Workplace Privacy Counsel : San Francisco Employment Privacy Law Lawyer & Attorney : Littler Mendelson Law Firm : Employment Related Privacy Issues

Although there are some differences in the privacy standards applicable to public sector and private employers, the standards are sufficiently similar that the Supreme Court’s decision likely will provide important guidance for employers on at least three issues. First, the law is relatively well settled that private employers can review any communications stored on a corporate e-mail server when the employer notifies employees of the monitoring, typically through an electronic resources policy. Quon is one of the first cases to address whether the same rule applies when the employee’s communication is transmitted through a third-party service provider under contract with the employer. The issue has gained increasing importance as an increasingly large number of employees use text messaging during the work day. (A case currently under consideration by the New Jersey Supreme Court, Stengart v. Loving Care, addresses an employee’s privacy expectations in copies of e-mail stored on a company-issued laptop that were sent through the employee’s personal e-mail account to her attorney.)

Second, the Supreme Court’s decision likely will address how a formal employment policy that otherwise would defeat an employee’s privacy expectation could be countermanded by an informal representation to a specific employee. Here, private employers likely will receive guidance on the types of informal statements that could be sufficient to countermand a formal policy as well as the degree of authority of the person making the informal statement necessary to override the formal policy.

Third, the Supreme Court also granted review on the question whether the senders of text messages to the SWAT officer had a reasonable expectation that his government employer would not read them. This question raises an issue that often is overlooked in cases revolving around an employer’s review of employee e-mail, i.e., the privacy interests of the sender. Without further development, it is difficult to anticipate the extent to which the Supreme Court’s ruling on this issue might affect private employers and what that affect might be.

Notably, the Supreme Court denied the service provider’s request for review of the Ninth Circuit’s ruling that the provider violated the federal Stored Communications Act by disclosing the SWAT officer’s text messages to the Department without his consent. Under the Act, a communications service provider, such as an ISP or cell phone provider, generally cannot disclose stored communications without the sender’s or recipient’s consent. An exception permits disclosure to the subscriber — the Department in the Quon case — when the provider is a “remote computing service.” The Ninth Circuit ruled that a “remote computing service” is akin to an electronic filing cabinet. Because the provider in the Quon case was a facilitator of communications, it was not a “remote computing service” and, therefore, could not take advantage of the exception. With the growing prevalence of “cloud computing” services, the proper definition of a “remote computing service” has become increasingly important. The Supreme Court’s decision to forego review of this issue leaves the Ninth Circuit’s ruling on this issue intact.

At bottom, Quon reflects the dynamic nature of the law governing technology in the workplace as communications technology rapidly moves beyond e-mail, and societal expectations change.

This entry was written by Philip L. Gordon

Photo credit: Niklas Bildhauer

Soon after his termination, the office manager demanded arbitration under his employment contract. During discovery, it became apparent that following the office manager’s termination, the company had been monitoring the manager’s personal Yahoo! email account. The office manager then filed a separate lawsuit against the company, claiming violations of the Federal Wiretap Act, the Stored Communications Act, state statutes and for invasion of privacy. The case is currently pending.

The Federal Wiretap Act claim most likely will fail because claims under that statute can proceed only if the content of e-mail is acquired in the transmission process. The office manager’s other claims have a chance of surviving. As one commentator noted to The New York Times, these facts “would make a great exam question.”

This case raises a host of issues, including:

• whether the former employee consented to the employer’s access to his personal e-mail because he did not log-off of his account or turn off his computer and he knew his former employer would have access to it;
• whether employees have an expectation of privacy when they log-on to web based e-mail through company owned and controlled computers;
• whether a terminated employee enjoys any expectation of privacy when using a former employer’s computer system;
• the extent to which an employer may access information left by a terminated employee;
• at what point attorneys have a duty to disclose attorney-client communications; and
• how an employer’s electronic resources policies affect the expectation of privacy of employees and former employees. 

This case is also a reminder that electronic resources policies need careful consideration, including:

• whether the policies should prohibit employees from using corporate resources to access personal e-mail accounts;
• whether the policies should require employees to consent to their employer accessing their personal e-mail account if accessed using corporate resources; and
• whether the policies should warn employees that their employer will access employees’ e-mail sent to a personal attorney over the corporate computer network.

