Defending The Digital Workplace

An ebusinesscounsel.com publication

Archive for the ‘workplace monitoring’ Category

Facebook Firing Ends in Settlement with NLRB

The National Labor Relations Board (NLRB) announced that it had reached a settlement in a case involving an employee’s discharge for posting negative comments about a supervisor on the employee’s Facebook page. Click here for the NLRB’s press release.

In sum, however, the NLRB had issued a complaint against American Medical Response of Connecticut, Inc., on October 27, 2010,  alleging that the discharge violated federal labor law  (the National Labor Relations Act or “NLRA”) because the employee was engaged in “protected activity” when she posted the comments about her supervisor, and responded to further comments from her co-workers.

Under the National Labor Relations Act, employees  have a federally protected right to form unions, and it prohibits employers from punishing workers — whether union or non-union — for discussing working conditions or unionization.

The NLRB complaint also alleged that the company maintained overly broad rules in its employee handbook regarding blogging, Internet posting, and communications between employees. This policy prohibited employees from making disparaging remarks about the company or depicting it online without permission. Further, the NLRB alleged that AMR (the employer) had illegally denied union representation to the employee during an investigatory interview shortly before the employee posted the negative comments on her Facebook page.

Under the terms of the approved settlement, the company agreed to revise its social media policy to ensure that the rules do not improperly restrict employees from discussing their wages, hours and working conditions with co-workers and others while not at work, and that they would not discipline or discharge employees for engaging in such discussions. The allegations involving the employee’s discharge were resolved through a separate, private agreement between the employee and the company.

The Take Away for Employers

This had been the first case in which the NLRB sought to argue that workers’ criticisms of their bosses or companies on a social networking site was a protected activity under the NLRA and that employers would be violating the NLRA by punishing workers for making statements in the context of social media. Accordingly, employers likely would have welcomed guidance from the NLRB as to how the 75-year-old NLRA would be reconciled with the technological realities of how employees communicate in the age of social media.

For example, the employee involved in the NLRB’s complaint, Dawnmarie Souza, at one point mocked her supervisor on Facebook, using several vulgarities to ridicule him. This eventually drew supportive responses from her co-workers that led to further negative comments about the supervisor. Where a Facebook conversation involves several co-workers it is more likely to be viewed as “concerted protected activity.” But what if instead, Ms. Souza had simply lashed out in a negative post against a supervisor and no co-workers joined in the discussion (not even a single “like” in Facebook terminology). Would that type of comment in the absence of “co-worker discussion” still be considered protected?

In any event, from a strategic perspective, employers should appreciate that this issue will be resolved another day, perhaps under a less “labor friendly” NLRB.

The clear take-away, however, is that the NLRB’s original complaint and this settlement signals that the NLRB intends to protect employees’ rights to discuss the conditions of their employment with co-workers irrespective of whether this discussion takes place at the water cooler or on Facebook.

Accordingly, it is critical for employers – regardless of whether your workforce is unionized or not – to review your Internet and social media policies to determine whether they would be subject to a similar attack by the NLRB that the policy ‘reasonably tends to chill employees’ ” in the exercise of their rights under the NLRA to discuss wages, working conditions and unionization. Areas to consider include:

  • Does the social media policy expressly restrict protected activity;
  • Would an employee construe the social media policy as prohibiting protected activity;
  • Has the social media policy been used to discipline employees who engaged in protected activity; and
  • Was the policy put into place in in response to concerted or protected activity.

None of  this should be taken as legal advice, but it is good advice. And we would welcome the opportunity to offer our insight as to what policies should and should not say and strategies for managing the unique risks found at the intersection of social media and employment and labor law.

