A recent decision from the European Court of Human Rights, which found that an employer’s monitoring of its employee’s Yahoo instant messenger work account did not violate the employee’s privacy right, has reignited discussions over an employee’s privacy rights in the workplace. But, whether in the U.S. or Europe, employers should be cautious about searching their employee’s computers or smart technology.
In the United States, the Fourth Amendment’s prohibition against unreasonable searches and seizures creates certain privacy protections for individuals, so long as that expectation of privacy is reasonable. The Fourth Amendment, however, only extends to governmental actors and not private employers, protecting, for example, the police officer or firefighter and not the administrative employee at a private enterprise. But, many states, like California, have the state law equivalent of the Fourth Amendment or common law protections that extend privacy rights to private sector employees. And, generally, whether public or private, similar considerations exist for determining whether an employer may monitor an employee’s technology use.
A good guideline for all employers is the standard articulated by the Supreme Court: a (government) employer’s warrantless search is reasonable if it is for a noninvestigatory, work-related purpose or for the investigation of work-related misconduct and (i) the search is justified at its inception and (ii) the way the search is conducted is reasonably related to the objectives of the search and not excessively intrusive in light of the need for the search. In this particular case, it was rather significant that the public employer had a policy in place warning employees that it had the right to monitor all network activity, including e-mail and internet use.
Actually, in any situation that involves an employer monitoring an employee’s technology use, whether the employer has a technology monitoring policy in place will likely be outcome determinative. Why? Because such policies diminish employees’ expectation of privacy since they are forewarned not to have such an expectation with their technology use.
One state court delineated the best-practices for such policies:
(1) First, clearly state in the policy that electronic communications are to be used solely for company business, and that the company reserves the right to monitor or access all employee Internet or e-mail usage.
(2) The policy should further emphasize that the company will keep copies of Internet or e-mail passwords, and that the existence of such passwords is not an assurance of the confidentiality of the communications.
(3) The policy should include a statement prohibiting the transmission of any discriminatory, offensive or unprofessional messages.
(4) Employers should also inform employees that access to any Internet sites that are discriminatory or offensive is not allowed, and no employee should be permitted to post personal opinions on the Internet using the company’s access, particularly if the opinion is of a political or discriminatory nature.
(5) The employee should acknowledge having read and having received the policy in writing.
But, even with such a policy in place, employers should be careful not to make their searches too broad, i.e., beyond the scope of what the search is for. Whether such searches are permissible becomes even grayer when employers allow employees to use their own technology for work. An employer must also be particularly sensitive about searching an employee’s smartphone, whether work provided or a personal phone used for work, because the Supreme Court has recognized that smartphones contain particularly sensitive personal information that an employee carries with them as they go about their day.
Because the law continues to change and evolve in this area, it is always best to consult with in-house or outside legal counsel before conducting such a search.