Recent Court Case Tests Privacy of Employee E-Mails and Text Messages
Page Content
E-mail and other electronic communications such as text messaging are becoming the predominant method of communication in many workplaces. Employers have benefited from increased efficiency and productivity due to widespread use of e-mails and text messages. Some employers monitor employee e-mails and text messages to protect against disclosure of confidential business information, and to detect and deter improper or unproductive employee behavior. Because employees have personal communications with their co-workers, friends or families during business hours, including e-mails on company computers and text messages on company cell phones or pagers, employer monitoring of these electronic communications may raise personal privacy issues under some circumstances.
Several federal laws protect against invasion of employee e-mails and text messages. In addition to prohibiting unlawful interception or monitoring of the contents of wire communications, such as telegrams and telephone calls, the Federal Wiretap Act prohibits the same invasion of the contents of wireless communications, such as cell phone calls and text messages. Title I of the Electronic Communications Privacy Act (ECPA) prohibits unlawful interception and disclosure of electronic communications, including e-mails and text messages. Title II of ECPA, also known as the Stored Communications Act (SCA), prohibits unlawful access and disclosure of electronically stored wire and electronic communications. E-mails and text messages are covered by Title I while in transit between parties and by Title II while in electronic storage for backup or delayed transmission purposes.
Three key exceptions allow employers to monitor employee e-mails and text messages without violating ECPA or SCA. Under the "business use" exception, equipment used in the ordinary course of an employer’s business, such as company-owned computers, cell phones and pagers, are not considered electronic communication systems or devices by which electronic communications protected under ECPA may be transmitted. The "service provider" exception, which permits the provider of an electronic communication service to intercept or access electronic communications transmitted or stored by that service in the normal course of its business, means that an employer may monitor employee e-mails that are transmitted or stored by a company-owned computer system.
The "consent" exception permits employer monitoring of employee e-mails and text messages where one of the parties to these electronic communications has given prior consent to the monitoring. Employee consent to such monitoring may be implied when company-owned computers, cell phones or pagers are used, but express consent for such monitoring may be obtained from employees by having an electronic communications policy that allows monitoring and getting employees to acknowledge the policy in writing.
Employee e-mails and text messages that do not fall under one of these exceptions may not be intercepted or monitored by employers without violating ECPA or SCA. Personal e-mails sent or received by an employee using his or her web-based personal e-mail account, like a Yahoo, AOL, Hotmail or Gmail account, ordinarily do not fall under one of these exceptions, even when the employee accesses that personal account using Internet service provided by the employer’s computer system. Text messages sent or received by an employee using his or her personal cell phone or pager normally do not fall under one of these exceptions. Under the "consent" exception, a company policy acknowledged by employees in writing may permit an employer to monitor such personal e-mails and text messages if the policy expressly applies to e-mails and text messages sent by personal e-mail accounts, cell phones or pagers during work hours or on company premises. As a practical matter, though, most employers do not extend their monitoring of e-mails and text messages to personal e-mail accounts, cell phones and pagers because they recognize that employees often need to take care of personal business while working and some level of privacy and trust in the workplace is necessary.
The protections of ECPA and SCA apply to both private and public employers. Unlike private employers, public employers may face additional scrutiny under the U.S. Constitution’s prohibition against unreasonable "search and seizure" when monitoring employee e-mails and text messages. It prohibits a government employer’s search and seizure of an employee’s private property if the employee has a reasonable expectation of privacy in that property and the government employer’s intrusion on the employee’s privacy is not reasonably necessary for protection of a government interest. Ordinarily, a public employer’s reasons for monitoring e-mails and text messages will qualify as necessary for protection of a government interest. However, a government employer’s monitoring of an employee’s personal e-mails or text messages may violate the constitutional prohibition under some circumstances, particularly if the e-mails or text messages are transmitted by the employee using his or her personal e-mail account or cell phone and the employer has no policy permitting it to monitor such personal electronic communications.
A recent court case tests the boundaries of the exceptions for employer monitoring of employee e-mails and text messages under ECPA, SCA and the U.S. Constitution’s prohibition against unreasonable search and seizure.
In Quon vs. Arch Wireless, a federal appeals court ruled that a local police department’s monitoring of a police officer’s personal text messages transmitted on his department-owned pager violated the U.S. Constitution’s prohibition against unreasonable search and seizure. The department had a written policy governing use of its computers and providing for employer monitoring of employee Internet use and e-mails, but had no official policy governing use of the pagers it provided to police officers. The department had an informal policy limiting each pager to 25,000 characters per month for text messages and allowing officers to avoid any audit of their text messages if they paid the overage charges for exceeding this limit. Notably, the department’s informal policy did not address any aspect of the contents of text messages.
While investigating a police officer for repeatedly exceeding the 25,000 character limit, the police department persuaded its pager messaging service provider to retrieve the officer’s text messages from its electronic storage system and turn them over to the department. After reviewing the contents of the officer’s text messages and finding that many of the messages were to his wife and friends and were sexually explicit, the department sought to discipline the officer for violating department policy. The officer sued the department for violating his constitutional right against unreasonable search and seizure and the department’s pager messaging service provider for violating SCA.
The federal appeals court in Quon vs. Arch Wireless held that the officer had a reasonable expectation of privacy in the contents of his personal text messages, even though they were sent or received on a department-owned pager, because the department had no policy prohibiting such personal use or addressing the contents of text messages and the messages were being held in storage by a third-party messaging service. The court held further that the department’s purpose for obtaining the text messages, to investigate the officer for exceeding the 25,000 character limit, did not justify its review of the contents of the messages because the department’s informal policy allowed the officer to avoid any audit of his messages if he paid the overage charges for exceeding the limit. The court also ruled that the department’s pager messaging service provider violated SCA because it retrieved the officer’s text messages from its electronic storage as a third-party messaging service and turned them over to the department without the officer’s knowledge or consent.
This case illustrates the importance of having a comprehensive policy, acknowledged by employees in writing, that governs employee use of the employer’s computers, cell phones and pagers and provides for lawful employer monitoring of employee e-mails and text messages.
Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601