Adding to your Business Toolbox: A Roundup of Resources for Business Organizations

Business ToolboxA number of resources are available at www.ebusinesscounsel.com that are relevant to starting or improving your business operations. In addition to those resources, the following links also provide information worth checking out:

  1. Entrepreneur: How to Protect Remote Employees’ PCs from Security Threats
  2. Federal Trade Commission: Revised Endorsement Guides for businesses & bloggers (regulations applicable to testimonials and endorsements)
  3. Entrepreneur: Google Apps for Your Business: The Good, the Bad and the Ugly
  4. Hennessey Capital, by Joe Romeo: Business Plan Basics
  5. Mashable – Business: 5 Small Biz Web Design Trends to Watch
  6. Entrepreneur: Big Marketing Stunts, Small-Business Style
  7. Business Model Alchemist a/k/a Alexander Osterwalder a/k/a genius (ok, this might be more personal commentary than fact. Although, based on Mr. Osterwalder’s work, genius status should not be ruled out) :Combining Business Model Prototyping, Customer Development, and Social Entrepreneurship
  8. Mashable – Business: 4 Lessons Small Businesses Can Learn from Apple’s Antennagate

Employer Liability for Employee’s Internet Misconduct – Or When Surfing the Web can Wipe out your Business.

Generally, the Internet is a tremendous asset in the workplace, except when it is a liability. And   liability generally involves employee misconduct. A common example of such liability was recently reported on by the Wall Street Journal (click here for the story). This story discusses repeat instances of employees (in this case U.S. government employees at the Securities and Exchange Commission) accessing Internet pornography. The WSJ’s story notes that one regional supervisor for the SEC had made more than 1,800 attempts to look up pornography in a 17-day span (if you’re doing the math, that is 105.88 times a day!).

Unfortunately, holding employers liable for damages arising out of Internet misconduct by employees is not a novel concept. Common scenarios where employers may be exposed to liability include tort, contract, copyright, and for crimes arising out of an employee’s misuse of a workplace computer.

For example, a case dealing with viewing child pornography resulted in the New Jersey Appellate Division ruling that the company could be liable for damages suffered by innocent third parties where the company failed to investigate reports that an employee was viewing child pornography online at work. Doe v. XYC Corp., (2005). In that case, the Court ruled that when an employer has actual or imputed knowledge that an employee is viewing child porn on a company computer the employer has a duty to act, either by terminating the employee or reporting such activities to law enforcement authorities. In regard to such knowledge, the court noted the following facts.

  • The employee’s immediate supervisor, a manager, and the director of network and PC services were all aware of the suspicion that the employee used a company computer to visit sexually explicit websites.
  • Co-workers complained about the employee’s computer habits.
  • An investigation into these complaints uncovered that he visited child porn sites. The company’s response was to tell the employee to stop. The employee did not and he eventually downloaded more than 1,000 pornographic images on his work computer. He also sent three nude or semi-nude photos of his 10-year-old stepdaughter to a child porn site from his work computer.

It is also worth noting that the employer actually had an Internet usage policy in place (a must for every company) that provided employees were only permitted to “access sites, which are of a business nature only,” and reserved the right to inspect computers. But having such a policy in place does no good if it is not enforced. In this regard, a high-ranking IT executive warned a supervisor against monitoring the employee’s computer use, as it was the IT exec’s belief that the company policy prohibited such monitoring.

The other common scenarios where employers may find themselves exposed to Internet misconduct include:

