1.12k likes | 1.14k Views
This comprehensive guide covers trends, laws, and issues surrounding workplace surveillance, including electronic monitoring, data privacy, and employee rights. Learn about relevant statutes, court cases, and best practices to protect privacy in the workplace.
E N D
Privacy in the Workplace:Electronic Surveillance Under State and Federal Law Charles Lee Mudd Jr. – Mudd Law Offices © 2010 Mudd Law Offices
Overview Trends in Workplace Surveillance Highlights of Applicable Law More Common Surveillance Issues Arbitration - Lessons Learned Policy Guidelines Novel Circumstances © 2010 Mudd Law Offices
Trends in Workplace Surveillance 1997 13.7% of employers monitored computer files 14.9% of employers monitored e-mail Data obtained from the American Management Association © 2010 Mudd Law Offices
Trends in Workplace Surveillance (cont’d) 2007 43% of employers monitored computer files 43% of employers monitored e-mail Data obtained from the American Management Association © 2010 Mudd Law Offices
Trends in Workplace Surveillance (cont’d) ADDITIONAL STATISTICS 66% of employers monitor Internet connections 12% of employers monitor blogs for comments on company 10% monitor social networking sites 8% use GPS to track company vehicles American Management Association DATA © 2010 Mudd Law Offices
Trends in Workplace Surveillance (cont’d) The Privacy Foundation reports that of those employees "who regularly use e-mail or Internet access at work," fourteen million "are under 'continuous' surveillance ... for their Internet access or e-mail usage." © 2010 Mudd Law Offices
Trends in Workplace Surveillance (cont’d) For a myriad of reasons… the monitoring of employee activity and conduct by employers through electronic surveillance in the workplace …will continue to increase. © 2010 Mudd Law Offices
Protecting Employers … and Employees With increasing prevalence of workplace surveillance Employers Must Be Advised Properly… … in Advance of Implementation © 2010 Mudd Law Offices
Highlights of Applicable Law United States Supreme Court Federal Statutes State Statutes Common Law © 2010 Mudd Law Offices
O'Connor v. Ortega 480 U.S. 709, 107 S. Ct. 1492 (1987) While investigating alleged impropriety, public employers broke into employee’s office, desk, and file cabinet Court determined neither party entitled to summary judgment and affirmed in part and reversed in part ….HOWEVER…. United States Supreme Court © 2010 Mudd Law Offices
Supreme Court (cont’d) Ortega helped establish: Analytical Process in Workplace Privacy: Expectation of privacy? Reasonableness of search at inception? Reasonableness of search in scope? © 2010 Mudd Law Offices
Supreme Court (cont’d) For legitimate work-related, non-investigatory intrusions as well as investigations of work-related misconduct, a standard of reasonableness is used. © 2010 Mudd Law Offices
Supreme Court (cont’d) City of Ontario v. Quon 177 L. Ed. 2d 216 (U.S. 2010) The review of transcripts of employee text messages held to be reasonable given that legitimate non-investigatory reasons prompted the review. (to determine whether the character limit on the city's contract was sufficient to meet the city's needs) © 2010 Mudd Law Offices
Supreme Court (cont’d) Principles arising from and reaffirmed in Quon: special needs of workplace is an exception to Fourth Amendment warrant requirement “the extent of an expectation [of privacy] is relevant to assessing whether the search was too intrusive” © 2010 Mudd Law Offices
Supreme Court (cont’d) Note: Utah equivalent of Fourth Amendment Utah Constitution, Art I., § 14 © 2010 Mudd Law Offices
Federal Statutes Primarily…. Electronic Communications Privacy Act Stored Communications Act Computer Fraud and Abuse Act © 2010 Mudd Law Offices
Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. § 2511, criminalizes Intentional interception of oral, wire or electronic communication Discloses Uses © 2010 Mudd Law Offices
Question: What is interception (……still debated…..) Question: What is electronic communication? United States v. Councilman, 418 F.3d 67 (1st Cir. Mass. 2005) United States v. Szymuszkiewicz, 2009 U.S. Dist. LEXIS 60755 (E.D. Wis. June 30, 2009) Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. © 2010 Mudd Law Offices
Civil Remedies generally any person whose wire, oral, or electronic communication is intercepted, disclosed, or intentionally used Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. © 2010 Mudd Law Offices
Relief Preliminary, declaratory and other equitable reasonable attorney’s fee and costs Damages, either (a) actual plus profits OR (b) statutory ($100/day or $10,000) 18 U.S.C. § 2520 Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. © 2010 Mudd Law Offices
Employers cannot: use any devices to intercept wire, oral, or electronic communication. Use or disclose any information obtained through these methods Disclose or obtain unauthorized access to stored communications. Three Exceptions….. Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. © 2010 Mudd Law Offices
Employers cannot: use any devices to intercept wire, oral, or electronic communication. Use or disclose any information obtained through these methods Disclose or obtain unauthorized access to stored communications. Three Exceptions….. Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. © 2010 Mudd Law Offices
THREE EXCEPTIONS If one party has given prior consent. Business extension exception – Certain interceptions are OK in the ordinary course of business. Provider exceptions – Certain interceptions OK on internal communications systems. Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. © 2010 Mudd Law Offices
Consent: requires only that one party to the communication consent to its interception and access (but be wary of stricter statutes) Providers: employers who own and provide their own e-mail or instant message systems are exempt Not applicable if the interception occurs in the “ordinary course of business.” Electronic Communications and Privacy Act 18 U.S.C. § 2510, et seq. © 2010 Mudd Law Offices
whoever-- intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; AND….. Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished . . . Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
(REMEMBER - CRIMINAL STATUTES) Civil Remedy Very similar to ECPA except minimum statutory of $1,000 Punitive if willful determination 18 U.S.C. § 2707 Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
