Protecting Privacy and Privilege in the Digital Workplace
Mobility is the status quo for the corporate world – the more portable the “workplace” becomes, the more productive employees can be. Employees also enjoy the quick accessibility and connectivity that advanced technology provides, and often use company equipment to conduct personal business. However, the convenience of using work-issued devices interchangeably for personal communications comes with the risk of losing privacy, especially if employees choose to use company equipment to exchange privileged e-mails with their private attorneys. Several courts have tackled this delicate balance between an employer’s right to monitor use of company-issued equipment with an employee’s right to privacy.
However, there appears to be fine line between the scope of legitimate business interests and an employee’s privacy rights. With a slight – but critical – twist of the facts from Alamar Ranch, the New Jersey Supreme Court concluded in Stengart v. Loving Care Agency that a plaintiff did not waive her attorney-client privilege when those communications landed in the hands of her former employer. Like the plaintiff in Alamar Ranch, Stengart communicated with her attorney using her work-issued computer, but she did so via her private, password-protected Yahoo! account rather than her work e-mail. Moreover, Loving Care’s usage policy was ambiguously worded such that Stengart was not properly notified that the company might access and monitor her personal communications. Ultimately, the court held that an employee has a substantive right to privacy in password-protected e-mails, with heightened protection when attorney-client communications are at stake, and that such communications are outside the scope of employment.
For the time being, the United States Supreme Court has passed on issuing a broad ruling addressing an employee’s reasonable expectation of privacy with regard to company-issued equipment. However, in City of Ontario, California v. Quon, the Supreme Court narrowly addressed an employer’s right to monitor the content of employees’ personal communications via company-issued equipment. At issue were text messages sent by a police officer, Jeff Quon, using his work-issued pager (privilege was not an issue). The Ontario Police Department reviewed transcripts of Quon’s text messages to determine whether the officers were allotted sufficient character amounts since Quon had exceeded the limit several times. Finding the City of Ontario possessed a “legitimate interest” for the search, the Supreme Court determined the method of text message transcript review was reasonable.
The Quon decision highlights the importance of a well-drafted, clearly communicated technology and network use policy. The City of Ontario created and implemented such a policy and communicated the policy requirements to all employees. Although the policy did not address pager text messages specifically, the City conveyed to all employees that text messages would be treated in the same manner as e-mail messages. The documented steps the City undertook helped overcome Quon’s argument that text messages were not a designated part of the use policy and thus could not be monitored.
As demonstrated by these cases, different courts may emphasize different factors, but a valuable lesson for companies is that establishing and adhering to a comprehensible company privacy and usage policy is essential. Because each case is fact-specific, an employer raises the likelihood of success if it is demonstrated that an unambiguous policy was established and clearly conveyed to all employees. Policies must also be frequently reviewed and updated to include new and emerging technology, such as social networking.