Cyber-liability: Importance and complexity
When the U.S. Supreme Court agreed to take the case of a California police officer who sent sexually explicit text messages on a department-issued pager, news reports underscored the potential impact on private employers. Whether this case will lead to a new “blueprint” for privacy rules in the American workplace is uncertain at best, but it does point to the rising prominence of cyber-liability in our Twittering, Facebooking, iPhone-enabled age, said attorney Joseph P. Paranac, Jr., a member of LeClairRyan’s Labor & Employment team.
“In its first major case on cyber-liability, the Supreme Court is striding into uncharted territory,” noted the Newark-based attorney. “But it is important to emphasize that this case, in which a police chief acquired and read transcripts of texts sent by his officers, involves a public employer. This was a state action. That means it is covered under Fourth Amendment protections against unreasonable searches and seizures. Public employees have a greater expectation of privacy than their private-sector counterparts.”
The Supreme Court will hear the case, Ontario v. Quon, this spring. At issue is whether the police chief in Ontario, violated the privacy rights of SWAT team member Jeff Quon and three other officers by acquiring and reading records of their texts, many of which turned out to be sexually explicit. The chief, who shared the texts with city officials, had sought to find out whether the officers were reimbursing the department for all personal messages sent from their pagers. The officers sued, and a panel of the U.S. Court of Appeals for the Ninth Circuit ruled in their favor.
While the public nature of this case might limit its ultimate impact on private employers, Ontario v. Quon nonetheless touches upon unexplored questions that are at the heart of the rapidly evolving field of cyber-liability, Paranac said.
For more than a decade, lawyers have urged employers to adopt straightforward policies on how their employees use company-owned computers, pagers and other electronic devices. The City of Ontario Police Department did have such policies in place, and specifically warned employees that their communications were subject to monitoring. According to the Ninth Circuit’s ruling in the Quon case, however, the lieutenant in charge of monitoring pager use for the department had undermined this written policy by telling officers he would not read their texts.
“His informal policy, notwithstanding the official policy, was to go to the officers and ask them for a guesstimate of their personal pager use over and above the monthly content limit of 25,000 total characters,” Paranac noted. “According to the court decision, the supervisor would then ask the officers to reimburse the department based on those guesses.”
In the view of the Ninth Circuit panel, this mixed message was enough to create an expectation of privacy regarding personal texts. “Again and again, Labor & Employment attorneys have urged employers to adopt, clearly communicate and consistently enforce cyber-communications policies,” Paranac said. “This case illustrates precisely why.”
Indeed, the decision, which included a 10-page dissent, pointed to other cases in which government agencies, by adopting such straightforward and consistent approaches, were able to diminish their employees’ privacy expectations. “This was true despite the greater expectation of privacy generally afforded public employees,” Paranac noted.
As befits the complexity of cyber-liability, however, courts do appear to be demarcating some notable exceptions even to clearly enunciated Internet and electronic-communications policies. “For example, the case of Stengart v. Loving Care Agency Inc., which is headed for the New Jersey Supreme Court, centered on whether e-mails sent by an employee to her lawyer using a company-owned computer are protected by the attorney-client privilege and therefore off-limits from monitoring,” Paranac noted. “In that case, the plaintiff used her password-protected Yahoo account, not the company’s e-mail system, to communicate with her attorney about a planned lawsuit against the company.”
The nation’s highest courts might well carve out similar exceptions for other sensitive communications, such as doctor-patient e-mails sent with employer-owned equipment. “This puts employers in a quandary,” Paranac said. “The best they can do is to establish and enforce clear and consistent polices, because we are just at the beginning of a process in which the courts will likely shape the limits of those policies. Until that process is complete, employers and employees alike will have to operate within a kind of cyber-liability grey area.”
In its Quon ruling, meanwhile, the Ninth Circuit asserted that Arch Wireless, the pager provider that turned over the text transcripts to the police chief, violated the Stored Communications Act (SCA) of 1986 by doing so. The act stipulates that stored communications be released by third-parties only with the permission of the sender or receiver of the original message. “This act, which has largely been forgotten about and is rarely if ever cited in cyber-liability cases, was passed back in the prehistoric age, when it comes to Internet, e-mail and mobile devices,” Paranac explained. “If the SCA is resurrected as a result of the Quon case, there could be major liability implications for third-party communications companies like Verizon and AT&T. They will likely have to grapple with questions like, ‘Are we actually allowed to hand these texts or e-mails over to the employer?’ ”
In certain instances, IT specialists who work with third-party providers to facilitate access to employee communications might even be subject to liability under a newly resurrected SCA, Paranac noted. “I would not be surprised if Congress were to revisit the Stored Communications Act,” he said. “If you look at the iPhone and the whole universe of apps, many of which are GPS-enabled, it becomes clear that we are dealing with communications and devices that nobody even dreamed of in 1986.”
Much the same could be said of cyber-liability itself, the attorney added. “The wheels of justice turn slowly, and both courts and lawmakers are struggling to catch up to technology,” he said. “Technology, however, evolves at an ever-accelerating pace.”