As with many workplace issues, the first step is to create an employee policy that outlines the rules for accessing the Internet and details the potential consequences for violating those guidelines. At minimum, an Internet Usage Policy should make it clear that employees are expected to use the Internet exclusively for job-related activities and that personal use is not permitted. In addition, it is imperative to expressly state that the company reserves the right monitoring employees Internet activity that takes place on employer-owned devices, including the data that is composed, sent or received through its online connections.

In a recent New Jersey employment law decision, the Appellate Division of the New Jersey Superior Court confirmed that employers have the right to monitor a worker’s Internet activity if they suspect abuse. In Liebeskind v Rutgers University, the plaintiff filed an invasion of privacy claim after his supervisors reviewed his browsing history to determine if he was spending an inordinate amount of time on non-work- related matters.

In its opinion, the court noted that Rutgers University had an "Acceptable Use Policy for Computing and Information Technology Resources" in effect at the time of plaintiff's employment. It stated that employees' privacy "may be superseded by the University's requirement to protect the integrity of information technology resources, the rights of all users and the property of the University." Rutgers further "reserve[d] the right to examine material stored on or transmitted through its facilities" where there was reason to believe that an employee was using workplace computing facilities in an improper way.

In dismissing the claim, the appeals court relied on Stengart v. Loving Care Agency, Inc., in which the New Jersey Supreme Court held that employers can monitor and regulate the use of workplace computers because they have a legitimate interest to protect their assets, reputation, and business productivity.

Applying this precedent, the Appellate Division concluded that the university had a legitimate interest in monitoring and regulating plaintiff's workplace computer and had a policy informing employees that it reserved the right to monitor Internet activity to determine improper use. The court also emphasized that the plaintiff did not provide any evidence that Rutgers University had attempted to access the content of personal, password-protected emails or personal accounts.