Workplace Privacy Counsel : San Francisco Employment Privacy Law Lawyer & Attorney : Littler Mendelson Law Firm : Employment Related Privacy Issues

In its first foray into the potentially treacherous intersection of workplace monitoring of electronic communications and employee privacy expectations, the United States Supreme Court considered whether the City of Ontario Police Department violated the privacy rights of Sergeant Jeff Quon by reviewing sexually explicit text messages sent by Quon using a City-issued pager. The Court declined to issue any broad pronouncements concerning the permissible scope of workplace monitoring. The Court's decision, nonetheless, provides useful guidance for employers — whether governmental or private — on steps they can take to reduce their exposure to privacy-based claims arising from their review of employees' text messages, e-mail, and other electronic communications. To learn more about this decision and its implications for employers, please continue reading Littler's ASAP, U.S. Supreme Court Ruling Provides Guidance on Monitoring Employee Texts and E-Mails, by Philip L. Gordon and Denise Drake. 

• Email This
• Print
• Trackbacks
• Share Link

As anticipated in our blog post describing the oral argument before the U.S. Supreme Court in City of Ontario v. Quon (pdf), the Court declined today to make any broad pronouncements concerning employee privacy rights in electronic communications using employer-issued equipment. The Court reserved expressing an opinion given the newness and evolving nature of cell phone and text message communications. Instead, the Court held that the City of Ontario Police Department did not violate the Fourth Amendment rights of a SWAT team member, Sgt. Jeff Quon, by reviewing text messages sent and received by Quon on a department-issued pager because, even assuming that Quon had a reasonable privacy expectation, the City’s review of his text messages was motivated by a legitimate work-related purpose and was not excessive in scope. Notwithstanding its narrow and fact-specific nature, the Court’s ruling still provides useful guidance for private employers.

Most importantly, the Court emphasized, in the following language, the importance of a well crafted and broadly distributed electronic resources policy when defending against an employee’s claim that an employer tortiously reviewed the employee’s electronic communications:

[E]mployer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.”

The Court also highlighted a key distinction between corporate e-mail and text messages sent by cell phone, i.e., such text messages typically are transmitted through the cell phone provider’s server, rather than an employer-owned server. In Quon, this distinction was important because the department’s e-mail policy focused on e-mail sent through the department’s server and did not mention text messages. However, the Court emphasized that the department had informed SWAT team members, when issuing pagers to them, that the e-mail policy would be applied to text messages transmitted through the service provider. Similarly, private employers should ensure that their electronic resources policy is not limited to e-mail or to communications transmitted through the company’s e-mail server.

• Email This
• Print
• Trackbacks
• Share Link

According to a report issued by Gartner Dataquest, telecommuters constitute more than one-quarter of the U.S. workforce. That number likely will increase substantially as new, mobile technologies make it easier for employees to work anywhere at any time; a new generation of tech savvy employees enters the workforce; and employers embrace alternative work arrangements. With employees absent from corporate offices, how can an employer ensure that its mobile workforce is, in fact, working. The public relations debacle recently confronted by the Lower Merion School District in Philadelphia’s Main Line suburbs highlights what employers should and should not do.

• Email This
• Print
• Trackbacks
• Share Link

During oral argument today in a closely watched case with potentially, far-reaching implications for private and public employers, the U.S. Supreme Court suggested that its ultimate ruling could be far narrower than anticipated by many. In the case, City of Ontario v. Quon, the Court is reviewing a the Ninth Circuit Court of Appeals’ ruling that the City of Ontario (California) Police Department violated the Fourth Amendment rights of SWAT officer Jeff Quon by reviewing text messages sent and received by Quon using a City-provided pager and messaging service. The Ninth Circuit found that: (a) Quon had a reasonable expectation of privacy in his text messages, and (b) the City violated Quon’s privacy expectation by reviewing his text messages without his knowledge or consent, the two elements of Quon’s Fourth Amendment claim.

• Email This
• Print
• Trackbacks
• Share Link

In a case with significant implications for all employers, the New Jersey Supreme Court ruled earlier this week that Marina Stengart, a former executive employee of Loving Care Agency, had a reasonable expectation of privacy in e-mail exchanged with her personal attorney through a personal, web-based e-mail account even though those communications were stored on a company-issued laptop. However, rather than limiting its decision to the facts of the case, that court went further, broadly stating that even “a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employees’ attorney-client communications . .. would not be enforceable.” In other words, New Jersey employers cannot properly read their employee’s e-mail exchanges with a personal attorney stored on company equipment — no matter what the employer tells its employees in its electronic resources policy.