18 U.S.C. § 2702 Providers generally cannot disclose contents of communications except in certain instances Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
General Thoughts Harsher penalties when done for malicious purposes or commercial advantage Certain permission creates exceptions Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
General Thoughts Provides exception for “the person or entity providing a wire or electronic communications service.” Thus, courts have been favorable to employers when e-mails occur on employer-created e-mail servers. BUT BE WARY…..MISPERCEPTION Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
City of Ontario, California v. Quon, et al. SCA Question: In storing texts, was Arch Wireless acting as a “remote computing service” or an “electronic communication service”? If remote computing service, it could disclose, as subscriber was the City employer. Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
City of Ontario, California v. Quon, et al. SCA Question: If electronic communication service, it could not disclose because the City was not an “originator or an addressee or intended recipient of such communication.” This is what Ninth Circuit concluded. Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
Impact of Quon on Use of Employer Devices by Employees will continue…. Stored Communications Act (18 U.S.C. § 2701) © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) Prevents Unauthorized Access or Exceeding Authorized Access to Computers in Variety Contexts - National Security - Financial Information - Information from Government - Protected Computer © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) Protected Computer Financial Institution or related Interstate or Foreign Commerce 18 U.S.C. § 1030(e)(2) © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) Protected Computer …… and Causes Damage © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) Civil Remedy provision 18 U.S.C. § 1030(g) Anyone harmed BUT…. © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) One of five types of damage Most Common (I) loss to 1 or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the United States only, loss resulting from a related course of conduct affecting 1 or more other protected computers) aggregating at least $5,000 in value; © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) Also: affecting medical examination, diagnosis, treatment, or care physical injury to any person; a threat to public health or safety; damage affecting a computer used by or for an entity of US © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) Must be Unauthorized Access Exceeding Authorized Access Key Question…. © 2010 Mudd Law Offices
Computer Fraud and Abuse Act (CFAA) (18 U.S.C. § 1030) Snap-on Business Solutions Inc. v. O'Neil & Assocs., Inc. (N.D. Ohio April 16, 2010) (Examined Agreements, question of fact denied MSJ) LVRC Holdings LLC v. Brekka, 581 F.3d 1127 (9th Cir. 2009) (access not automatically unauthorized if disloyal) International Airport Centers, LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006) (employee who violates duty of loyalty, no authorization) US v. Drew, 259 F.R.D. 449 (C.D. Cal. 2009) (violation of TOS not enough) © 2010 Mudd Law Offices
State Statutes Utah Offenses Against Privacy 76-9-403 Privacy Abuse 76-9-403 Communications Abuse Interception of Communications Act 77-23a-1, et seq. Access to Electronic Communications 77-23b-1, et seq. © 2010 Mudd Law Offices
Utah 76-9-402. Privacy Violation (1)A person is guilty of privacy violation if, except as authorized by law, he: (a)Trespasses on property with intent to subject anyone to eavesdropping or other surveillance in a private place; or © 2010 Mudd Law Offices
Utah 76-9-402. Privacy Violation (1)A person is guilty of privacy violation if, except as authorized by law, he: (b) Installs in any private place, without the consent of the person or persons entitled to privacy there, any device for observing, photographing, recording, amplifying, or broadcasting sounds or events in the place or uses any such unauthorized installation; or © 2010 Mudd Law Offices
Utah 76-9-402. Privacy Violation (1)A person is guilty of privacy violation if, except as authorized by law, he: (c) Installs or uses outside of a private place any device for hearing, recording, amplifying, or broadcasting sounds originating in the place which would not ordinarily be audible or comprehensible outside, without the consent of the person or persons entitled to privacy there. © 2010 Mudd Law Offices
Utah 76-9-403. Communication abuse (1) A person commits communication abuse if, except as authorized by law, he: (a) Intercepts, without the consent of the sender or receiver, a message by telephone, telegraph, letter, or other means of communicating privately; [Illinois legislation] © 2010 Mudd Law Offices
Utah 76-9-403. Communication abuse [the foregoing paragraph] does not extend to: Overhearing of messages through a regularly installed instrument on a telephone party line or on an extension; or Interception by the telephone company or subscriber incident to enforcement of regulations limiting use of the facilities or to other normal operation and use; or © 2010 Mudd Law Offices
Utah 76-9-403. Communication abuse (b) Divulges without consent of the sender or receiver the existence or contents of any such message if the actor knows that the message was illegally intercepted or if he learned of the message in the course of employment with an agency engaged in transmitting it. (2)Communication abuse is a class B misdemeanor. © 2010 Mudd Law Offices
Utah 76-9-401. Definitions (1) "Private place" means a place where one may reasonably expect to be safe from casual or hostile intrusion or surveillance. (2) "Eavesdrop" means to overhear, record, amplify, or transmit any part of a wire or oral communication of others without the consent of at least one party thereto by means of any electronic, mechanical, or other device. (3) "Public" includes any professional or social group of which the victim of a defamation is a member. © 2010 Mudd Law Offices
Utah 76-9-401. Definitions (1) "Private place" means a place where one may reasonably expect to be safe from casual or hostile intrusion or surveillance. (2) "Eavesdrop" means to overhear, record, amplify, or transmit any part of a wire or oral communication of others without the consent of at least one party thereto by means of any electronic, mechanical, or other device. (3) "Public" includes any professional or social group of which the victim of a defamation is a member. © 2010 Mudd Law Offices