D.C. Circuit Decision Ratchets Up the Risk for Employers Who Use Location Tracking

Posted on August 19, 2010 by Privacy and Data Protection Practice Group

GPS receiver in handEmployers are increasingly tracking their employees’ whereabouts as smartphones, laptops, and vehicles equipped with location-tracing technology become ever more prevalent. Statutes restricting the use of location-tracking devices typically do not impinge upon such tracking because the law’s definition of a tracking device does not encompass phones or laptops enabled with Global Positioning System (GPS) technology or because the law permits the vehicle’s owner to install a tracking device. The question remains, however, whether tracking employees’ location constitutes a common law invasion of privacy.

A recent decision by the federal court of appeals in the District of Columbia suggests that, in certain circumstances, employers who track their employees’ location could face liability for invasion of privacy. In U.S. v Maynard (pdf), the court held that the FBI had infringed upon the criminal defendant's reasonable expectation of privacy by “tracking his movements 24 hours a day for four weeks with a GPS device they had installed on his Jeep without a valid warrant.” Key to the court’s decision was the intimate knowledge of the suspect’s life that could be gleaned from pervasive location-tracking as opposed to observing the suspect’s public movements for a short period of time:

Repeated visits to a church, a gym, a bar, or a bookie tell a story not told by any single visit, as does one's not visiting any of these places over the course of a month. The sequence of a person's movements can reveal still more; a single trip to a gynecologist's office tells little about a woman, but that trip followed a few weeks later by a visit to a baby supply store tells a different story. A person who knows all of another's travels can deduce whether he is a weekly church goer, a heavy drinker, a regular at the gym, an unfaithful husband, an outpatient receiving medical treatment, an associate of particular individuals or political groups — and not just one such fact about a person, but all such facts.

Based on this distinction between pervasive and non-pervasive tracking, the court concluded that a “reasonable person does not expect anyone to monitor and retain a record of every time he drives his car, including his origin, route, destination, and each place he stops and how long he stays there; rather, he expects each of those movements to remain ‘disconnected and anonymous.’”

While the court’s decision construes only Fourth Amendment protections against government intrusions, the court’s observations clearly could be used to support a common law claim for invasion of privacy against an employer that uses GPS-enabled vehicles, laptops or smartphones to engage in surreptitious, 24/7 location tracking of its employees. That being said, the D.C. Circuit’s decision splits from the rulings of three other circuits — the Seventh, Eighth, and Ninth, making it likely that the D.C. Circuit’s decision will be subject to U.S. Supreme Court review. These other courts held that the warrantless use of a location-tracing device does not violate the Fourth Amendment because a criminal suspect cannot reasonably suspect privacy in his public movements. These cases, therefore, can be used to defeat an invasion-of-privacy claim based on an employer's use of pervasive location tracking.

Nonetheless, the D.C. Circuit’s decision highlights several steps employers can take to reduce the risk of privacy-based claims arising from location tracking: location-tracking in a manner that would make an invasion of privacy claim far less likely:

  • Avoid surreptitious location tracking
  • Provide employees with detailed, written notice of any location tracking
  • When practical, have employees acknowledge receipt of the notice
  • Limit location-tracking, when technically feasible, to working hours
  • Restrict access to location-tracking information to those with a need to know

This entry was written by Philip L. Gordon.

Photo credit: Paul Downey
Tags: , , ,
  • Email This
  • Print
  • Share Link

Further Guidance on Monitoring Employee Texts and E-Mails

Posted on June 22, 2010 by Privacy and Data Protection Practice Group

In its first foray into the potentially treacherous intersection of workplace monitoring of electronic communications and employee privacy expectations, the United States Supreme Court considered whether the City of Ontario Police Department violated the privacy rights of Sergeant Jeff Quon by reviewing sexually explicit text messages sent by Quon using a City-issued pager. The Court declined to issue any broad pronouncements concerning the permissible scope of workplace monitoring. The Court's decision, nonetheless, provides useful guidance for employers — whether governmental or private — on steps they can take to reduce their exposure to privacy-based claims arising from their review of employees' text messages, e-mail, and other electronic communications. To learn more about this decision and its implications for employers, please continue reading Littler's ASAP, U.S. Supreme Court Ruling Provides Guidance on Monitoring Employee Texts and E-Mails, by Philip L. Gordon and Denise Drake