Stengart also is significant because it illustrates the circumstances in which a court might find that an employee reasonably could expect privacy in e-mail stored on the employer’s electronic resources. To begin with, the New Jersey Supreme Court relied heavily on Stengart’s efforts to shield her e-mail from Loving Care. She used a private, personal, password-protected, web-based e-mail account, rather than the company’s e-mail server, and she did not save the user ID or password for that account on company-issued equipment. In addition, the New Jersey Supreme Court cited Stengart’s affidavit testimony in the trial court that she did not know that a duplicate of e-mail transmitted through a personal e-mail account would be saved in a temporary file on the company-issued laptop used to transmit the e-mail or that a computer forensic expert (like the one hired by Loving Care) could retrieve the messages. Finally, the court emphasized that reasonable privacy expectations customarily inhere in attorney-client communications (as opposed to communications that are unlawful or otherwise violate company policy), quoting in full the confidentiality notice contained in all e-mails sent by Stengart’s lawyer.

Loving Care’s electronic resources policy only weakened the company’s position. The court noted that the policy did not even mention personal e-mail accounts, let alone notify Stengart of Loving Care’s ability to retrieve from company-issued equipment e-mail transmitted through a personal e-mail account.

• Email This
• Print
• Trackbacks
• Share Link

The U.S. Supreme Court agreed, today, to review the Ninth Circuit Court of Appeal’s decision in Quon v. Arch Wireless, a case with potentially important implications for private employers. As explained in prior posts, the appellate court held that the City of Ontario Police Department violated a SWAT officer’s reasonable expectation of privacy by reviewing the content of his sexually explicit text messages, even though: (1) the messages had been sent with a Department-issued pager through a service provider under contract with the Department, and (2) the Department’s formal policy informed all SWAT officers that the Department might review their text messages. In reaching that conclusion, the Ninth Circuit relied principally on a statement by the officer in charge of the text messaging program to the SWAT officer that the Department would not review his text messages if he voluntarily paid any overage charges resulting from excessive personal use.

• Email This
• Print
• Trackbacks
• Share Link

Sometimes cases with disgusting facts provide good law for employers. A case recently decided by the Wisconsin Court of Appeals proved that point in reversing a $1.4 million judgment on claims for negligent training and supervision against a security company based on the off-duty Internet activities of one of its employees.

• Email This
• Print
• Trackbacks
• Share Link

Private employers are increasingly implementing location-tracking devices — Global Positioning Systems (GPS) and Radio Frequency Identification (RFID) — to manage their workforces. These devices, for example, permit insurance companies to confirm that adjusters who may never come to the home office are, in fact, adjusting; help delivery companies identify the most efficient routes for their drivers; and allow hospitals to find nurses in an emergency. Employees, however, often shirk at the notion that their employer is tracking their every move.

The New York Court of Appeals, New York State’s highest court, recently issued an opinion in the case captioned, People v. Weaver, reflecting that court’s fundamental discomfort with pervasive and surreptitious location tracking by law enforcement. In that case, a police investigator, who did not have a warrant, secretly placed a location-tracking device on the defendant’s van. For 65 days, the police tracked the van’s movements, unbeknownst to the driver. Prosecutors ultimately used the location information to obtain the defendant’s conviction for crimes related to two burglaries.

The court’s majority emphasized that location-tracking technology is fundamentally different from other forms of surveillance: “any person or object, such as a car, may be tracked with uncanny accuracy to virtually any interior or exterior location, at any time and regardless of atmospheric conditions. Constant relentless tracking of anything is now . . . entirely practicable.” The court reached a high note in expressing its concern over tracking technology’s impact on personal privacy:

The whole of a person's progress through the world, into both public and private spatial spheres, can be charted and recorded over lengthy periods . . . . Disclosed in the data retrieved from the transmitting unit . . . will be trips the indisputably private nature of which takes little imagination to conjure: trips to the psychiatrist, the plastic surgeon, the abortion clinic, the AIDS treatment center, the strip club, the criminal defense attorney, the by-the-hour motel, the union meeting, the mosque, synagogue or church, the gay bar and on and on. What the technology yields and records with breathtaking quality and quantity, is a highly detailed profile, not simply of where we go, but by easy inference, of our associations -- political, religious, amicable and amorous, to name only a few -- and of the pattern of our professional and avocational pursuits.

