By Cameron G. Shilling (originally published 5/27/2011)
The American Bar Association has published in its Journal of Employment and Labor Relations Law an article I recently wrote analyzing the U.S. Supreme Court’s decision in Quon v. City of Ontario. The following is the opening passage from the District Court’s decision, and foreshadows the potential significance of this case with regard to data privacy issues.
“What are the legal boundaries of an employee’s privacy in this interconnected, electronic-communication age, one in which thoughts and ideas that would have been spoken personally and privately in ages past are now instantly text-messaged to friends and family via hand-held …electronic devices?”
The Supreme Court unfortunately sidestepped the two most pressing data privacy issues presented in this case – the scope of the federal Electronic Communications Privacy Act (ECPA) and Stored Communications Act (SCA), and the extent to which an employee has a reasonable expectation of privacy with respect to electronic communications on company owned computers and other electronic devices. While the court may have been able to sidestep these pressing issues, businesses cannot.
Businesses should prepare themselves to address data privacy issues before they arise, not after they become legal problems. To do so, a company should adopt an information use and electronic communication policy tailored to the business needs and corporate culture of the company. The policy should (at a minimum) instruct employees as follows:
1. Employees cannot expect that communications they have or data they create on company owned computers and devices will be private.
2. Communications and data on company owned computers and devices are company property, not personal property or information of employees.
3. The company reserves the right to access and review, and periodically does access and review, employees’ electronic communications and data on company owned computers and devices.
In addition, businesses should learn to recognize the digital privacy situations that raise potential liability under the ECPA and SCA. Although these laws are neither unambiguous nor simple to apply, with qualified legal counsel, businesses can minimize or avoid risk by planning ahead rather than just forging ahead.