There is no one right answer. Rather, employers need to consider their corporate culture, educate employees and be prepared to routinely enforce such policies in a uniform, non-discriminatory manner.

Of course, many employers in today’s world do provide cell phones with text-message capability. That does not mean that employees now can text with impunity. The Ninth Circuit’s decision addresses only access to the content of text messages stored at the provider. The decision imposes no limit on an employer’s obtaining transactional data, such as number of characters used, number of messages sent, or cost of service.

In any event, employers who think they may want to review their employees’ text messages need only condition payment for the cell phone, or for the service, on the employee’s giving written consent to the provider to disclose text messages to the employer; employees who don’t give consent and wish to keep their text messages private would have to pay for the service out of their own pocket. How many employees will be willing to pay $100 or more monthly to be able to send dirty text messages (especially with gas at $4 per gallon)?

There is yet another solution for employers. The Ninth Circuit’s ruling imposes no restriction on an employer’s review of text messages stored on company-issued cell phones. As long as the employer’s electronic resources policy notifies employees that text messages will be searched, the Ninth Circuit’s ruling actually can be used to defeat any privacy-based claim by an employee based upon such a review. In addition, as computer forensic capabilities improve and cell phone memory chips expand, these types of cell phone examinations could easily become routine.

The case is a cautionary tale on another point. The Ninth Circuit also addressed the question whether the City violated Sgt. Quon’s privacy expectations by reviewing his text messages after receiving them from Arch Wireless. On this point, the court noted (as I mentioned above) that in the normal course, the City’s “Computer Use, Internet and E-Mail Policy” would have defeated Sgt. Quon’s privacy-based claim. However, the police lieutenant responsible for overseeing the City’s text-message program had established an informal policy, communicated orally to Sgt. Quon, that the City would not read an officer’s text messages to determine whether they were personal or business-related so long as the officer paid for any over charges. The Ninth Circuit ruled that Sgt. Quon reasonably relied on this informal policy when he sent personal text messages using his City-issued pager, believing that the messages would remain private. Even though the City is a public employer, this holding is most likely is transferable to the private workplace.

Bottom line #1: Employers first need to evaluate whether reviewing messages stored with a service provider is in the employer’s interest. Corporate culture or potential employee rebellion potentially are significant countervailing factors. If the interest is strong enough, then the employer can execute any of the strategies described above to meet those objectives.

Bottom line #2: Instruct your IT personnel and others responsible for workplace monitoring not to make representations to employees that your business’ electronic resources policy will not be followed. Consider modifying your electronic resources policy to state that it can not be modified except by a written communication by a senior executive.

For further analysis of the Quon case, please see Littler ASAP: Employee Text Messages Are Not Inviolate: Understanding and Navigating the Ninth Circuit's Decision in Quon v. Arch Wireless Operating Company by Philip L. Gordon and Justin A. Morello.

In Krinsky, the court announced a new test applicable in California (where many Silicon Valley-spawned ISPs happen to be located) for deciding whether a subpoena seeking to uncover the identity of an allegedly libelous poster should be quashed. The defamation plaintiff must (a) show that she tried to notify the anonymous or pseudonymous poster of the subpoena — for example, by posting a notice on the blog where the cybersmear appeared, and (b) establish a prima facie case of defamation.

In most circumstances, Point (b) means the target of the cybersmear must establish that the libelous statement is factual (as opposed to non-actionable opinion) and that the libel damaged the plaintiff, e.g., caused plaintiff to lose her job or damaged a customer relationship. These standards can be difficult to satisfy. In Krinsky, for example, the court held that the cybersmear fell “into the category of crude, satirical hyperbole which, while reflecting the immaturity of the speaker, constitute[s] protected opinion under the First Amendment.” Even if a plaintiff, like Krinsky, is the target of an outright factual lie, she often will find it difficult, if not impossible, to link any economic loss to what most likely is a relatively obscure Internet post.

Krinsky teaches that in most cases the target of cybersmear is better off turning the proverbial other cheek (or finding a padded room in which to vent) than resorting to the court system for relief. Eventually, the scurrilous diatribe will be washed away in the muck of self-expression that fills the Web.