Ultimately, the court ruled that the warrantless use of the location-tracking device in Weaver was an unreasonable search in violation of New York State’s equivalent to the Fourth Amendment to the United States Constitution.

• Email This
• Print
• Trackbacks
• Share Link

Employers often put employees on notice, through an electronic resources policy, that communication via company e-mail accounts is not private. Far fewer policies, however, address employees’ use of their personal Internet-based e-mail accounts using company computer resources. What should an electronic resources policy tell employees on that subject?

A recent New Jersey case, Stengart v. Loving Care, sheds some light on the answer. Before Maria Stengart resigned and sued Loving Care, her employer, she e-mailed her lawyer through her personal web-based account from her company-issued computer with Loving Care’s Internet access. With the help of a computer forensic expert, Loving Care was able to recover temporary files stored on the hard drive of the company-issued computer which contained copies of Stengart’s attorney-client communications. (Employers should note that many web-based e-mail applications leave such temporary files on the hard drive of the sender’s computer).

When Stengart discovered that Loving Care’s lawyers planned to use her e-mail in the litigation, she objected. The trial court was asked to decide whether the e-mail, sent during work hours on a company laptop, was protected by the attorney-client privilege. The court held that it was not.
 

• Email This
• Print
• Trackbacks
• Share Link

Management-side lawyers and human resources professionals need to start thinking deeply about the key finding in a recent survey by The Creative Group, a staffing service company: more than one-half (57%) of 250 surveyed advertising and marketing executives responded that surfing the web during working hours is acceptable. How does an employer reconcile this apparent new-found acceptance of on-the-job Web surfing with the American Management Association’s finding in its 2007 survey of workplace monitoring that 30% of employers surveyed had fired an employee for Internet surfing at work?

Employers in more staid industries might shrug off the new survey result as a quirk of professions that appear to be more about creativity than productivity, but that would be too shortsighted. Let’s face it, nearly everyone surfs the Web at work at one point or another. Perhaps more importantly, the first generation to spend adolescence surfing the Web is starting to move into middle management and even senior management. This generational shift is rendering obsolete — in practice if not in form — corporate policies that forbid employees from using corporate electronic resources, i.e. Internet access, for non-business purposes.

Facing reality does not mean that employers must open the floodgates to pornography, fantasy football and online gambling. Instead, employers need to take up the challenging task of establishing rules for acceptable and unacceptable non-business use of the corporate Internet connection. The employer’s existing policies are a good starting point; employees should be barred from accessing any Web sites that communicate information which, if posted on the corporate intranet, would violate the company’s anti-discrimination and anti-harassment policies. Establishing bandwidth limits and prohibitions on Internet use that interferes with network operations should effectively eliminate most streaming media. Requiring employees to limit non-business use of the corporate Internet connection to breaks and meal periods and to no more than thirty minutes daily would permit discipline of employees engaging in potentially addictive and disruptive Internet activities, such as online gambling.

What is left might actually enhance productivity or create some good will. Rather than taking an extended lunch break, employees can spend a few minutes on the Web to order clothes or books. Employees who have been grinding during the week can plan a few weekend activities that will provide a much-needed respite from work. In short, the new survey result emphasize the point that the time has arrived for employers to revisit their business-only, workplace Internet policies.

• Email This
• Print
• Trackbacks (1)
• Share Link

Many employers include in their electronic resources policy a blanket prohibition on “engaging in any political activity.” A recent Guideline Memorandum issued by the NLRB’s General Counsel creates a minefield of potential unfair labor practices for employers who enforce this commonplace ban, especially as the 2008 presidential campaign heads towards its climax.

According to the GC’s Guideline, employees’ political advocacy can, in some circumstances, constitute “concerted activity” protected by the NLRA. The test is two-fold: First, is there “a direct nexus between the specific issue that is the subject of the advocacy and a specifically identified employment concern of the participating employees.” Put simply, is the political advocacy related to the terms or conditions of employment. Second, has the employee engaged in this protected political advocacy without violating "restrictions imposed by lawful and neutrally applied work rules." In other words, employers can discipline employees who engage in protected political advocacy as long as the rule used to justify the discipline is legal and is applied in a non-discriminatory manner. There’s the rub for employers.

