Requires Free Membership to View
privacy policy could include and how it should be shared.
 |
||||
|
|
|||
|
||||
Some state constitutions, most notably California's, provide some online privacy rights in the private sector, but generally in the U.S., statutes and principles of the "common law" serve to protect privacy in the commercial context.
Prohibitions against monitoring employee email or other communications have historically focused on interception of messages, not retrieval from electronic storage. As Yaron Dori, an attorney who specializes in telecommunications and privacy law at Covington & Burling LLP, said, when it comes to an employee's expectation of privacy, there's "very little, especially if the employer has notified the employee they will be monitoring him or her. Even less if the employee has acknowledged or consented to such monitoring."
Another statute has relevance to online privacy. The Electronic Communications Privacy Act (ECPA), passed in 1986 as an amendment to the Wiretap Act of 1968, applies to both government employees and private citizens. The ECPA protects communications in storage as well as in transit. It specifically prohibits a third party from intercepting or disclosing communications without authorization.
The ECPA or its subsequent amendments does not specifically limit any monitoring of social media messaging. As Aaron Massey wrote at The Privacy Place last December in a post on the ECPA and personal health records systems, there are "two main exceptions of the original Wiretap Act, both of which were retained by the ECPA.
"The first exception allows interception when one of the parties has given prior consent. … The second exception allows interceptions if they are done in the ordinary course of business. This could mean that your data would be accessible by third parties such as an information technology vendor that maintains the software."
|
||||
|
|
|||
|
||||
As attorney Evan Brown pointed out on his blog, Internet Cases, recent court rulings suggest that the scope of the Electronic Communications Privacy Act may not be so narrow. The ECPA only prohibits monitoring of electronic communications if it is done "without authorization" or in a manner that exceeds the authorization given.
"The case instructs us that this court is not willing to read the definition of electronic communication as narrowly as the court did in Ropp," Brown writes. "No doubt there will be some interesting evidence produced in discovery that shows how the keystrokes were allegedly intercepted. But at least we know at this early stage in the litigation that the court will consider whether the transmission of electronic data within a system -- and not crossing state lines -- may still affect interstate commerce."
Part 3 of this series addresses what an online privacy policy could include and how it should be shared.
Let us know what you think about the story; email: Alexander B. Howard, Associate Editor, @reply to @digiphile on Twitter. Follow @ITCompliance for compliance news throughout the week.
Join the conversationComment
Share
Comments
Results
Contribute to the conversation