Employers - Employee E-mail and Text Messages Are Private, Absent an Employee Policy to the Contrary
|Prepared By: Melissa C. Marsh, Los Angeles Employment Attorney
Written: March 2009
On December 14, 2009, the United States Supreme Court decided to hear a previously decided case, Quon v. Arch Wireless, 529 F.3d. 892 (9th Cir. 2008). In Quon, the Ninth Circuit Court of Appeals ruled that a police office retains his reasonable expectation of privacy in his personal text messages when supervisors fail to follow and enforce the City's written "Computer Usage, Internet, and E-mail Policy" which provided that City provided cell phones must only be used for city business and that employees were to have no expectation of privacy when using those devices.
Do your employees have access to an employer provided cell phone, computer or email?
Did you know that your employee's email and text messages are protected by state and federal privacy laws? Did you know that an employer does NOT have the right to access, monitor, view or use an employee's text messages or email? Did you know that an employer can be held liable for what its employees do on the internet and say in their text messages and email? Did you know that an effective well written and enforced employee cell phone, computer, internet and email use policy will eliminate the employee's reasonable expectation of privacy and limit an employer's potential liabilities?
Many employers are already aware of the open ended liability they face in this technological era and over 75% have established an employee policy governing the use of the internet and email. Unfortunately many of these policies are outdated, do not cover cell phones and text messages, and are not consistently enforced, and this can render the policy basically useless.
Eliminating The Employee's Reasonable Expectation of Privacy.
Pursuant to various state and federal laws, an employee has a reasonable expectation of privacy in and to their email and text messages. If an employer violates that reasonable expectation of privacy the employer can be subjected to both criminal and civil penalties and held liable for punitive damages and the employee's attorney’s fees and costs. This reasonable expectation of privacy can be greatly reduced (not eliminated) if the employer has its employees read and sign a well written employee Cell Phone, Computer, Internet and Email Use Policy. A well written policy will advise the employee that the employer has the right to intercept, access, view, monitor, and use an employee's internet history, text messages, email messages, and voicemail.
"All voicemail, email and text messages composed, sent or received through [company's] computer network, e-mail system, or on a company provided cell phone is the property of [company]. These communications do not belong to the employee. Employee explicitly gives employer the right to intercept, access, view, monitor and use all such communications, whether relating to Company business or employee's personal matters. Company provided technology (including internet, email, and cell phone services provided by Company to Employee) shall only be used to conduct of business at the Company, unless employee has separately signed a consent form authorizing employer to access his of her personal e-mail account, and personal communications. Even if such is the case, any personal communications while on Company time should be kept to a minimum, and limited where possible to breaks or personal time."
Please note that this should not be the end of your written policy, but only a single part. The employee policy should describe the purpose and proper use of company provided technology. The employee policy should broadly prohibit an employee from using company provided technology for anything illegal. The employee policy should specifically prohibit the employee from using company provided technology in any way that would harm the company, an employee of the company, or a client of the company. The employee policy should also set forth how the company monitors such communications for abuse.
Reducing Employer Liability For Employee Misuse of Company Provided Technology.
Absent a well written employee computer, cell phone, internet and email use policy, the employer can be held responsible and liable for its employee's misuse of company provided technology. What kind of misuse? An employee can disseminate an email or text message that creates a hostile work environment, sexually harasses one or more employees, is discriminatory, is pornographic, or is violent. An employee can download hard core pornographic material, participate on an illegal gambling site, or illegally download music or films. Do you the employer really want to be held responsible and liable? Obviously not and for this reason a well written employee policy will prohibit the employee from engaging in a host of specifically set forth activities.
In addition to reducing the possibility for a host of employee lawsuits, an effective employee computer, cell phone, internet and email use policy can also improve productivity, prevent the dissemination of confidential information, and eliminate the risk of being held liable for copyright infringement if an employee improperly downloads and distributes protected material from the internet.
The Written Policy Is Not Enough – It Must Be Consistently Enforced.
How the Computer, Cell Phone, Internet and Email Use Policy is enforced is just as important as how it is written. A well written employee policy governing the use of cell phones, computers, and the internet (including text messages and email) cannot totally eliminate an employee's right to privacy, and where it may the expectation of privacy may be revived if the company's supervisors and management fail to follow the policy.
First it is important for an employer to institute procedures to routinely monitor internet use and email and text messages, at least in specified situations (e.g. to protect the business or the employer). In conjunction with this procedure, the written policy should state that the employer's failure to monitor in particular situations does not waive the employer's right to monitor.
California employers should be aware that although they need to monitor their employee's communications, no policy can give them the unfettered right to view such communications if they are strictly personal, do not violate any laws, and do not jeopardize the company, its employees, or its clients. Consequently, proper procedures must be established to monitor only for abuse. For example, management will access and review employee transmitted emails and text messages if it appears that employee has downloaded illegal or copywritten materials such as pornography, music or films; has disseminated an email or text message that may create a hostile work environment, is sexual in nature, violent, or obscene; that transmits company or client confidential information to outside third parties without the Company's consent; etc... In addition to proper procedures, the company's policy should also set forth the penalties in the event of one or more violations of the policy.
The following case, Quon v. Arch Wireless, underscores the importance of having well written employee policies and of ensuring your managers and supervisors consistently apply them as written.