Last December, the NLRB ruled that employers can implement an e-mail policy whose provisions incidentally prohibit union-related activity. An employer can, for example, promulgate a policy that bans all non-business use of its e-mail system or that bans all solicitations for membership organizations. While such policies effectively ban use of the corporate e-mail system for union-related activities, that result is only incidental to the broader ban directed at both non-union and union activities. Thus, an e-mail policy that bans all political activity using the corporate e-mail system is lawful, even though some of the banned activity may now, according to the GC’s Guideline, be protected concerted activity.

The challenge for employers is ensuring that this lawful policy is “neutrally applied.” During the presidential debate season, an employer can expect to see e-mail cheering and lambasting the candidates, encouraging co-workers to register for a particular party, and attacking or advocating planks in party platforms. If such e-mail traffic goes unpunished even though it violates the company’s ban on political activity over the corporate e-mail network, the trap may be laid for a successful unfair labor practice charge when months later employees are punished for exchanging e-mail about joining in a union-organized protest over a new work-related law advocated by the new President — whoever that might be.

For further analysis on the GC's Guidelines, please see Littler ASAP: Can a Bumper Sticker Get You Bumped? NLRB's General Counsel Issues Guidelines on Political Advocacy by Frank W. Buck and Richard L. Sloane.

• Email This
• Print
• Trackbacks
• Share Link

Some companies, like on-line retailer Zappos.com, are sponsoring corporate twitter sites. What is “twitter”? According to Twitter.com, “Twitter” is “a service for friends, family, and co–workers to communicate and stay connected through the exchange of quick, frequent answers to one simple question: “What are you doing?” A review of Zappos’ twitter site suggests the answer to that question rarely is “working.” Are Zappos employees unwittingly creating the justification for terminating their employment, or has Zappos—in an effort to foster unrestrained twittering—assured its employees that their “twittering” would not be used against them in a court of law?

We don’t know the answer to those questions, but we do know that any employer seeking to cater to the “Twitterites” in its workforce should first consider some tough legal issues. How will the company react when an employee twitters that she is “organizing a union” or “complaining to her buddies about all that overtime”? Would a Twitterite ever be so frank or uncool? How does a business respond to a Twitter record that, in fact, does show that an employee seems always to be doing something other than work during working hours? Twitter actually is quite good for identifying slackers because each Twitter post includes the date and time of posting. Yet this begs another question: How will the company extend a “litigation hold” to Twitter after receiving a preservation demand from a sophisticated plaintiff’s lawyer who specifically identifies "Twitter" as one category of information that purportedly must be preserved?

The point of this post is not to provide answers, but rather to highlight that each new generation of “cool corporate communications tools” brings some tough legal issues to the forefront. Those issues should be thoroughly discussed before an employer rushes headlong into an embrace of the next new thing.

• Email This
• Print
• Trackbacks
• Share Link

While the case is still in the early stages, Sidell v. Structured Settlement Investments, LP et al, Case No. 3:08-cv-00710-VLB (D.Conn 2008), is shaping up to be a case to watch. Recently covered by The New York Times, the lawsuit involves an interesting twist on workplace monitoring; namely, what are the limits on an employer’s access, using its own computer equipment, to an employee’s e-mail stored in an employee’s personal e-mail account. Ultimately, the case may add to the growing list of decisions regulating electronic communications in the workplace. See, e.g., Quon v. Arch Wireless; Scott v. Beth Israel. The Ninth Circuit decision in Quon was discussed in our prior blog entry, Ninth Circuit Ruling Not a Significant Obstacle to Employers' Accessing Text Messages.

According to the complaint, this is what happened: A company closed a branch and fired the office manager. The company claimed that the termination was for cause and explained the facts supporting its decision to the manager. Before the company had changed the locks, the office manager entered his old office, logged on to his computer, and sent an e-mail to his personal attorney regarding his potential claims against the company. The office manager did not log-off from his Yahoo! account, nor did he turn off his computer. As a result, this e-mail remained accessible through the computer in the office manager’s former office. Over the next few weeks while using the same e-mail account, the office manager sent his personal attorney numerous additional e-mails regarding his termination.

• Email This
• Print
• Trackbacks
• Share Link

The Los Angeles Times reported on June 19, 2008, that the Ninth Circuit’s decision in Quon v. Arch Wireless Operating Co., “sharply limited the ability of employers to obtain e-mails and text messages sent by employees on company-financed accounts.” And many major news outlets echoed this sentiment: "Court Rules Employee Text Messages Are Private," "SF Court Protects Privacy of Work Communications," "Stop Snooping on Email, Court Tells Some Nosy Bosses." However, the assertion of the LA Times reporter, while literally true, is pure hyperbole when viewed in the context of a real-world workplace.