  • Intentional and negligent infliction of emotional distress – In Delfino v. Agilent Technologies, Inc., an employer was not liable under a negligent supervision theory to threat recipients who claimed infliction of emotional distress. This distress arose out of an employee who transmitted Internet threats using employer’s computer system. The court noted that the employer owed the recipients no duty in absence of business relationship or close connection with recipients’ injuries, and employer did not breach any duty as it was unaware of employee’s conduct.
  • Harassment / Hostile Work Environment – Even though employers do not have a duty to monitor the private communications of their employees for comments which harass co-employees, employers do have a duty to take effective measures to stop co-employee harassment when the employer knows or has reason to know that the harassment is part of a pattern of harassment that is taking place in the workplace and in settings that are related to the workplace. Effective remedial steps reflecting a lack of tolerance for the harassment will be relevant to an employer’s affirmative defense that its actions absolve it from all liability. For example, in 2007 case, Avery v. Idleaire Technologies Corp., the Court of Appeals allowed a plaintiff’s hostile work environment claim case to go to a jury (it reversed a trial court’s order dismissing the case). In doing so, the Court noted that a jury “could find it to be objectively offensive for an employer to permit employees to use a company computer terminal on company time to actively seek pornographic material, whether for sexual gratification, entertainment, or in the words of one of the plaintiff’s co-workers, simply out of boredom, and for the evidence of this activity (pop-up adds, printouts, internet history, etc.), to be left for the plaintiff and other employees to see.” Similarly, in Gallagher v. C.H. Robinson Worldwide, Inc., (6th Cir. 2009) the decision to dismiss a sexual harassment claim by the trial court was reversed.  The court noted that Plaintiff testified that co-workers used Internet to view sexually explicit pictures on their computers, along with other conduct compared to a “guy’s locker room” (I don’t know about you, but I didn’t want to spend any more time than I had to in the locker room).
  • Defamation, libel and slander – In Gavrilovic v. Worldwide Language Resources, Inc., the Court held that a coworker’s e-mail statement that an employee of a military contractor was the military base “F*ck toy” was false and defamatory, as required for the employee to recover from the contractor for defamation.
  • Copyright infringement – Employers also may be needlessly exposed to lawsuits for copyright violations if they permit (or ignore the fact that) employees to receive or download software or other materials, e.g., music, video, and graphics files. See Varilease Tech. Group, Inc. v. Michigan Mut. Ins. Co. ((Mich. Ct. App. 2004), which concerned a suit against an employer alleging its employees copied and retained copyrighted product support manuals and diagnostic software, used the materials in their contracts to perform service and maintenance for their clients, and distributed the materials to subcontractors.

It is also worth noting that, in limited circumstances, there may be an upside for employee Internet misconduct. For example, a former employee’s acts of transmitting sexual images via employer’s internet and email applications was a deliberate violation of employer’s computer usage policy, and accordingly, his actions constituted misconduct connected with his work, and thus, claimant was disqualified from unemployment benefits; Ernst v. Sumner Group, Inc., 264 S.W.3d 669, Unempl. Ins. Rep.(2008).

The Take Aways: Monitoring Is A Must

While claims against employers for employee Internet misconduct may ultimately fail to impose liability, the exposure is still there. And the preceding cases underscore the importance of monitoring employee Internet browsing to minimize that liability. Here are some suggestions to consider when it comes to monitoring employee’s Internet usage:

  • Create a policy that spells out what types of sites are off-limits. Also explain that the company has the right to monitor employee usage of company computers to confirm compliance with the policy and, therefore, employees should have no expectation of privacy when it comes to any of the company’s electronic equipment. Make sure employees also understand that violating the policy may result in discipline.
  • Communicate the policy. It is also important for IT to understand that monitoring is permitted and under what circumstances.
  • Highlight to employees the negative effects misuse of the Internet may have on the company (e.g., liability for sexual harassment).
  • If you believe an employee is violating your Internet usage policy, make sure you properly preserve the evidence, e.g., Web activity, the employee’s PC or laptop.
  • If a violation occurs, assess whether law enforcement officials should be contacted, (child porn).

Feel free to shoot me your thoughts or comments about this post. And if you have story that tops the SEC supervisor’s 17 day porn rampage, I would be interested in hearing about it, but I don’t need to see the proof.

Failing to Preserve the “Digital Crime Scene” In Employment Litigation Results in Dismissal

Spoliation in litigation generally refers to the destruction or significant alteration of evidence, or the failure to preserve crucial items as evidence in pending or reasonably foreseeable litigation. Spoliation has become an increasingly hot issue in the context of digital information, such as e-mails and hard drives. The Michigan Court of Appeals recently reaffirmed that spoliation can result in severe sanctions by affirming a trial court’s decision to dismiss a plaintiff’s sexual harassment lawsuit with prejudice. Gillett v. Michigan Farm Bureau, Mich. Ct. App., No. 286076, (Dec. 22, 2009). The dismissal was a sanction for  the plaintiff’s deletion of digital evidence.

