Don’t Fall Behind: Enact, Enforce & Update Technology and Network Use Policies
Employee privacy may be eroding as technology increasingly blurs the line between work and personal life. Courts are currently engaged in a balancing act – weighing employee privacy expectations against company interests in monitoring communications sent over their information systems. While recent decisions may have created confusion instead of certainty, they clearly illustrate the importance of proactively addressing the issues surrounding employee privacy and workplace security. Despite the murky nature of the law, there are a number of steps that both employers and employees can take to reduce the uncertainty that comes with hitting “send.”
If there is one common theme throughout the recent decisions regarding employee privacy in workplace communications, it is this: ambiguity in corporate policies and practices is a main point of contention and a driving force for judicial intervention. In Stengart v. Loving Care Agency,1 the usage policy at issue declared all communications to be company property, but also permitted occasional personal use. In this case, Stengart used her personal Yahoo! e-mail account to communicate with her attorney from her work computer. The Loving Care policy created a natural ambiguity – if the communications are personal, how or why should the company own them? In the recent U.S. Supreme Court decision from City of Ontario, California v. Quon,2the usage policy stated e-mail messages may be audited, but did not address pager messages. The established practice was that such communications would be left private, provided employees paid overages. Despite this ambiguity, the Supreme Court upheld the policy, citing the City’s well-documented steps taken to communicate to employees that pager messages would be treated similarly to e-mails messages. Companies can avoid subjecting themselves to the expense and uncertainty of prolonged litigation by drafting and implementing clear, consistent and defensible usage policies.
In addition to being comprehensive and unambiguous, technology and network use policies must be regularly evaluated and updated. As part of the update process, the policies should be tested to ensure they meet the needs of the company, accurately reflect the technology used by the employees and account for new forms of media, such as social networking sites and mobile phone advancements. The Quon decision illustrates the importance of updating these policies, as the Supreme Court could have easily decided the other way, much like the Stengart court did.
For employees, it is important to understand current usage policies so they can govern their conduct accordingly. In today’s world of integrated technology, people commonly use e-mail and mobile devices for both personal and work communications. However, recent decisions have demonstrated that in some circumstances, private communications on company-owned devices may be subject to lawful review by employers. Ensuring that employees are aware of and understand the current usage policies is also beneficial for companies. Employers should document the steps taken to implement the policy and train employees, to support their actions if a dispute arises.
Along these lines, it is critical for employers to communicate – and for employees to understand – which of their communications are retained and for how long. Many employees fail to recognize that a deleted file may not be gone forever. Even after a user deletes data, it can often be restored by forensic experts. Moreover, with the price of data storage constantly decreasing, the quantity of information companies are keeping is perpetually on the rise. However, in Alamar Ranch v. Boise,3 deleted e-mails exchanged between the defendant and her attorney were later recovered and used against her at trial. Employees must recognize that it may be possible and permissible for their employers to retrieve every text message, voicemail and e-mail they have sent or received on company equipment – months and even years later.
Even though documents are often recoverable, the process is complex and challenging. Retrieving data from increasingly sophisticated devices and emerging technology requires expert assistance beyond the capabilities of in-house resources. Seeking a professional service provider’s assistance can substantially decrease costs by improving efficiency and protecting data integrity.
Today, technology is about integrating communication, but as we become more “connected” our information may become less protected. Companies have a legitimate interest in monitoring their information systems, but poor planning now can lead to unnecessary and expensive litigation down the road. The Supreme Court declined to rule on an employee’s reasonable expectation of privacy in Quon, but nonetheless made clear that it will defer to employer usage policies, at least for now. Dispute prevention therefore requires clear, consistent and up-to-date policy management. In a slow economy, proactive steps may be a “tough sell” to senior management, but in a world where the courts have provided little practical guidance, having clear and up-to-date communication policies is certainly the best policy – for employers and employees alike.
12010 WL 1189458 (N.J. Mar. 30, 2010).
2No. 08-1332, 560 U.S. __ (2010).
32009 WL 3669741 (D. Idaho Nov. 2, 2009).