Mark E. Schreiber and Barbara A. Lee published an article on the New Liabilities and Policies for Incidental Private Use of Company Electronic Systems and PDAs.
The discussion in the article comes from the decision in Quon v. Arch Wireless Operating Company, Inc., 529 F.3d 892 (9th Cir. 2008). In that case the court found that a police department had violated the Fourth Amendment and state constitutional rights of employees and the people they exchanged text messages with, when they reviewed “personal” text messages created on devices owned and issued by the police department. It also found that the text messaging provider, Arch Wireless, violated the Stored Communications Act (SCA), 18 U.S.C. §§2701-2711, by providing transcripts of these messages to the employer.
The authors point out that the decision in Quon deals with constitutional questions involving government employees. The same positions may not be true for non-government employees. But there are still lessons to be learned:
- Policies regarding employee use of email, internet access, and mobile devices should be clear that employees have no expectation of privacy
- Policies should make it clear that employees can expect their use of computer systems and devices, including personal use and messages, to be subject to monitoring and access by the employer with or without notice.
- Carefully draft service agreements to comply in advance with the SCA and other wiretap type statutes with “consent” language.
- Update subpoena and document response policies and protocols to comply with the SCA and, if the company operates internationally, foreign laws.