The Ninth Circuit ruled in Quon that a text-message provider, Arch Wireless, violated the federal Stored Communications Act (the “Act”) by disclosing to the City of Ontario Police Department sexually explicit text messages sent by Sgt. Quon using a City-issued text-message pager, even though the City was the subscriber on the service contract. The court explained that the Act prohibits providers of an “electronic communication service” — Internet Service Providers (ISPs) and text messages services, for example — from disclosing stored e-mail or text messages without the consent of the sender or recipient. At first blush, this ruling appears to present a dramatic shift in the balance of power between employers and employees in the spy vs. spy world of workplace monitoring.

Not so fast: Employers can easily and lawfully circumvent the court’s ruling. Employers, for example, can prohibit employees from conducting any company business other than over the corporate network, and they can limit company-issued electronic devices to those, such as a Blackberry, that can be configured to route all communications through the corporate network. Notably, the Ninth Circuit’s decision expressly reaffirmed the well established rule that employers can defeat an employee’s expectation of privacy by distributing a policy unambiguously stating that employees communications using corporate resources will be monitored and are not private.

• Email This
• Print
• Trackbacks
• Share Link

Philip Gordon will present at the International Association of Privacy Professionals' (IAPP) human resources event on June 17 on the topics "Sex Offenders, Terrorists, And Video Resumes: How Far Can You Go To Get Information About Prospective, Current, And Former Employees?" and "It's 10:00 AM: Do You Know Where Your Employees Are And What They Are Doing?" Below, Mr. Gordon answers questions about workplace privacy.
 
IAPP: The IAPP is sponsoring its first ever Practical Privacy Series on Human Resources (HR) privacy. Why should privacy professionals be concerned about HR privacy?

Philip Gordon: There are many reasons. Here are just a few: First, privacy breaches involving employees are becoming a much more significant risk to organizations. Virtually every security breach involving employees triggers a notice obligation because of the prevalence of Social Security numbers, driver’s license numbers and financial account information in corporate HR departments. Also, sensitive health and disciplinary information can be much more easily disseminated through social networking sites or Web postings, raising the risks of litigation and substantial damages awards.

Second, employees are more likely to respect consumer privacy in an organization that is concerned about employee privacy. Demonstrating a commitment to addressing HR privacy issues establishes a culture that will enhance protection of consumer data.

Third, an employer’s commitment to HR privacy can provide an edge in recruiting and retaining employees, especially younger employees. In April 2007, Littler Mendelson and the Ponemon Institute published a study entitled “Workplace Survey on the Privacy Age Gap.” The study revealed that 85 percent of respondents under the age of 30 believed that their employer’s commitment to employee privacy was important, but only 20 percent believed that their employer was committed to protecting their privacy. Perhaps more to the point, 27 percent of respondents under age 30 said that they would find another job if their employer committed what they perceived to be a privacy violation.

Finally, HR privacy tends to fall into the gap between the chief privacy officer’s and the human resources director’s areas of responsibility. By way of illustration, in the Littler/Ponemon study, two-thirds of respondents said that their employer had a consumer privacy policy, but only 22 percent stated that their employer had an employee privacy policy. Along the same lines, only 6 percent of respondents said that they would contact a privacy professional in their organization if they had a question about workplace privacy.

IAPP: What do you see as some of the cutting-edge issues in the area of HR privacy?

Philip Gordon: Ironically, some of the most cutting-edge issues arise out of relatively public conduct on the Internet, such as social networking and blogging. Many employees perceive their off-duty blogging and social networking as private, but their postings often can have a significant impact on the workplace, for example, when they post photos of themselves with guns or in sexually provocative poses. Another example of this somewhat ironic twist on “privacy” can be seen when employers attempt to introduce location tracking devices into the workplace. The privacy implications of electronic monitoring also are becoming increasingly complex as employees rely more heavily on personal cell phones, PDAs, and Web-based e-mail accounts to conduct company business. Gary Clayton, founder of the Privacy Compliance Group, and I are going to delve into these issues in our presentations at the Practical Privacy Series, respectively entitled “It’s 10 AM: Do You Know Where Your Employees Are and What They Are Doing?” and “Sex Offenders, Terrorists and Video Résumés: How Far Can You Go to Get Information About Employees?”

