apply

Compliance Partners

Chief Information Officer
General Counsel

Related Policy

Employee Electronic Communications

Electronic Communications Privacy Act of 1986 (ECPA)

18 U.S.C. §§ 2510-2522; (Wiretap Act) and 18 USC §§ 2701-2711 (Stored Communications Act)

The ECPA amended Title III of the Omnibus Crime Control and Safe Streets Act of 1968 (the Wire Tap Statute), which was designed to protect communications from government surveillance. The law also regulated private individuals and businesses. The ECPA amended the Wire Tap Statute to encompass transmissions of electronic data by computer and the law prohibits both the interception of electronic communications and access to stored electronic communications. Some commentators argue that this law gives employees of private entities a right to privacy in their e-mail. Title 18 U.S.C. § 2510(15) extends the Act's protection to university-owned telephone, e-mail and Internet systems. However, there is support for the proposition that employers who own the computer system used by their employees have the right to monitor employees' e-mail. Employee consent is also a defense to liability under the ECPA intercept provision, and this exception is the more certain of the exceptions to liability under the law. Thus, employees should either consent to or be put on notice that it is university policy that their e-mail may be intercepted.

Monitoring Employee Phone Calls

The federal wiretap statute, 18 U.S.C. § 2510 et seq., as amended by the Electronic Communications Privacy Act, makes it illegal to intercept or disclose intercepted telephone communications unless certain exceptions apply. The law creates civil and criminal liability for anyone who "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral or electronic communication."

There are basically two exceptions to this law that can be considered by an employer who wishes to monitor employee phone calls:

  • the consent exception, and

  • the business extension exemption.

The Consent Exception

Interception of a communication is allowed when one of the parties to a communication has given prior consent. Express consent to be monitored should be given by the employee. Implied consent is a possibility, but tougher to rely upon. Consent will not be casually implied, as the intent of the law is to protect individual privacy. Thus, an employee who has consented to the monitoring of calls for business purposes should not be considered to have given consent to monitoring of personal calls.

Special Considerations for Interstate Phone Calls

In addition to the federal statutory requirements, most telephone common carriers have implemented tariffs that require one of the following when the conversation being taped is interstate:

  • two-party consent to the wiretapping;

  • verbal notification by the recording party prior to recording the conversation; or

  • an automatic "beep" tone at regular intervals while the recording device is in use.

Failure to follow these rules may result in a fine from the carrier or discontinuation of the phone service. The rules are modeled after the Federal Communications Commission tariffs regulating phone companies. See 48 C.F.R. § 64.501.

The Business Extension Exemption

The business extension exemption does not require consent. However, there are very specific conditions that must be met to qualify for this exemption. The business extension exemption can only be claimed for monitoring performed by certain types of equipment, and the recording must occur in the ordinary course of business. The exemption covers any recording done by any telephone or telegraph instrument, equipment or facility, or any component thereof

  • furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of business and being used in the ordinary course of business, or

  • furnished by such subscriber or user for connection to the facilities of such service and used in the ordinary course of its business.

In sum, to rely on this exemption, two prerequisites must be met:

  • either the phone company or the subscriber furnished the intercepting telephone or telegraph instrument, equipment, facility, or component, and

  • the equipment was used in the ordinary course of business.

Other Considerations

Many state statutes resemble the federal wiretapping statute. See e.g., D.C. Code Ann. § 23-541 et seq. However, other states may impose greater restrictions. See, e.g., Md. Code Ann. § 10-402. For employees in a union, the National Labor Relations Board (NLRB) has held that employee monitoring is a mandatory subject of bargaining.


As can be seen from the above, the business extension exemption is difficult to administer and leaves the employer open to charges of illegally monitoring personal calls. The preferred route is recording calls with the necessary consent in place.

The following steps should be taken by any employer who monitors employee phone calls:

  • Identify within the organization the reason for monitoring calls. Acceptable reasons may include making sure your employees are handling calls properly, and obtaining tapes for training new employees.

  • Do not intercept personal calls. Monitoring must cease as soon as the personal nature of the call becomes apparent.

  • Provide a separate unmonitored phone line for personal calls. Advise employees to use this line when making personal calls.

  • Inform employees in writing about the policy of monitoring calls and the reason for doing so. Inform all new employees of the same.

  • Only allow authorized personnel to monitor the calls.

  • If recording of interstate calls occurs, both parties to the call must have notice of the recording.

  • Obtain a written acknowledgment and consent form from employees. The form should make it clear that while it is the employer's policy to not monitor personal calls, the employee who is charged with listening to a tape may overhear personal calls that are made on a taped line.

These suggestions were adapted from "Monitoring Employees' Telephone Calls: Is it Legal?," Georgia Employment Law Letter, Vol. 6, Issue 3 (Oct. 1993) (M. Lee Smith Publishers & Printers).

Q: What are the state laws on tape recording of conversations?

A: There is comprehensive information at the website This website is maintained by the Reporters Committee for Freedom of the Press.



NACUANOTES: Business Vs. "Nobody's Business": Searches of Employer-Issued Technology and the University Employee's Expectation of Privacy  (May 23, 2012)

Virginia Tech Privacy Policy for Employees Electronic Communication





Changes to ECPA made by the USA PATRIOT ACT

On Oct. 26, 2001 President Bush signed the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001.(Public Law 107-56; 115 Stat. 272). This  law amended a number of laws, including the Electronic Communications Privacy Act. The changes made by the PATRIOT Act to ECPA address two situations, one, the manner in which government authorities can compel disclosure, and two, whether or not an organization can make a voluntary disclosure to government authorities. For example, one of the changes in the law is that search warrants can now be used to access stored voice mails transmitted via computer.

Section 212 of the USA-Patriot Act amends ECPA by adding a new voluntary disclosure exception for emergency situations. Under this exception, if a provider reasonably believes that an emergency involving immediate danger of death or serious physical injury to any person justifies disclosure of certain information without delay, the provider may disclose that information (content or non content records) to a law enforcement agency. Also, and this was not clear under the law before, under the USA PATRIOT Act an Internet Service Provider may authorize federal law enforcement to investigate computer trespass by someone outside the system, e.g. a person that does not have an existing relationship with the owner or operator of the system. (Section 202 amends 18 U.S.C. § 2516(1)(c) to add the Computer Fraud and Abuse Act offenses (18 U.S.C. § 1030))





updated 1-1-18 mlo