Workplace Privacy Counsel : San Francisco Employment Privacy Law Lawyer & Attorney : Littler Mendelson Law Firm : Employment Related Privacy Issues

In Convertino v. United States DOJ, 2009 U.S. Dist. LEXIS 115050 (D.C. Dec. 10, 2009), a case decided last week, a former federal prosecutor suing the Justice Department for an allegedly improper leak concerning an investigation into charges that he engaged in prosecutorial misconduct, sought to compel production of e-mails exchanged through the Justice Department’s e-mail system between Jonathan Tukel, a federal prosecutor involved in the investigation, and Tukel’s personal attorney. The federal District Court for the District of Columbia held that Tukel had not waived the privilege. The court determined that Tukel reasonably could expect privacy in the communications with his attorney because the Justice Department’s e-mail policy permitted personal use of its e-mail system, and Tukel stated in an affidavit that he was unaware that the Department regularly monitored his e-mail.

In contrast to this result, a federal district court in Idaho, in Alamar Ranch, LLC v. County of Boise, 2009 U.S. Dist. LEXIS 101866 (D. Idaho Nov. 2, 2009), held just six weeks earlier that an employee had waived the attorney-client privilege by exchanging e-mail with her attorney using her employer’s e-mail system. The court relied on the employer’s e-mail usage policy, which notified the employee that: (1) all e-mail was the employer’s property; (2) the employer reserved the right to monitor e-mail; and (3) employees should not assume that e-mail would be confidential. The court gave no weight to the employee’s testimony, almost identical to Tukel’s in the D.C. case, that she was unaware of the monitoring. The court found her subjective belief “unreasonable . . . in this technological age.”

Although not mentioned in the D.C. court’s opinion, the Justice Department’s e-mail usage policy most likely contains the same language that the Idaho court relied upon to find a waiver. Thus, the principal difference between the two cases appears to be the Justice Department’s express permission of some non-business use of its e-mail system. That said, employers would be short-sighted to think that prohibiting all non-business use in an e-mail policy would ensure a finding of waiver. Courts are likely to look to the employer’s de facto policy regarding non-business use, which, for virtually all employers, will be tacit permission of non-business e-mail despite an express ban on non-business use in the employer’s e-mail policy.

Given the above, employers can strengthen their position in the waiver battler by expressly stating the following in an e-mail policy with respect to non-business use of the employer’s e-mail system:

• Non-business e-mails are not private and are subject to the employer’s electronic resources policy in its entirety, including the employer’s policy on monitoring;
• Employees are prohibited from using the employer’s electronic resources to communicate with a personal attorney;
• Employees who use the employer’s electronic resources to engage in non-business e-mail communications through a personal web-based e-mail account should be aware that duplicates of such e-mail may be stored on the employer’s electronic resources and will be subject to review by the employer in accordance with its electronic resources policy.

This entry was written by Philip L. Gordon.

Although there are some differences in the privacy standards applicable to public sector and private employers, the standards are sufficiently similar that the Supreme Court’s decision likely will provide important guidance for employers on at least three issues. First, the law is relatively well settled that private employers can review any communications stored on a corporate e-mail server when the employer notifies employees of the monitoring, typically through an electronic resources policy. Quon is one of the first cases to address whether the same rule applies when the employee’s communication is transmitted through a third-party service provider under contract with the employer. The issue has gained increasing importance as an increasingly large number of employees use text messaging during the work day. (A case currently under consideration by the New Jersey Supreme Court, Stengart v. Loving Care, addresses an employee’s privacy expectations in copies of e-mail stored on a company-issued laptop that were sent through the employee’s personal e-mail account to her attorney.)

Second, the Supreme Court’s decision likely will address how a formal employment policy that otherwise would defeat an employee’s privacy expectation could be countermanded by an informal representation to a specific employee. Here, private employers likely will receive guidance on the types of informal statements that could be sufficient to countermand a formal policy as well as the degree of authority of the person making the informal statement necessary to override the formal policy.

