News Stay informed about the latest enterprise technology news and product updates.

Supreme Court hears 'sexting' case on employee privacy rights

The Supreme Court's decision in a "sexting" case involving a police officer and a pager could broadly affect employee privacy rights -- or not. Either way, the message for CIOs is clear.

Can a California SWAT team officer reasonably expect that personal text messages transmitted over an employer-owned pager remain private in the face of a written policy that says otherwise? How about if the officer pays for the service charges on those personal messages? Or if his manager has permitted personal text messages in the past? What if some of those personal messages are sexually explicit, and involve a wife and mistress not beholden to the employer's computer use policy?

More privacy resources
'Sexting' case should prompt review of employee privacy policy

U.S., EU personal data protection laws make e-discovery risky

 A closely watched "sexting" case before the U.S. Supreme Court could be a platform for sorting out employee digital privacy rights in an era when boundaries between work and personal lives are blurring. In a hearing of the case this week, the court did not seem inclined to take a broad view of the matter, but legal and privacy experts said that does not diminish the message the case sends to CIOs, or any company whose employees communicate digitally: the need for a consistent employee privacy policy that is consistently communicated.

The case of City of Ontario v Quon examines whether the police department in Ontario, California, violated the Fourth Amendment rights of a SWAT team member when it read his racy text messages, without asking his consent, in a quest to determine whether SWAT team members were using their pagers too much for personal use.

A lower court of appeals found that Sgt. Jeff Quon had a "reasonable expectation of privacy" for those text messages -- despite the city's stated computer use policy prohibiting the use of Internet and email services for personal use -- because a lieutenant in the department had told SWAT members they could use their pagers for personal messages provided they personally paid for any charges that exceeded their monthly allowance. In the lower court ruling, the "operational reality" trumped the city's written computer policy. The city was found guilty of violating Quon's privacy. (For a history of the case, see, "Sexting' case should prompt review of employee privacy policy".)

During Monday's session, the Supreme Court appeared to side with the city, according to a transcript of the oral argument. In the view of some legal experts, it also seemed inclined to steer clear of making any far-reaching statements on employee privacy rights. They noted that the court's most probing questions were less concerned with whether Quon had a "reasonable expectation of privacy" than whether the city's process for reviewing the text messages was proper or excessively intrusive.

"Under persistent questioning from Justices Breyer and Sottomayor, Quon's counsel struggled to identify a less intrusive means for the City to achieve this indisputably legitimate purpose than the City's reading all of Quon's text messages," wrote Philip Gordon, an attorney at San Francisco-based employment rights law firm Littler Mendelson PC, in his blog. Gordon predicted the Supreme Court could resolve the case on the city's process for reading the texts and "not even address whether Quon's privacy expectation was reasonable."

Gordon and others observed that Chief Justice John Roberts seemed most sympathetic to Quon's expectation of privacy, noting that the city could have allowed officers to redact messages they paid for and still got an accurate picture of text message usage. The court is expected to make a decision on the case by the end of its term in June.

Garry G. Mathiason, a founder at Littler Mendelson who oversees the firm's corporate compliance practice, said he expects the court ruling to focus narrowly on the facts of the case. "The likely message on Quon is that if the employer makes it clear that texting is covered by its electronic resources policy (like email), eliminating any expectation of privacy, such communications will not be private, assuming they reside on the company server or on a general server (part of a cloud computing network) with the company paying for access."

Employers must make
sure the policy is well understood, agreed upon and enforced in a consistent manner.

Jonathan Penn
analystForrester Research Inc.

 If, however, the court does decide to tackle broader employee privacy issues, then, "we would all be quoting [it] for years," said Christine Lyon, a privacy and employment law attorney at the Palo Alto office of Morrison & Foerster LLP. Lyon has tracked the case since its inception for her California clients.

A boarder ruling, whether in favor of the city or against it, would be "very helpful" to employers in sorting out employee privacy rights in the workplace, said Lyon. But whatever ruling is handed down, she and other privacy and legal experts interviewed yesterday agreed that employers should pay mind.

"What happened here is that the police department had a very good written policy telling employees that, 'We monitor your messages and you shouldn't have an expectation of privacy.' They did what most employers think they should do. But then the policy was potentially undermined by a manager," Lyon said. Companies must make sure the policy is communicated clearly and consistently to employees.

Forrester Research Inc. analyst Jonathan Penn, who covers security at the Cambridge, Mass.-based consultancy, agreed that it is not enough for companies to rely on a written policy. "Employers must make sure the policy is well understood, agreed upon and enforced in a consistent manner," he said. But, he added, he expects employee privacy policies will become more nuanced as the use of technology continues to obliterate the boundaries between work and personal life.


Let us know what you think about the story; email Linda Tucci, Senior News Writer.

Dig Deeper on Risk management and compliance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.