Supreme Court Review of Quon May Provide Important Guidance for Private Employers

Posted on December 14, 2009 by Privacy and Data Protection Practice Group

The U.S. Supreme Court agreed, today, to review the Ninth Circuit Court of Appeal’s decision in Quon v. Arch Wireless, a case with potentially important implications for private employers. As explained in prior posts, the appellate court held that the City of Ontario Police Department violated a SWAT officer’s reasonable expectation of privacy by reviewing the content of his sexually explicit text messages, even though: (1) the messages had been sent with a Department-issued pager through a service provider under contract with the Department, and (2) the Department’s formal policy informed all SWAT officers that the Department might review their text messages. In reaching that conclusion, the Ninth Circuit relied principally on a statement by the officer in charge of the text messaging program to the SWAT officer that the Department would not review his text messages if he voluntarily paid any overage charges resulting from excessive personal use.

Although there are some differences in the privacy standards applicable to public sector and private employers, the standards are sufficiently similar that the Supreme Court’s decision likely will provide important guidance for employers on at least three issues. First, the law is relatively well settled that private employers can review any communications stored on a corporate e-mail server when the employer notifies employees of the monitoring, typically through an electronic resources policy. Quon is one of the first cases to address whether the same rule applies when the employee’s communication is transmitted through a third-party service provider under contract with the employer. The issue has gained increasing importance as an increasingly large number of employees use text messaging during the work day. (A case currently under consideration by the New Jersey Supreme Court, Stengart v. Loving Care, addresses an employee’s privacy expectations in copies of e-mail stored on a company-issued laptop that were sent through the employee’s personal e-mail account to her attorney.)

Second, the Supreme Court’s decision likely will address how a formal employment policy that otherwise would defeat an employee’s privacy expectation could be countermanded by an informal representation to a specific employee. Here, private employers likely will receive guidance on the types of informal statements that could be sufficient to countermand a formal policy as well as the degree of authority of the person making the informal statement necessary to override the formal policy.

Third, the Supreme Court also granted review on the question whether the senders of text messages to the SWAT officer had a reasonable expectation that his government employer would not read them. This question raises an issue that often is overlooked in cases revolving around an employer’s review of employee e-mail, i.e., the privacy interests of the sender. Without further development, it is difficult to anticipate the extent to which the Supreme Court’s ruling on this issue might affect private employers and what that affect might be.

Notably, the Supreme Court denied the service provider’s request for review of the Ninth Circuit’s ruling that the provider violated the federal Stored Communications Act by disclosing the SWAT officer’s text messages to the Department without his consent. Under the Act, a communications service provider, such as an ISP or cell phone provider, generally cannot disclose stored communications without the sender’s or recipient’s consent. An exception permits disclosure to the subscriber — the Department in the Quon case — when the provider is a “remote computing service.” The Ninth Circuit ruled that a “remote computing service” is akin to an electronic filing cabinet. Because the provider in the Quon case was a facilitator of communications, it was not a “remote computing service” and, therefore, could not take advantage of the exception. With the growing prevalence of “cloud computing” services, the proper definition of a “remote computing service” has become increasingly important. The Supreme Court’s decision to forego review of this issue leaves the Ninth Circuit’s ruling on this issue intact.

At bottom, Quon reflects the dynamic nature of the law governing technology in the workplace as communications technology rapidly moves beyond e-mail, and societal expectations change.

This entry was written by Philip L. Gordon

Photo credit: Niklas Bildhauer
Tags: , , , , , , , , , , ,

Who Said Employees Have No Right To Privacy In Their Corporate E-Mail And Internet Access?

Posted on July 11, 2007 by Philip Gordon

“You have no right to privacy in your e-mail using corporate resources”
“The Company reserves the right to monitor your Internet access at any time”
So chimes policy after policy after policy. But, is the mantra really true?

Several recent cases suggest that answer is “not always.” In United States v. Long, the highest military court (not exactly a known bastion of privacy protection), recently held that a Marine Corps investigator violated a soldier’s privacy rights by obtaining inculpatory e-mail from the system administrator. The Department of Defense had an e-mail policy that was as draconian as any private employer’s, but the policy said nothing about turning over e-mail to criminal investigators, and the system administrator admitted that he did not read individual e-mails when monitoring the system because he felt they were private. Sound familiar?

At the start of 2007, the Ninth Circuit Court of Appeals in United States v. Ziegler held that an employee caught viewing child porn on his work computer had a reasonable expectation of privacy in the computer because it was stationed in his locked office. The court stated more generally, “in the private employer context, employees retain at least some expectation of privacy in their office,” which, for most employees in today’s working world includes a computer with stored e-mail.

In yet another example, a federal district court in California held that a police officer had a reasonable expectation of privacy in salacious text messages exchanged with his girlfriend using a department-issued pager. In that case, Quon v. Arch Wireless Operating Co., the fact that the department had a written policy singing the same song as most electronic resources policies was irrelevant since the department had communicated an unwritten policy of not auditing the text messages except when an officer disputed charges for overages.

Perhaps judges are starting to worry about the privacy of their own e-mail? Perhaps it is time to revisit and revise your electronic resources policy?
Tags: , , , , ,