The question is simple: does an employer have a right to monitor and store an employee’s personal communications on a company-owned communication devise (i.e., PDA, laptop, cellphone, etc.)? Recent federal decisions suggest the answer is “yes” so long as (1) the employer has a policy in place addressing the issue; and (2) that policy has been clearly communicated to the employee.
In City of Ontario, Cal. v. Quon, 130 S. Ct. 2619, 2629-30 (2010) a police officer brought a Section 1983 action against the defendant city and its police department alleging in relevant part that the police department’s review of the officer’s text messages violated the Fourth Amendment. The Central District of California entered judgment in favor of the defendants on the Fourth Amendment claim. The officer appealed. The Ninth Circuit Court of Appeals thereafter held that the officer had a reasonable expectation of privacy in text messages, which the Supreme Court reversed.
In reversing the decision of the Ninth Circuit, the Supreme Court noted that “[r]apid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior.” “[M]any employers expect or at least tolerate personal use of such equipment by employees because it often increases worker efficiency. . . .[T]he law is beginning to respond to these developments, as some States have recently passed statutes requiring employers to notify employees when monitoring their electronic communications. At present, it is uncertain how workplace norms, and the law’s treatment of them, will evolve.”
The Supreme Court further acknowledged that there are arguments supporting both sides of this privacy issue. Indeed, on the one hand, “[c]ell phone and text message communications are so pervasive that some persons may consider them to be essential means or necessary instruments for self-expression, even self-identification. That might strengthen the case for an expectation of privacy.” On the other hand, “the ubiquity of those devices has made them generally affordable, so one could counter that employees who need cell phones or similar devices for personal matters can purchase and pay for their own.” While the Court refused to rule on the privacy issue directly, the Court strongly suggested that an employer’s written or other policies guide the privacy expectations of its employees: “employer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated.”
Similarly, in Shefts v. Petrakis, 758 F. Supp. 2d 620 (C.D. Ill. 2010), the president of a telecommunications company filed suit against the company’s vice presidents and other employees alleging that their installation of spyware on his company computer, laptop and handheld device, and interception of his communications on these devices, violated Federal Wire and Electronic Communications Privacy Act (“ECPA”), the Stored Communications Act (“SCA”), the Computer Fraud and Abuse Act (“CFAA”), and the Illinois Eavesdropping Statute. The parties cross-motioned for summary judgment.
The Central District of Illinois held in favor of the defendants for the following reasons, among others:
(1) The president consented to the interception of his email correspondence since he was involved with the purchase and installation of the company’s server, knew that the defendants had administrative rights over the server, knew that emails sent on the handheld device would be stored on the company’s network, and requested that the handheld device be reconnected to the server at various points during his employment;
(2) The president impliedly consented to interception of his text messages since the company manual clearly provided that communications sent and received on company equipment were not private and subject to viewing, downloading and archiving;
(3) The president did not have a reasonable expectation of privacy in communications sent from company-owned equipment, and thus impliedly consented to the company’s interception under the Illinois Eavesdropping Statute and federal Stored Communications Act.
With regard to the president’s ECPA claim, the Central District cited 18 U.S.C. 2511(2)(d), which states that “[i]t shall not be unlawful under [the ECPA] for a person…to intercept a…electronic communication…where one of the parties to the communication has given prior consent to such interception.” The court noted that “consent under this provision need not be explicit, it can also be implied. Implied consent is ‘consent in fact’ which is inferred from surrounding circumstances indicating that the party knowingly agreed to the surveillance.” (citations omitted).
With regard to the interception of the president’s text messages, the court noted that the employee manual made clear that the president’s electronic communications on company equipment were subject to archiving at all times. The manual stated, in relevant part, “Employees must be aware that the electronic mail messages sent and received on Company equipment are not private and are subject to viewing, downloading…and archiving by Company officials at all times.” Accordingly, the court held that the president’s handheld device was a piece of company equipment, and “thus this provision in the employee manual, in addition to [the president’s] decision to connect his [handheld device to the company server] which he knew could log communications sent from his [handheld] device, provided him with notice that all of his messages could be archived.”
The Central District of Illinois held in favor of the defendants on the president’s claims for violation of the Illinois Eavesdropping Statute and the SCA for the same reasons as set forth above.
In its decision, the Illinois District Court also cited Smyth v. Pillsbury Co., 914 F.Supp. 97, 101 (E.D. Pa. 1996), which held that for purposes of the common law tort of intrusion upon seclusion, a party does not have a reasonable expectation of privacy in email communications made over a company email system, even if he has been assured by management that the emails will not be monitored. Moreover, the court noted that other courts, as well as the Seventh Circuit, have held in other contexts that a party’s expectation of privacy in messages sent and received on company equipment or over a company network hinge on a variety of factors, including whether or not the company has an applicable policy on point. See also Muick v. Glenayre Electronics, 280 F.3d 741, 743 (7th Cir.2002) (“Not that there can’t be a right of privacy … in employer-owned equipment furnished to an employee for use in his place of employment … but [the employer] had announced that it could inspect the laptops that it furnished for the use of its employees, and this destroyed any reasonable expectation of privacy [the employee] might have had.”).