Digital Privacy Article Analyzing Quon v. City of Ontario Published in ABA Journal

By Cameron G. Shilling (originally published 5/27/2011)

The American Bar Association has published in its Journal of Employment and Labor Relations Law an article I recently wrote analyzing the U.S. Supreme Court’s decision in Quon v. City of Ontario. The following is the opening passage from the District Court’s decision, and foreshadows the potential significance of this case with regard to data privacy issues.

“What are the legal boundaries of an employee’s privacy in this interconnected, electronic-communication age, one in which thoughts and ideas that would have been spoken personally and privately in ages past are now instantly text-messaged to friends and family via hand-held …electronic devices?”

The Supreme Court unfortunately sidestepped the two most pressing data privacy issues presented in this case – the scope of the federal Electronic Communications Privacy Act (ECPA) and Stored Communications Act (SCA), and the extent to which an employee has a reasonable expectation of privacy with respect to electronic communications on company owned computers and other electronic devices. While the court may have been able to sidestep these pressing issues, businesses cannot.

Businesses should prepare themselves to address data privacy issues before they arise, not after they become legal problems. To do so, a company should adopt an information use and electronic communication policy tailored to the business needs and corporate culture of the company.  The policy should (at a minimum) instruct employees as follows:

1.  Employees cannot expect that communications they have or data they create on company owned computers and devices will be private.

2.  Communications and data on company owned computers and devices are company property, not personal property or information of employees.

3.  The company reserves the right to access and review, and periodically does access and review, employees’ electronic communications and data on company owned  computers and devices.

In addition, businesses should learn to recognize the digital privacy situations that raise potential liability under the ECPA and SCA.  Although these laws are neither unambiguous nor simple to apply, with qualified legal counsel, businesses can minimize or avoid risk by planning ahead rather than just forging ahead.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s