In Gillett, the plaintiff’s lawsuit arose out of alleged sexual harassment by defendants in his workplace. Plaintiff resigned, then retained an attorney to pursue possible causes of action against defendants. The plaintiff’s attorney wrote a demand letter to defendants. Defendants’ attorney responded with a notification that plaintiff should preserve his personal e-mails. Plaintiff’s counsel represented that plaintiff would submit his personal e-mails and his personal laptop computer hard drive for defendants’ inspection.

But in plaintiff’s deposition, plaintiff acknowledged that he had deleted e-mails from his personal account after receiving the notification from defendants. In addition, a forensic analysis of plaintiff’s computer indicated that he had deleted massive numbers of files from the hard drive shortly before plaintiff submitted his computer for defendants’ inspection. The forensic analyst determined that the deleted files were not recoverable, and opined that the deletions were intended to interfere with the discovery process. The analyst also noted that although plaintiff claimed the deletions were due to uninstalling of problematic software, that software was still installed on plaintiff’s computer.

On appeal, the plaintiff contended that the trial court abused its discretion by imposing the “drastic sanction of dismissal” and failed to determine whether the deleted electronic evidence was relevant. Specifically, plaintiff acknowledged that he deleted e-mails, but maintained that the deletion was a result of his routine procedures rather than a deliberate attempt to destroy evidence. The trial court rejected plaintiff’s contention, finding the number of data files deleted to be “[e]xtremely significant.” The court observed that plaintiff deleted on average 2,000 files each month through September 2007, but that in October 2007 the deletions increased to more than 200,000 files, with an additional 28,000 files deleted in the first six days of November.

The Court of Appeals rejected the plaintiff’s arguments and in doing so relied heavily on Leon v. IDX Systems Corp., 464 F3d 951 (CA 9, 2006), a case in which the federal district court explored the many sanctions short of dismissal before concluding that dismissal was the appropriate sanction. Similar to Gillett, Leon involved there was no manner in which to verify the recovery of all the deleted information and no way to know the content of the deleted information. The Court further observed that plaintiff’s “spoliation threatened to distort the resolution of the case … because any number of the … files could have been relevant to [defendants’] claims or defenses, although it is impossible to identify which files and how they might have been used .” Id. at 960. The Court noted that plaintiff “did not have the authority to make unilateral decision about what evidence was relevant in this case.” Leon, supra at 956-957.

The Take-away:

This case illustrates a number of key points that business organizations and their attorneys must consider when it comes to litigation and preserving digital information.

First, even when an action has not been commenced and there is only a potential for litigation, a duty to preserve evidence may arise where the prospective litigant knows or reasonably should know information is relevant to the prospective action.’” Bloemendaal v Town & Country Sports Ctr, Inc, 255 Mich App 207 (2002). The problem for business organizations, however, is nailing down when that duty arises and what steps must be taken. This is especially true when the appropriate decision-makers have – at best – a vague awareness of a potential dispute of unknown parameters. Implementing preservation efforts under such conditions can be very expensive and burdensome. And that expense and burden may prove to be unnecessary if litigation is never filed. But, if you guess wrong, the organization may be open itself up to sanctions like the one in Gillett. For a ridiculous example see Phillip M. Adams & Associates, L.L.C., v. Dell, Inc., 2009 WL 910801 (D.Utah March 30, 2009) (Magistrate held that a defendant should have imposed a hold eight years before the suit was filed); See also KCH Services, Inc. v. Vanaire, Inc. 2009 WL 2216601 (W.D.Ky. July 22, 2009) (Sanctions awarded against the defendant for pre-suit spoliation). It can be a razor’s edge  between the routine and efficient disposal of information that no longer has a business purpose and the destruction of potential evidence.