Tags: , , , , , ,
  • Email This
  • Print
  • Trackbacks
  • Share Link

Quon Decision Provides Useful Guidance for Private Employers While Skirting Broad Pronouncements on Employee Privacy Rights

Posted on June 17, 2010 by Privacy and Data Protection Practice Group

Text MessagingAs anticipated in our blog post describing the oral argument before the U.S. Supreme Court in City of Ontario v. Quon (pdf), the Court declined today to make any broad pronouncements concerning employee privacy rights in electronic communications using employer-issued equipment. The Court reserved expressing an opinion given the newness and evolving nature of cell phone and text message communications. Instead, the Court held that the City of Ontario Police Department did not violate the Fourth Amendment rights of a SWAT team member, Sgt. Jeff Quon, by reviewing text messages sent and received by Quon on a department-issued pager because, even assuming that Quon had a reasonable privacy expectation, the City’s review of his text messages was motivated by a legitimate work-related purpose and was not excessive in scope. Notwithstanding its narrow and fact-specific nature, the Court’s ruling still provides useful guidance for private employers.

Most importantly, the Court emphasized, in the following language, the importance of a well crafted and broadly distributed electronic resources policy when defending against an employee’s claim that an employer tortiously reviewed the employee’s electronic communications:

[E]mployer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.”

The Court also highlighted a key distinction between corporate e-mail and text messages sent by cell phone, i.e., such text messages typically are transmitted through the cell phone provider’s server, rather than an employer-owned server. In Quon, this distinction was important because the department’s e-mail policy focused on e-mail sent through the department’s server and did not mention text messages. However, the Court emphasized that the department had informed SWAT team members, when issuing pagers to them, that the e-mail policy would be applied to text messages transmitted through the service provider. Similarly, private employers should ensure that their electronic resources policy is not limited to e-mail or to communications transmitted through the company’s e-mail server.

Although not deciding the issue of Quon’s privacy rights, the Court did give some weight in passing to Quon’s contention that a management-level police official had created an expectation of privacy for Quon by telling him that the official would not audit Quon’s text messages if Quon paid any required overage charges. Private employers should take care through policy language and training to avoid a situation where an employee could allege that a management-level employee countermanded corporate policy aimed at defeating employees’ privacy expectations in their electronic communications.

The Court’s holding — that Quon’s claim failed because the department’s search was legitimate and reasonable — demonstrates that private employers can substantially reduce their potential exposure on privacy-based claims by acting reasonably when searching and reviewing employees’ electronic communications. In Quon, for example, the department initiated its investigation for the legitimate purpose of determining whether the department’s character restrictions on text messages were too low and, therefore, forced SWAT team members to pay overage charges for work-related texts. In addition, the department reviewed only a relevant sampling of Quon’s texts, and the internal investigator who conducted the review redacted all messages sent or received by Quon during non-working hours. The department’s precautions demonstrate that, by conducting an investigation to accomplish a legitimate business purpose and in a manner that is not excessive, private employers can defeat claims based upon a review of an employee’s electronic communications, even if a court were to find that the employee had a reasonable expectation of privacy in those communications.

While private employers can take heart from Quon, they also should take heed of the following statement by the Court:

[The department’s] audit of messages on Quon’s employer-provided pager was not nearly as intrusive as a search of his personal e-mail account or pager, or a wiretap on his home phone line, would have been.”

As employees increasingly access personal e-mail accounts using employer-issued equipment and rely more heavily on personal smart phones to conduct company business, the privacy issues confronted by private employers (and the courts) will become only more complex. Here again, a well crafted and broadly distributed policy that puts employees on notice of how and when the employer will access these communications can go a long way towards strengthening the employer’s hand in litigation. At the same time, employers should beware that, as reflected by a recent decision of the New Jersey Supreme Court, even the most comprehensive electronic resources policy may not always win the day.

This entry was written by Philip L. Gordon.