Facts. In Quon v. Arch Wireless, the police department provided pagers with text-messaging capabilities to its officers under an acknowledged Computer Usage, Internet and E-Mail policy that clearly stated that personal use of department provided devices was prohibited, that access to email was not confidential, and that the City reserved the right to monitor and log all of the employee's network, email and internet activities with or without notice. Despite the clearly written policy, the Department also had an informal policy under which the officers were told that they could personally pay for their excessive personal usage and in turn avoid an investigation into, and review of, their text messages to determine if they were work related. The City did not maintain of copy of the text messages sent and received on their own network, but its service provider (Arch Wireless) did retain a backup copy of the text messages.
Following several unpaid monthly overages by certain officers, an investigation ensued. As the request of its subscriber (the City), Arch Wireless turned over its backup copy of the text messages sent and received by the specified officers. Upon learning that their supervisors were reviewing their text messages, the affected officers sued both Arch Wireless and the City.
Held. The Ninth Circuit Court of Appeals held that Arch Wireless violated the Stored Communications Act because the written consent provided by the officers to the City did not cover Arch Wireless which had its own obligations under the Stored Communications Act. The Stored Communications Act prohibits providers of an “electronic communication service” from disclosing stored e-mail or text messages without the written consent of the sender or recipient of the message.
As to the City (the Employer), the Court held that the officers had a reasonable expectation of privacy in their text messages despite the acknowledged Computer Usage, Internet and Email Policy because: (1) the City did not monitor its employee's text messages even when they exceeded the usage limits; and (2) the Department nullified its clearly written policy by informing the officers that so long as they paid any overage charges, the City would not review their text messages to determine if they were work related.
The decision in Quon v. Arch Wireless makes it clear that a California employer's clear and express Computer, Cell Phone, Internet and E-Mail Use policy, when adhered to, can significantly reduce an employee's reasonable expectation of privacy in email and text messages stored on the employer's computer system. Had the Department strictly followed the City's written employee policy and simply advised its officer employees that the employee policy applied to text messages, the officer employees would not have had a reasonable expectation of privacy. According to the Court, the
Department's informal practice of allowing the officers to avoid a review of their text messages by paying the overage charges invalidated the City's written policy and revived the officer's reasonable expectation of privacy in and to their text messages. Please note that on December 14, 2009, the United States Supreme Court agreed to hear Quon v. Arch Wireless, 529 F.3d. 892 (9th Cir. 2008).
What California Employers Should Do.
In light of the decision in Quon v. Arch Wireless, and until the United States Supreme Court rules otherwise, California employers have four things to add to their to-do list.
1. Implement a comprehensive Cell Phone, Computer, Internet an Email Use Policy. All California employers should have a well written Cell Phone, Computer, Internet and Email Use Policy prepared and then read and signed by each of their employees. The key to preventing claims and limiting potential liability is having the employee's consent. Once an employee is on notice that his or her voice, text message, and email communications are not private, and has acknowledged their rights and responsibilities as to what is permitted and not permitted with respect to the employer's cell phones and computer hardware, software, and network equipment the employer can effectively limit the liability stemming from its misuse.
Employers with computer, email and internet use policies drafted years ago should have them reviewed and revised to ensure other electronic communications such as Instant Messaging, blogging, and text messaging are addressed.
Employers with relatively new cell phone, computer, internet and email use policies should redistribute the policy to their employees as a reminder.
2. Consistently Follow The Written Employee Policy. California employers should train managers and supervisors, and regularly remind them to consistently and strictly follow the company's written employee policies. In establishing proper procedures, employers must consider that there is a difference to monitoring for abuse (which is permissible) and simply browsing the employee's personal and private communications.
3. Review How Text Messages and Email Works With The Company's Cell Phone Provider. California employers who provide their employees with cell phones, PDAs and/or computers that have email and text-message capabilities should explore whether it is cost-effective to back up network activity to their own computers. If so, the California employer may decide to issue devices that can be configured to route all communications through the employer's corporate network. Alternatively, a California employer may consider conditioning the payment of their employee's cell phone service charges on the employee giving the service provider his or her prior written consent to disclose device usage records and copies of email and text messages to the employer; any employee who refuses to provide written consent would either be denied a company issued cell phone, or required to turn in an expense reimbursement form along with the appropriate documentation proving the usage was work related.
A California employer should also seriously consider whether to prohibit access to personal e-mail accounts on company provided equipment (e.g. company provided cell phone, PDA, computer); or in the alternative, to allow such access only if the employee provides written authorization for the employer to access their personal e-mail account.
4. Have an Attorney Review and Revise Your Employee Computer Use, Internet and Email Policy. After exploring all of the options available, and performing any necessary cost-benefit analysis, the employer should review, and revise if necessary, their employee Computer, Email and Telephone Use Policy to ensure the employees have acknowledged and agreed that any messages sent or received by email or text on a company provided computer or device may be monitored, viewed and accessed by the employer whether stored on the employer's computer system, or a third-party service provider's system.
If you would like the assistance of a Los Angeles, California employment law attorney to advise your small or medium sized business on employee matters, or to prepare your employee policies, please call: 818-849-5206 or Email Melissa C. Marsh, a Los Angeles, California employment law lawyer based in Sherman Oaks and West Hollywood. We are available to serve small and midsize businesses throughout Los Angeles County, including: West Hollywood, Beverly Hills, Miracle Mile, Burbank, North Hollywood, Valley Village, Toluca Lake, Studio City, Sherman Oaks, Van Nuys, Encino, and Woodland Hills.
© 2009 Melissa C. Marsh. All Rights Reserved.