Third, the Supreme Court also granted review on the question whether the senders of text messages to the SWAT officer had a reasonable expectation that his government employer would not read them. This question raises an issue that often is overlooked in cases revolving around an employer’s review of employee e-mail, i.e., the privacy interests of the sender. Without further development, it is difficult to anticipate the extent to which the Supreme Court’s ruling on this issue might affect private employers and what that affect might be.

Notably, the Supreme Court denied the service provider’s request for review of the Ninth Circuit’s ruling that the provider violated the federal Stored Communications Act by disclosing the SWAT officer’s text messages to the Department without his consent. Under the Act, a communications service provider, such as an ISP or cell phone provider, generally cannot disclose stored communications without the sender’s or recipient’s consent. An exception permits disclosure to the subscriber — the Department in the Quon case — when the provider is a “remote computing service.” The Ninth Circuit ruled that a “remote computing service” is akin to an electronic filing cabinet. Because the provider in the Quon case was a facilitator of communications, it was not a “remote computing service” and, therefore, could not take advantage of the exception. With the growing prevalence of “cloud computing” services, the proper definition of a “remote computing service” has become increasingly important. The Supreme Court’s decision to forego review of this issue leaves the Ninth Circuit’s ruling on this issue intact.

At bottom, Quon reflects the dynamic nature of the law governing technology in the workplace as communications technology rapidly moves beyond e-mail, and societal expectations change.

This entry was written by Philip L. Gordon

Photo credit: Niklas Bildhauer

Of course, many employers in today’s world do provide cell phones with text-message capability. That does not mean that employees now can text with impunity. The Ninth Circuit’s decision addresses only access to the content of text messages stored at the provider. The decision imposes no limit on an employer’s obtaining transactional data, such as number of characters used, number of messages sent, or cost of service.

In any event, employers who think they may want to review their employees’ text messages need only condition payment for the cell phone, or for the service, on the employee’s giving written consent to the provider to disclose text messages to the employer; employees who don’t give consent and wish to keep their text messages private would have to pay for the service out of their own pocket. How many employees will be willing to pay $100 or more monthly to be able to send dirty text messages (especially with gas at $4 per gallon)?

There is yet another solution for employers. The Ninth Circuit’s ruling imposes no restriction on an employer’s review of text messages stored on company-issued cell phones. As long as the employer’s electronic resources policy notifies employees that text messages will be searched, the Ninth Circuit’s ruling actually can be used to defeat any privacy-based claim by an employee based upon such a review. In addition, as computer forensic capabilities improve and cell phone memory chips expand, these types of cell phone examinations could easily become routine.

The case is a cautionary tale on another point. The Ninth Circuit also addressed the question whether the City violated Sgt. Quon’s privacy expectations by reviewing his text messages after receiving them from Arch Wireless. On this point, the court noted (as I mentioned above) that in the normal course, the City’s “Computer Use, Internet and E-Mail Policy” would have defeated Sgt. Quon’s privacy-based claim. However, the police lieutenant responsible for overseeing the City’s text-message program had established an informal policy, communicated orally to Sgt. Quon, that the City would not read an officer’s text messages to determine whether they were personal or business-related so long as the officer paid for any over charges. The Ninth Circuit ruled that Sgt. Quon reasonably relied on this informal policy when he sent personal text messages using his City-issued pager, believing that the messages would remain private. Even though the City is a public employer, this holding is most likely is transferable to the private workplace.

Bottom line #1: Employers first need to evaluate whether reviewing messages stored with a service provider is in the employer’s interest. Corporate culture or potential employee rebellion potentially are significant countervailing factors. If the interest is strong enough, then the employer can execute any of the strategies described above to meet those objectives.

Bottom line #2: Instruct your IT personnel and others responsible for workplace monitoring not to make representations to employees that your business’ electronic resources policy will not be followed. Consider modifying your electronic resources policy to state that it can not be modified except by a written communication by a senior executive.

For further analysis of the Quon case, please see Littler ASAP: Employee Text Messages Are Not Inviolate: Understanding and Navigating the Ninth Circuit's Decision in Quon v. Arch Wireless Operating Company by Philip L. Gordon and Justin A. Morello.