Second, once the duty to preserve arises, counsel – including in-house counsel – must carefully determine and understand what sources of discoverable information are in the custody or control of the client. It is not uncommon for courts to impose sanctions on both for failing to do so. See Phoenix Four, Inc. v. Strategic Resources Corp., 2006 WL 1409413 (S.D.N.Y. May 23, 2006)  (Court sanctioned a law firm and client for failing to identify and preserve “all” information which a “methodical survey of [the client’s] sources of information” should have produced – A partitioned hard drive contained 200-300 boxes worth of evidence, and was not discovered until the discovery deadline); Swofford v. Eslinger, Case. No.6:08-cv-Orl-35DAB (FL.M.D. Sept. 28, 2009) (Court imposed sanctions against in-house counsel for failure to preserve evidence, including email and laptops); Green v. McClendon, 2009 WL 2496275 (S.D.N.Y. Aug. 13, 2009) (Magistrate entered sanctions against a defendant and her attorney for or their mutual failure to implement a proper litigation hold and preserve digital information and for the attorneys handling of digital information). In this regard, it is essential to communicate with the key stakeholders, which include the business organization’s IT professionals as well as the actual authors and recipients of any digital information relating to that litigation to ascertain the full scope of the organization’s digital universe. From that universe decisions can then be made as to what needs to be carved out for preservation.

Third, parties must realize when it comes to deleting/destroying digital information the cover up, i.e. the “deletion,” almost always becomes worse than the crime. The Gillett Court highlighted this point by noting that “any number of the … files could have been relevant to [defendants’] claims or defenses, although it is impossible to identify which files and how they might have been used.” Speaking from experience, letting a judge or jury’s imagination run wild as to why a litigant destroyed digital evidence and what that evidence may or may not have shown is a big bat to swing in trying to resolve litigation.

Additionally, failing to preserve digital information may also result in the loss of favorable information. A common such scenario arises in employment litigation where an employer  seeks to assert an “after-acquired evidence defense.” Such a defense generally arises when during the course of the litigation the employer learns of something that, had it known of the information earlier, would have justified terminating the employee for legitimate, non-discriminatory reasons. See Olson v International Business Machines (D.Minn. 2006) (Addressing after-acquired evidence in employment litigation: IBM learned about allegedly pornographic materials on plaintiff’s laptop after he was terminated and only learned during discovery that plaintiff actually cleaned out the hard drive).

Fourth, deleting unfavorable digital information is more often than not almost always detectable. Michael Ahern of the Center for Computer Forensics explains that, “[i]t is relatively easy for forensic experts to see the volume of deleted files and recover those files. If the volume of deleted data is unusually low, the forensic expert can look for evidence of a wiping utility or program that indicates the intentional destruction of digital information.” As technology advances, detecting wrongful deletion of evidence becomes more challenging. Mr. Ahern further explained that with older wiping programs, it was easy to detect their use. But newer wiping utilities are designed to hide their process so that there is no digital fingerprint of its existence when it is deleted. There are,  however, common “tell-tale” signs that forensic specialist will use to identify suspicious or outright wrongful deletion in addition to technical mistakes of even savvy would-be digital saboteurs. Mr. Ahern notes, “I always say, we rely on people’s computer ignorance to find some level of evidence, especially if they are in a hurry.”

Conclusion

Gillett reinforces the conclusion that Courts expect litigants and their attorneys to properly preserve digital information pertaining to litigation. And failure to do so will often result in range of sanctions from adverse jury instructions to dismissal of an entire case. Accordingly, it is critical for litigants and their attorneys to properly address the preservation and handling of digital information that may be relevant to litigation. For more information about what steps your business organization can take to minimize the risks of  sanctions for destroying digital evidence, please contact Jason Shinn.

A special thanks to Michael Ahern of the Center for Computer Forensics for sharing his experience and technical insight into computer forensics.

Michael Ahern of the Center for Computer Forensics explains that, “[i]t is relatively easy for forensic experts to see the volume of deleted files and recover those files. If the volume of deleted data is unusually low, the forensic expert can look for evidence of a wiping utility or program that indicates the intentional destruction of digital information.”

