The increased use of text messaging and email by employees has risen dramatically, with no end in sight. In the workplace, text messages and emails may be sent by employees using employer-issued computers, BlackBerry devices and cell phones. But what happens when an employee uses these employer-issued devices for personal messages? Does an employer have any right to access and read those messages? When does an employer cross over the line between controlling the use of employer-issued electronic devices and the privacy rights of its employees?
Several recent court decisions have highlighted the fundamental need for employers to have clearly worded policies addressing employee use of work-issued electronic devices. For example, the City of Ontario, CA police department found itself in litigation when it reviewed personal text messages sent to and from a City-issued pager. The police department distributed pagers to its officers so they could quickly respond to emergencies. The City’s contract with its service provider set a monthly limit on the number of characters sent or received – – if employees went over this limit, they were charged a fee. One of the officers went significantly over the limit, and the police department elected to examine whether the overage was due to work-related text messages or personal text messages. When the police department obtained a transcript of the officer’s messages, it discovered that many of them were sexually explicit, and were sent while the officer was on duty. Because this conduct violated the police department’s policies, the officer was disciplined, and later initiated a lawsuit against the department.
The United States Supreme Court held that the officer did not have a right to privacy in this situation. The police department had a legitimate interest in ensuring that employees were not being forced to pay out of their own pockets for work-related expenses, and that the City was not paying for excessive personal communications. Furthermore, the search was reasonable in scope, and not overly intrusive. Finally, and importantly, the Court noted that the City had a policy in place that allowed the City to monitor and log all network activity (including text messages), and that employees should have no expectation of privacy or confidentiality when using those resources. Although this decision involved a public employer, the ramifications and lessons learned extend to private employers as well.
By contrast, the New Jersey Supreme Court ruled in favor of an employee who sent and received email messages on an employer-issued laptop computer. The employee routinely exchanged email messages with her attorney. The employee, however, used a personal, password-protected internet email account. The employee later filed an employment discrimination lawsuit against her employer, and the employer attempted to obtain the emails because they were sent and received on the company-issued computer.
The Court held that the employee had a reasonable expectation of privacy in her private, password protected internet email account, and the act of sending and receiving emails via a company laptop did not eliminate the attorney-client privilege that protected them. The employer had a policy in place that allowed the company to review any messages sent on its media systems – – however, the policy also permitted “occasional personal use” of email. The Court noted that the policy’s email provision was not clear because it did not address personal email accounts, as opposed to work email accounts. The Court stated that it was proper for companies to adopt lawful policies relating to computer use, but in this situation, the public policy interest underlying the attorney-client privilege trumped any policy that the employer might have to access personal, password protected email accounts on the company’s email system.
These decisions are instructive for employers. Most importantly, employers should have clearly worded policies related to the use of employer-issued electronic devices and computers. At a minimum, the policy should contain:
• Specific definitions of the work devices and messages that are covered by the policy – – for example, work-issued computers, BlackBerry devices and cell phones;
• A provision addressing whether an employee is permitted to use work devices for personal use; and the extent to which that use is allowed;
• A provision informing employees that the employer may monitor and log all work devices and accounts;
• A provision informing employees that the employer may access and search work devices and accounts, and that employees have no expectation of confidentiality or privacy in messages sent over those devices;
• A provision allowing for disciplinary action if the policy is violated; and
• A form for employees to sign acknowledging receipt of the policy.
Significantly, if an employer conducts a search of its employees’ devices or accounts, the search must be motivated by a legitimate, work-related purpose. Unfocused fishing expeditions for undefined information may not survive an employee’s challenge and will expose the employer to litigation. Any search should be kept reasonable in scope and may not be any more intrusive than necessary. If there is any question about the purpose and scope of the search, the employer should consult with legal counsel prior to any action. Having clearly defined policies and procedures will define the line between personal and private use of work-issued devices and minimize the employer’s exposure to litigation.