Photo credit: DNY59
 
Tags: , , , , , ,
  • Email This
  • Print
  • Trackbacks
  • Share Link

Oral Argument in the Quon Text Messaging Case Suggests the U.S. Supreme Court Will Avoid a Broad Pronouncement Concerning Employee Privacy Rights

Posted on April 19, 2010 by Privacy and Data Protection Practice Group

During oral argument today in a closely watched case with potentially, far-reaching implications for private and public employers, the U.S. Supreme Court suggested that its ultimate ruling could be far narrower than anticipated by many. In the case, City of Ontario v. Quon, the Court is reviewing a the Ninth Circuit Court of Appeals’ ruling that the City of Ontario (California) Police Department violated the Fourth Amendment rights of SWAT officer Jeff Quon by reviewing text messages sent and received by Quon using a City-provided pager and messaging service. The Ninth Circuit found that: (a) Quon had a reasonable expectation of privacy in his text messages, and (b) the City violated Quon’s privacy expectation by reviewing his text messages without his knowledge or consent, the two elements of Quon’s Fourth Amendment claim.

While public discussion of the case has revolved principally around the first element of Quon’s claim, i.e., whether Quon reasonably could expect privacy in his text messages, the Supreme Court seemed to focus more heavily on the second element, i.e., whether the City’s review of Quon’s text messages was excessive or unreasonable. During the trial in the case, the jury found that the City’s purpose in searching Quon’s text messages was to determine whether those messages were sent for business or personal reasons. Under persistent questioning from Justices Breyer and Sottomayor, Quon’s counsel struggled to identify a less intrusive means for the City to achieve this indisputably, legitimate purpose than the City’s reading all of Quon’s text messages. The Supreme Court could resolve the case on this initial element of Quon’s claim and not even address whether Quon’s privacy expectation was reasonable.

The Court also appeared skeptical of the Ninth Circuit’s conclusion that Quon reasonably could have expected privacy in his text messages. To reach that conclusion, the Ninth Circuit had relied upon a statement by Lieutenant Duke, the police official responsible for the text messaging program. Duke told Quon that he would not read Quon’s text messages to determine whether they were business-related or personal so long as Quon paid the service provider’s overage charges when Quon exceeded the contractual limit on the number of characters per month. Justices Alito’s and Ginsburg’s questions suggested that they viewed Duke’s statement to be limited to his own actions as opposed to a guarantee of Quon’s privacy against any search by the City. Justices Stevens’ and Kennedy’s questions honed in on the nature of Quon’s SWAT duties, suggesting that Quon could not reasonably expect privacy given that he was on call 24/7 and knew, or should have known, that his text messages might be evidence in criminal proceedings.

Interestingly, Chief Justice Roberts’ questioning suggested that he was somewhat sympathetic to Quon’s contention that he reasonably could expect privacy in his text messages. The Chief Justice noted in his questions that Quon paid the City for his personal text messages, sent at least some of the texts while off-duty, and was told by Duke that he (Duke) would not audit them. The Chief Justice also noted that the Internal Affairs investigators who reviewed the transcripts of Quon’s text messages had redacted the personal ones, suggesting that these investigators considered the personal messages to be private.

In another noteworthy twist, the United States Government, arguing alongside the City, asked the Court to adopt a bright-line rule that employers can defeat the reasonableness of any employee’s expectation of privacy by issuing a policy informing employees that they have no privacy in their communications over employer-provided equipment. The Court did not seem receptive to this position. Justice Sottomayor noted the Court’s well established precedent — O’Connor v. Ortega — holding that “operational realities” of an office are a factor in determining whether an employee had a reasonable expectation of privacy in the workplace and that the employer’s policy is just one factor to consider.

Perhaps most telling of the Court’s likely hesitance to adopt a bright-line rule in either direction were comments by Justice Alito and the Chief Justice. Justice Alito emphasized the newness of the communications technology in the following statement:

[E]lectronic communications are stored all over the place in – and there isn't a history — these are — these are relatively new. There isn't a well-established understanding about what is private and what isn't private. It's a little different from putting garbage out in front of your house, which has happened for along time.

The Chief Justice emphasized the evolving nature of communications technology in response to the federal government’s advocacy of a bright-line rule, stating, “We are dealing with [the Fourth] [A]mendment that looks to whether something is reasonable. And I think it might be the better course to say that the Constitution applies, but we are going to be more flexible in determining what is reasonable because we are dealing with evolving technology.” (emphasis supplied).

A ruling will be issued by the end of the Court's term in June 2010.

