Employee Privacy Gains in the United States
2010 arguably was a breakout year for consumer privacy in the U.S., but the year also brought about significant changes to the legal landscape of employee privacy. Federal and state court decisions, state legislation and agency actions suggest that the U.S. may be moving towards a greater level of privacy protection for employees. Employers are well-advised to consider these developments in reviewing and revising policies that affect the privacy of their employees.
Traditionally, in the U.S., employees have enjoyed little privacy in the workplace. With respect to workplace communications, for example, employees generally are deemed not to have “a reasonable expectation of privacy.” With some limitations, this allows employers to freely monitor and review employee communications. Employees in the U.S. often must abide by company rules that limit or prohibit personal use of workplace email and provide for monitoring of all employee electronic communications. Companies also may impose sanctions on employees for criticizing or disparaging the employer outside of work, including on social networking websites. In another example of limited workplace privacy, employers regularly obtain credit reports regarding job applicants or employees being considered for promotions. While obtaining a credit report for employment purposes requires the consent of the individual, applicants and employees often are reluctant to withhold consent for fear of compromising their chances of landing a job or a promotion. Many employers obtain credit reports regardless of whether financial considerations are relevant to the job.
The recent court decisions, laws and agency actions we recap in this blog post are changing the workplace privacy rules. Employers should consider these developments carefully in evaluating their human resources, information technology, electronic communications and other policies that affect employee privacy.
U.S. Supreme Court Offers Guidance on Employee Privacy in City of Ontario, California v. Quon
On June 17, 2010, the U.S. Supreme Court ruled in City of Ontario, California v. Quon that a police department did not violate an officer’s Fourth Amendment rights when the officer’s supervisor reviewed personal text messages the officer sent using a work-issued pager. The Court held that the search of the messages was reasonable, and did not resolve the question of whether the officer had “a reasonable expectation of privacy” in the text messages. The Court stated that it was reluctant to wade into employee privacy debate in light of the novelty of the issue, the implications of opining on emerging technology before its role in the society has become clear, and the risk of making a ruling that is not fully informed.
The Court, however, set out some of the issues it could have considered had it been inclined to make a ruling on the employee’s privacy expectations. The Court observed that in Quon a finding of an expectation of privacy in text messages could have been supported by the ubiquity of mobile communications that makes the communications essential or necessary instruments for self-expression, even self-identification. On the other hand, the Court suggested that the ubiquity of messaging devices also made them generally affordable, so that employees who need mobile devices for personal use can purchase and pay for their own. The Court observed that employee communications policies shape the reasonable expectations of their employees, especially when such policies are clearly communicated to the employees. The Court left open, however, the possibility that a supervisor’s statement guaranteeing the privacy of an employee’s communications, even if contrary to the company policy, may create an expectation of privacy in the communications by the employee. The court also noted the difference between an employer’s review of workplace communications vs. personal communications. Specifically, the Court observed that an audit of messages on an employer-provided device was not nearly as intrusive as a search of an employee’s personal email account or pager would have been.
Lower courts likely will look to the Supreme Court’s views on employee privacy in considering privacy claims. Likewise, employers should consider the Court’s discussion of employee privacy in developing and implementing employee monitoring policies. The key lessons for private employers from Quon are to (i) have a communications policy that is clear and comprehensive in scope and clearly communicated to employees; (ii) train management to follow company policies and not contradict them; (iii) when conducting a review of communications that might be inconsistent with the company’s electronic communications policy, ensure that there is a legitimate business reason for the review and be cautions to review only what is necessary; (iv) stay abreast of changes in privacy laws and relevant court decisions.
New Jersey Supreme Court Upholds Privacy Claims in Stengart v. Loving Care Agency, Inc.
Private employers should pay equal if not greater attention to many state court cases that have dealt with the issue of employee privacy. Unlike Quon, these state court decisions (as well as federal court decisions that apply state law) are directly applicable to private employers. In arguably the most important state decision on employee privacy of 2010, the New Jersey Supreme Court ruled, on March 30, 2010, for the former employee on the employee’s claim that state’s common privacy law protected certain of the employee’s emails from review by her employer.
The New Jersey Supreme Court considered whether the former employee – Ms. Stengart – had a reasonable expectation of privacy in certain emails she exchanged with her attorney. The email exchange took place over Stengart's personal, web-based email account. Stengart, however, used her company-issued computer for the communications. Images of the emails were saved by the employer’s monitoring system, which retained every web page visited on the computer. In the course of subsequent litigation against Stengart, Loving Care – the former employer – retrieved Stengart’s communications with her attorney from the laptop and sought to use the emails in the litigation. Stengart argued that the employer could neither review the emails nor use them in the litigation because she had a reasonable expectation of privacy in the communications. The New Jersey Supreme Court agreed.
The Court found the company’s electronic communications policy to be ambiguous and interpreted the ambiguity against the employer. The policy stated that the company could review any matters on the company’s media systems and services at any time, and that all emails and communications were not to be considered personal or private to employees. The Court found the policy’s disclosure of employee monitoring insufficient because it did not inform employees that the company stored and could retrieve copies of employees’ private web-based emails. The Court also concluded that the policy failed to state expressly that the company would monitor the content of email communications made from employees’ personal email accounts when they were viewed on company-issued computers. The Court held that Stengart had a subjective expectation of privacy in communications she sent using her personal web-based email account, and that the company’s ambiguous boilerplate electronic communications policy did not quash Stengart’s expectation of privacy in the emails.