IAPP: So much of the focus on consumer privacy revolves around data protection. How is data protection implicated in the area of HR Privacy?

Philip Gordon: Organizations tend to have more sensitive information about their employees than about their customers. State notice and data security laws have forced employers to focus more attention on safeguarding employee data. Global employers accustomed to the greater emphasis on employee data protection in the European Union also are turning their attention to employee data protection. Two of the presentations at the HR Practical Privacy Series will focus on these issues. Peter Rabinowitz, Privacy, Governance & Risk Compliance Consultant at PricewaterhouseCoopers, LLP and Lydia Payne-Johnson, CIPP, Financial Services Privacy Consultant at PricewaterhouseCoopers and former CPO at Morgan Stanley, will explain how to conduct an HR privacy risk assessment. Brian O’Conner, former CPO at Eastman Kodak, and Rick Dakin, founder of Coalfire Systems, will present on security incident response when a breach involves employee data.

IAPP: Congress recently put the spotlight on the privacy of employee health information by enacting the Genetic Information Non-Discrimination Act (GINA). What is the current regulatory environment in the area of employee health information privacy and why is it important for privacy professionals to understand that environment?

Philip Gordon: Employee health information is subject to a very complex regulatory environment involving a variety of federal and state laws in addition to GINA. Employers are being inundated with employee health information as the American workforce ages. Employers also are increasingly relying upon drug and alcohol tests to weed out applicants and employees who might pose a threat to sensitive customer and employee data. Understanding the interplay of these health privacy laws and the web of restrictions on drug and alcohol testing is particularly important for employers because breaches of privacy in this area often result in litigation. Nancy Delogu, a partner at Littler Mendelson and a national expert on drug and alcohol testing, will be addressing this complex area of privacy at the Practical Privacy Series in a presentation entitled, “HIPAA, FMLA, ADA, CMIA: How to Handle Employee Health Information and Drug and Alcohol Testing in Compliance with Confidentiality Requirements.”
 

• Email This
• Print
• Trackbacks
• Share Link

The idea of mandatory “microchipping” — the practice of employers requiring employees to have a small computer chip inserted beneath the skin — triggers a high score on virtually any cringe meter.  According to a 2007 study conducted jointly by Littler Mendelson and the Ponemon Institute (“Workplace Survey on the Privacy Age Gap”) more than 90% of respondents, regardless of age, responded that mandatory microchipping by their employer would constitute a privacy violation. 

Mirroring this sentiment, in early September, the California Legislature sent to Governor Schwarzenegger for signature a bill which would prohibit any person from requiring, coercing or compelling “any other individual to undergo the subcutaneous implanting of an identification device.” [UPDATE:  Governor Schwarzenneger signed the bill into law].  An “identification device” is defined as one capable of transmitting personal information by radio frequency (RFID) or other means. 

The only surprise about this bill is that California — the state most protective of individual privacy — is not the first to ban mandatory microchipping legislatively.  North Dakota and Wisconsin grabbed that honor, passing prohibitions on mandatory microchipping in April and May 2006, respectively.  Legislatures in seventeen other states — including Georgia, Michigan and New Jersey — are considering similar laws. 

• Email This
• Print
• Trackbacks
• Share Link

“You have no right to privacy in your e-mail using corporate resources”
“The Company reserves the right to monitor your Internet access at any time”
So chimes policy after policy after policy. But, is the mantra really true?

Several recent cases suggest that answer is “not always.” In United States v. Long, the highest military court (not exactly a known bastion of privacy protection), recently held that a Marine Corps investigator violated a soldier’s privacy rights by obtaining inculpatory e-mail from the system administrator. The Department of Defense had an e-mail policy that was as draconian as any private employer’s, but the policy said nothing about turning over e-mail to criminal investigators, and the system administrator admitted that he did not read individual e-mails when monitoring the system because he felt they were private. Sound familiar?

At the start of 2007, the Ninth Circuit Court of Appeals in United States v. Ziegler held that an employee caught viewing child porn on his work computer had a reasonable expectation of privacy in the computer because it was stationed in his locked office. The court stated more generally, “in the private employer context, employees retain at least some expectation of privacy in their office,” which, for most employees in today’s working world includes a computer with stored e-mail.

• Email This
• Print
• Trackbacks
• Share Link