Martin J. Mayer
Jones & Mayer
Recently, the Ninth Circuit, U. S. Court of Appeals, issued a ruling in the case of Quon v. Arch Wireless Operating Co. (June 18, 2008), where it held, among other things, that employees have a reasonable expectation of privacy in the content of personal messages they send electronically on the employer’s time and equipment. The good news, however, is that employers can alleviate those concerns by carefully drafting, and consistently enforcing, policies regarding the use of their electronic communications systems.
Reasonable Expectation of Privacy
Quon is a police officer for the City of Ontario and he, along with other officers, was issued a pager and allowed a quota of 25,000 test characters per month. The contract for service was with the Arch Wireless network. Although the department had a policy in place which alerted all employees that computers, e-mails and text messages were to be used for work only, and were subject to audit. However, the “operational reality” of the department was that officers were told that audits would not be conducted as long as they paid for any use exceeding the 25,000 characters per month.
However, when several officers, including Quon, continued to exceed the limit, the department suddenly decided to review the messages to determine if they were job related. The department said that, if they were job related, it would require increasing the number of messages officers were permitted to send each month. Therefore, the department asked Arch Wireless for copies of the transcripts and discovered that many of the messages were personal and/or sexual in nature, unrelated to work and, therefore, contrary to department policy.
Quon and others sued Arch, pursuant to the Stored Communications Act, for disclosing the transcripts, and sued the department for violating their Fourth Amendment rights under the U. S. Constitution and the Privacy Clause of the California Constitution.
Constitutional Protections and the Reasonableness of the Search
Following the advent of the Internet, and concerns of potential privacy violations, in 1986 Congress enacted the Stored Communications Act (SCA), 18 U.S.C. sec. 2701-2711, as part of the Electronic Communications Privacy Act. The SCA prevents “providers” of communications services from divulging private communications to certain entities and/or individuals. The court determined that Arch Wireless violated the SCA by sharing the wireless text messages of employees with the employer, absent a court order or consent of addresses or intended recipients.
The court also held that, because the Ontario Police department is a public employer, the Fourth Amendment of the U.S. Constitution and California’s Privacy Clause applied to the department’s review of the text messages. The court concluded that “as a matter of law, Arch Wireless is an ‘electronic communication service’ that provided text messaging service via pagers to the Ontario Police Department. The search of Appellants’ text messages violated their Fourth Amendment and California constitutional privacy rights because they had a reasonable expectation of privacy in the content of the text messages….”
The court pointed out that “there were a host of simple ways to verify the efficacy of the 25,000 character limit…without intruding on Appellants’ Fourth Amendment rights.” For example, the officer could have been told that, for the next month or two, he was forbidden from using the pager for personal communications and that “the contents of all of his messages would be reviewed to ensure the pager was used only for work related purposes during that time frame.” In other words, warn him first.
How This Affects Your Agency
First, the court was very clear that a public employer’s property interest is superseded by an employee’s privacy interest in text messages. Ironically, employees’ privacy interests are not necessarily impacted by contracts or policies that preclude improper use of text messages. Further, these policies do not appear to be bolstered by the fact that the employees have signed agreements that preclude improper use of the employer’s property. Quon had received and signed an explicit written policy which stated that he had no expectation of privacy in the messages.
Second, Quon exemplifies the problems associated with creating informal policies regarding the use of the agency’s property. It must be emphasized that the court determined that one of the employees had a privacy interest in the text messages based purely on his reliance on the informal policy. Thus, the informal policy became the de facto formal policy based upon the employees’ reliance. The court noted that while the lieutenant, who made the informal policy, was not the “official policymaker or even the final policymaker,” his rank and supervisory role made it “reasonable for Quon to rely on the policy—formal or informal—that [the lieutenant] established and enforced.”
It is also important to note that employees’ privacy interests are not without limits. The court cited Muick v. Glenayre and Bohach v. City of Reno to provide examples of ways that employers have successfully limited employees’ privacy rights. In Muick, the court ruled that a public employer’s policy that it would inspect all laptops “destroyed any reasonable expectation of privacy that [employees] might have had.”
In Bohach, the court determined that employees did not have a reasonable expectation of privacy when the police department had a policy that any message on a city issued pager could be seen by any employee “with access to, and a working knowledge of, the Department’s computer system.” By citing Muick and Bohach, the court seems to suggest that employers can strip employees’ privacy interest by instituting policies that make the item to be searched open to the employer and other employees of the agency.
Public employers must minimize the employee's interest in the device – or its products/contents -- by making the device as public (i.e. subject to disclosure) as possible. If this is done then employees have actual notice of the employer’s intent to monitor the information contained within the device. This policy would make the information on the pager more akin to a blog posting; rather than a personal email. Hence, the employee could not reasonably assert any privacy interest because the information is open for everyone to see.
· It is absolutely imperative that employers adopt, and make known to all employees, a policy which makes clear to the employees that there is no reasonable expectation of privacy in the use of the employer’s equipment.
· There should be clear policies regarding the use of the employer’s computers, the internet, cell phones, e-mail, text messaging devices, etc. which state that the employer reserves the right to monitor and log all network activity, with or without notice to the employee.
· It must be articulated that there is no confidentiality, on the part of the employee, when using the employer’s equipment.
Just as important as promulgating such policies is that they be enforced consistently and uniformly. Once an employer deviates from a stated policy, and allows an “informal” process to be established, the prohibitions or mandates set forth in the official policy are subject to challenge. Additionally, it is most important that the employer ensure that its supervisors and managers understand that their allowing deviations from official policies will result in their undermining the purpose of those policies and, perhaps, render them meaningless.
This is an area where all employers should confer with knowledgeable legal counsel for advice and guidance in order to avoid problems before they occur.