Mishandling Investigations of Employee Misconduct – That’s What She Said

YellowSign 002Steve Carell stars in The Office. His character, Michael Scott, generally delivers laughs as he bungles his way through managing Dunder Mifflin. But in real life, his management “approach” is exactly the sort of thing that can turn into big and increasingly expensive headaches for employers. In fact, according to the Manpower Employment Blog (citing to a 2008 study from Jury Verdict Research) employment discrimination verdicts rose 70%, from $147,500 in 2006 to $252,000 in 2007. Then there are attorneys’ fees. A reasonable estimate puts such fees in the ballpark of $95,000 for a single plaintiff lawsuit that settles just short of trial.

But it is not just the money that employers need to consider: There is also the time and aggravation spent involved in litigation, which includes the time to respond to written discovery requests, gather responsive documents, prepare for depositions, etc. And this business interruption generally falls upon owners and management, who already are working 25 hours/day, 8 days a week trying to “do more with less.” These costs and business interruption will continue to grow as litigation increasingly takes place in the context of digital “documents,” i.e., e-mail, backup tapes, databases, and the like. Such information must be specifically addressed under federal and state court rules, including the 2009 Amendments to the Michigan Court Rules. By way of illustration as to costs, in a 2007 employment related lawsuit, the cost for retrieving and reviewing a sampling of e-mails for seven former employees and two managers totaled $42,892.42 in an employment claim. See Henry v Quicken Loans, Inc, Case No. 4:04-cv-40346-PVG-SDP, Dkt. No. 384 (ED Mich Feb 20, 2007). I’m told that the e-discovery costs just for this sampling more than doubled when all was said and done.

Fortunately, most employers do not have a Michael Scott on their payroll, or if they do, they also have a counterbalancing voice of reason like The Office’s HR character “Toby” to properly address employment matters. And when it comes to these matters, employers and HR are generally well-prepared to respond to the “usual suspects,” i.e., sexual harassment, discrimination, and disabilities under state and federal law. But it is also important for employers to exercise caution in responding to these claims in the investigation phase. Otherwise, employers may inadvertently expand the litigation buffet  a plaintiff’s’ attorneys may choose from in filing litigation.

Take for example, defamation. Under Michigan law, a defamation claim requires a showing of (1) a false and defamatory statement concerning the plaintiff, (2) an unprivileged publication to a third party, (3) fault amounting to at least negligence on the part of the publisher, and (4) either actionability of the statements irrespective of special harm, or the existence of special harm caused by the publication. Hawkins v. Mercy Health Services, Inc, (1998). It is true that a Michigan employer has a qualified privilege regarding employee defamation when it comes to making statements to other employees whose duties interest them in the subject matter. Patillo v. Equitable Life Assurance Society of the United States (1993). A plaintiff, however, may overcome this qualified privilege by showing that the statement was made with actual malice, i.e., with knowledge of its falsity or reckless disregard of the truth. Gonyea v. Motor Parts Federal Credit Union, (1991). An employer may also lose the privilege.

For example, in Sias v. General Motors Corp., the Michigan Supreme Court held that no privilege extended to the defendant corporation when it called in fellow employees to explain the circumstances of the plaintiff’s separation. A corporate representative explained to employees that the plaintiff had been released for misappropriation of company property. These individuals, however, were not supervisors, personnel department representatives, or company officials, but employees in identical work. The Court even noted that, the employer was motivated by the seemingly legitimate business concern of restoring morale and quieting rumors. But despite this legitimate motivation, the Court still ruled against the employer.

While the  standards for overcoming an employer’s qualified privilege are high, it does create another hurdle that an employer must jump over in defending against litigation. And there is always the risk that a court may second guess an employer or find a question of fact as to whether the statements extended beyond those with an interest in the subject matter of the investigation.