The Court acknowledged that employers may adopt and enforce lawful policies relating to computer use to protect the assets and productivity of a business. The Court held, however, that an employer may not read the contents of an employee's attorney-client communications sent or received using personal web-based email. The Court held that a policy that allows the employer to review such communications is unenforceable.
Although the decision dealt with attorney-client communications, it also has implications for any personal emails (such as communications regarding health or financial issues) employees send over private web-based email accounts. For example, the court noted that employers that record and review screen shots on workplace computers will need to provide employees with a detailed, specific notice of such monitoring to the extent the screen shots also record emails employees send or receive via private web-based accounts. The Court also cautioned that a policy that permits “occasional personal use” of workplace email systems may create an expectation of privacy by employees with respect to personal emails they send or receive via company email.
NLRB Alleges Firing an Employee for Facebook Comments Violates Federal Law
On November 8, 2010, the National Labor Relations Board (NLRB) filed an administrative complaint against an employer, alleging that the company violated an employee's federal rights by firing her for criticizing her manager on her Facebook page. The NLRB took the position that employees have a right to criticize their employers, management or working conditions, and cannot be punished for engaging in such protected activity. The terminated employee was a union member, but the NLRB asserted that the right to criticize is equally applicable to nonunion employees because it is an extension of the federal right to discuss unionization and form unions.
Employers should consider the NLRB complaint carefully in reviewing their policies regulating social media use and behavior outside of the workplace. In this case, the employer's policy was rather extreme; it barred employees from depicting the company “in any way” on Facebook or other social media sites where the employees posted their pictures, or from making disparaging or discriminatory comments when discussing the employer or management. The NLRB action does not mean that the right to talk about employers on the web or outside of work is absolute. For example, if an employee lashes out against a supervisor, but is not communicating with employees in doing so, the activity may not be protected (in this case, other employees participated in the Facebook discussion of the former employee’s manager). In addition, making false, defamatory statements about the employer or disparaging remarks unrelated to work (for example, about a supervisor's family or personal life) is likely not protected by federal law.
States and Federal Regulators Push to Restrict Use of Credit Reports for Employment Purposes
The drive to limit the use of credit reports for employment purposes is in large part a reaction to the damage the continuing economic downturn has inflicted on individuals’ credit histories, creating a barrier to the individuals’ ability to reenter the workforce.
In 2010, Illinois and Oregon enacted legislation that limits the use of credit reports for employment purposes. Similar laws are in place in Hawaii and Washington and are being considered in Connecticut, Illinois, Maryland, Michigan, Missouri, New Jersey, New York, Ohio, Oklahoma, South Carolina, Vermont and Wisconsin. In addition, the federal Equal Employment Opportunity Commission (EEOC) filed an unusual action accusing an employer of discriminating against black job applicants in the hiring process on the basis of using the applicants’ credit histories.
The Illinois law, the Employee Credit Privacy Act, became effective January 1, 2011. The Act makes it illegal for employers to discriminate against job applicants on the basis of their credit histories and outlaws inquiries about applicants’ and employees’ credit histories. The law permits employers to conduct background investigations that do not include a credit history or report. In addition, the Act allows employers to obtain and consider credit reports in connection with jobs that involve (i) bonding or security under state or federal law; (ii) custody of, or unsupervised access to, $2,500 or more in cash or marketable assets; (iii) signatory power over businesses assets of $100 or more per transaction; (iv) management and control of the business; or (v) access to personal, financial or confidential information, trade secrets, or state or national security information. The law includes a private right of action, including the right to sue for injunctive relief and obtain attorneys’ fees.
The Oregon law came into effect on July 1, 2010. With certain exceptions, the law prohibits Oregon employers from using credit history in making hiring decisions or any decision affecting current employees. The law exempts from the prohibition federally-insured banks and credit unions, businesses required by law to consider employee credit history, and police and other public employers when hiring for law enforcement or airport security positions. In addition, the law permits employers to conduct credit checks for “substantially job-related reasons” provided the reasons are disclosed to the employee in writing. The Oregon law gives individuals the right to file an administrative complaint or a private lawsuit, and allows the recovery of attorneys’ fees.
While there is no federal prohibition against the use of credit reports for employment purposes, it appears that federal regulators may be seeking to curtail the practice. Specifically, in December 2010, the Equal Employment Opportunity Commission sued an employer in connection with use of credit reports in the hiring process. The EEOC alleged that the company used the reports in a way that discriminated against black job applicants. Emphasizing the broader reasons for the suit, the EEOC signaled that it believes that employers are denying jobs to applicants with damaged credit histories in cases where creditworthiness does not appear to be directly relevant to the job. The EEOC noted that credit histories are not complied to evaluate responsibility, are often inaccurate, and may not be a good indicator of an individual's qualifications for a particular job. In the suit, the EEOC alleged that rejecting applicants based on credit histories had a significant disparate impact on black applicants. In addition to other relief, the EEOC is seeking a permanent injunction to stop the employer’s use of credit histories in hiring and other employment decisions.
Additional Information Regarding Workplace Privacy Issues
For more information about privacy issues in the workplace, please join us for a webinar on January 27, 2011. The webinar, offered through Park Avenue Presentations, will focus on workplace privacy in the U.S. and Europe. Please email firstname.lastname@example.org for registration details.