This entry was written by Philip L. Gordon.
Tags: , , , , , , ,
  • Email This
  • Print
  • Trackbacks
  • Share Link

Quon Ruling Not Significant Obstacle to Employers' Accessing Text Messages

Posted on June 20, 2008 by Philip Gordon

The Los Angeles Times reported on June 19, 2008, that the Ninth Circuit’s decision in Quon v. Arch Wireless Operating Co., “sharply limited the ability of employers to obtain e-mails and text messages sent by employees on company-financed accounts.” And many major news outlets echoed this sentiment: "Court Rules Employee Text Messages Are Private," "SF Court Protects Privacy of Work Communications," "Stop Snooping on Email, Court Tells Some Nosy Bosses." However, the assertion of the LA Times reporter, while literally true, is pure hyperbole when viewed in the context of a real-world workplace.

The Ninth Circuit ruled in Quon that a text-message provider, Arch Wireless, violated the federal Stored Communications Act (the “Act”) by disclosing to the City of Ontario Police Department sexually explicit text messages sent by Sgt. Quon using a City-issued text-message pager, even though the City was the subscriber on the service contract. The court explained that the Act prohibits providers of an “electronic communication service” — Internet Service Providers (ISPs) and text messages services, for example — from disclosing stored e-mail or text messages without the consent of the sender or recipient. At first blush, this ruling appears to present a dramatic shift in the balance of power between employers and employees in the spy vs. spy world of workplace monitoring.

Not so fastEmployers can easily and lawfully circumvent the court’s ruling. Employers, for example, can prohibit employees from conducting any company business other than over the corporate network, and they can limit company-issued electronic devices to those, such as a Blackberry, that can be configured to route all communications through the corporate network. Notably, the Ninth Circuit’s decision expressly reaffirmed the well established rule that employers can defeat an employee’s expectation of privacy by distributing a policy unambiguously stating that employees communications using corporate resources will be monitored and are not private.

Of course, many employers in today’s world do provide cell phones with text-message capability. That does not mean that employees now can text with impunity. The Ninth Circuit’s decision addresses only access to the content of text messages stored at the provider. The decision imposes no limit on an employer’s obtaining transactional data, such as number of characters used, number of messages sent, or cost of service.

In any event, employers who think they may want to review their employees’ text messages need only condition payment for the cell phone, or for the service, on the employee’s giving written consent to the provider to disclose text messages to the employer; employees who don’t give consent and wish to keep their text messages private would have to pay for the service out of their own pocket. How many employees will be willing to pay $100 or more monthly to be able to send dirty text messages (especially with gas at $4 per gallon)?

There is yet another solution for employers. The Ninth Circuit’s ruling imposes no restriction on an employer’s review of text messages stored on company-issued cell phones. As long as the employer’s electronic resources policy notifies employees that text messages will be searched, the Ninth Circuit’s ruling actually can be used to defeat any privacy-based claim by an employee based upon such a review. In addition, as computer forensic capabilities improve and cell phone memory chips expand, these types of cell phone examinations could easily become routine.

The case is a cautionary tale on another point. The Ninth Circuit also addressed the question whether the City violated Sgt. Quon’s privacy expectations by reviewing his text messages after receiving them from Arch Wireless. On this point, the court noted (as I mentioned above) that in the normal course, the City’s “Computer Use, Internet and E-Mail Policy” would have defeated Sgt. Quon’s privacy-based claim. However, the police lieutenant responsible for overseeing the City’s text-message program had established an informal policy, communicated orally to Sgt. Quon, that the City would not read an officer’s text messages to determine whether they were personal or business-related so long as the officer paid for any over charges. The Ninth Circuit ruled that Sgt. Quon reasonably relied on this informal policy when he sent personal text messages using his City-issued pager, believing that the messages would remain private. Even though the City is a public employer, this holding is most likely is transferable to the private workplace.

Bottom line #1: Employers first need to evaluate whether reviewing messages stored with a service provider is in the employer’s interest. Corporate culture or potential employee rebellion potentially are significant countervailing factors. If the interest is strong enough, then the employer can execute any of the strategies described above to meet those objectives.

Bottom line #2: Instruct your IT personnel and others responsible for workplace monitoring not to make representations to employees that your business’ electronic resources policy will not be followed. Consider modifying your electronic resources policy to state that it can not be modified except by a written communication by a senior executive.

For further analysis of the Quon case, please see Littler ASAP: Employee Text Messages Are Not Inviolate: Understanding and Navigating the Ninth Circuit's Decision in Quon v. Arch Wireless Operating Company by Philip L. Gordon and Justin A. Morello.
Tags: , , , , , , , ,
  • Email This
  • Print
  • Trackbacks
  • Share Link