In regard to investigating employee misconduct, there are no hard and fast rules for how to conduct an investigation, with the exception of doing it right the first time. In this regard, the following, while certainly not an exhaustive list, should be considered in consultation with counsel:

  • If you haven’t already done so, develop a written policy outlining what steps will be taken in response to allegations of employee misconduct. This investigation policy should also be a component of a company’s overall policy for reporting workplace misconduct. Make sure, however, your company is committed to follow the investigation steps outlined in your  policy. Thus, do not commit to more than your company is willing to do in investigating matters;
  • The question most often asked is whether the investigation should be conducted by an attorney. As a general rule, an attorney should conduct or — at a minimum — supervise the investigation. Aside from the author’s concern for job security, an attorney will likely be more independent and objective in assessing the facts. Further, the attorney-client privilege will be available to protect communications critical to the investigation and the attorney work-product doctrine will protect materials generated through the investigation;
  • If counsel will not be used, it is especially critical for employers to give careful consideration in organizing and planning the investigation. This assessment includes determining who will conduct it, the likely key witnesses to interview, and how the investigation will be supervised; and
  • Part of the investigation should include identifying likely sources of relevant documents and digital information. This point needs to be carefully considered because a party has an obligation to suspend any automatic deletion procedures and to otherwise preserve information once litigation is commenced or a party reasonably anticipates litigation, i.e.,  possibly investigating misconduct. In this regard and out of an abundance of caution, immediately enlist your IT professionals to make sure such information is preserved. If an employee’s company e-mail will be monitored, make sure it is done consistent with your company’s policy and applicable law.

Certainly navigating state and federal employment law is the first line of defense in avoiding employment litigation. But if when an employer must investigate an alleged violation under these laws, (or any misconduct for that matter) it is important to respond in a well-reasoned manner because an investigation is not risk free. Accordingly, employers need to look long and hard (in tribute to Michael Scott, “that’s what she said“) when it comes to investigating such matters because of the need to get the facts right, to minimizing any stigma that could follow an employee accused of misconduct, and – adding injury to insult – no employer wants to investigate one potential lawsuit only to create another.

Privacy in the Digital Workplace – Oxymoron? Maybe Not.

The Spring 2009 Hofstra Labor and Employment Law Journal includes a symposium on Emerging Technology and Employee privacy. There are two articles that are especially relevant to employers: Invasion of Privacy Liability in the Electronic Workplace: A Lawyer’s Perspective (by Christine E. Howard) and The Emergence of State Data Privacy and Security Laws Affecting Employers (by Joseph J. Lazzarotti).

Digital monitoring Employee privacy has received increased attention. For example, in a 2008 case, Quon v. Arch Wireless Operating and Co., the 9th Circuit Court of Appeals held that a company that contracted with an employer to provide text messaging services to the employer’s employees, violated the federal Stored Communications Act (SCA) when it provided the stored text messages to the employer. Employers will also want to take notice because the Court held, in the particular factual context presented, that the employer violated its employee’s privacy rights as well as the recipients of the text messages under the Fourth Amendment and under Article I, Section 1 of the California Constitution.

These particular facts are as follows: The City of Ontario contracted with Arch Wireless for pagers that supported text messaging,. These pagers were issued to Police Department employees, including plaintiff Jeff Quon. The Police Department had a general “Computer Usage, Internet and E-mail Policy” that limited the “use of City-owned computers and all associated equipment, software, programs, networks, Internet, e-mail and other systems . . .” to City business. The policy also provided that “[u]sers should have no expectation of privacy or confidentiality when using these resources” which extended to the pagers. But, the police official responsible for overseeing the City’s text-message program, had  stated that the City would not read an officer’s text messages, so long as the officer paid for any  charges for overages  under the City’s plan.  Quon did in fact pay for overages on several occassions. Subsequent to this statement and payment of Quon’s overages, the Chief of Police ordered transcripts, which were turned over by Arch, the wireless provider. Many of Quon’s messages were personal in nature, including sexually explicit. The Court held that Quon had a reasonable expectation of privacy in his text messages as the result of the lieutenant’s statements that the messages would not be audited if overages were paid.

The take-away from Quon for employers is that a clear policy that electronic communications are not private is a must. Further, to minimize the chance that this policy is not undercut by stray assurances of privacy or workplace reality (i.e., employers generally don’t have the time or interest to read employee e-mails), it should also provide that no one other than a designated person has the authority to change the terms of the policy and that all such changes must be in writing.  There may be some additional recommendations in the articles referenced above and feel free to offer your own insight. Thanks.

Follow

Get every new post delivered to your Inbox.