No Question about Quon: U.S. Supreme Court Unanimous in Overturning Ninth Circuit

Posted on June 18, 2010 by Brendon Tavelli

On June 17, 2010, in a decision authored by Justice Anthony Kennedy, the U.S. Supreme Court unanimously overturned a decision by the U.S. Court of Appeals for the Ninth Circuit in a case involving an employee’s assertion that a government employer had violated the Fourth Amendment by unreasonably obtaining and reviewing personal text messages sent and received on employer-issued pagers.  Click here to read our Client Alert about this important decision.

In case you were wondering, we previously reported on the Ninth Circuit's decision, and denial of rehearing en banc, in Quon v. Arch Wireless here and here.

Tags: , , , , , , , ,

New Jersey's High Court Ruling Reaffirms Employer's Right To Monitor and Restrict Computer Use

Posted on April 5, 2010 by Brendon Tavelli

In a continuation of the Stengart v. Loving Care Agency case we wrote about here, the New Jersey Supreme Court ruled on March 30, 2010 that emails sent by an employee from a company laptop via a web-based email account (Yahoo!) to her attorney were protected from disclosure by the attorney-client privilege. In reaching this conclusion, the Court also ruled and provided insight on a far broader and more practical issue for employers -- namely, how to draft enforceable computer usage policies and/or make existing policies more effective.

Click here for more about this momentous decision and some practical tips about drafting sustainable computer usage policies from Proskauer’s Labor & Employment attorneys who submitted a “friend of the court” brief in the case on behalf of Employers Association of New Jersey.

Tags: , , , , ,

Why All the Fuss about Reading an Employee's Emails?

Posted on December 10, 2009 by Brendon Tavelli

Lately we've been writing a lot about employers, and their ability to read their employees' e-mails. From New Jersey, to Idaho, to France, this is a hot topic and we are following new developments in this area closely. To read Proskauer partner Katharine Parker's take on the issues, please take a look at her comments to the Wall Street Journal, published on November 19, 2009.

Tags: , , , ,

French Employers Can Open Files Located on a Company-Issued Computer Provided That They Are Not Clearly Identified As Personal

Posted on December 10, 2009 by Cecile Martin

By a decision of October 21, 2009 (n°07-43877), the French Supreme Court ruled that files created by an employee on a computer issued by his employer for work purposes were presumed professional unless the employee identified them clearly as personal. This being said, the Court concluded that the employer was entitled to open these files in the employee’s absence and without having informed the employee in advance.

In this case, the employee was suspected by his employer to have competed unfairly with the employer’s business. To investigate these suspicions, the employer requested a bailiff to seek evidence from the employee’s work computer. In order to prevent the employee from erasing the evidence, the employer did not alert the employee that his work computer would be examined.

During his examination of the computer, the bailiff noticed that the computer contained a folder titled with the employee’s initials and, within it, two sub-files, one titled “personal,” the other titled with the name of the employer’s competitor. The bailiff only opened the second sub-file, titled with the name of the competitor, where he found evidence that the employee had engaged in unfair competition against the employer.

Supported by an affidavit of the bailiff, the employee was terminated for gross fault, i.e., without any indemnity. Thereafter, the employee initiated a lawsuit against the employer for violation of his privacy.

The Court of appeals found that the bailiff should not have opened the folder titled with the employee’s initials without first informing the employee or without the employee being present.

Until this case, the case law was unclear on whether folders or files located on an employee’s work computer but titled with the employee’s name or initials would be afforded privacy protection under workplace privacy laws. However in this ruling, the French Supreme Court made clear that all files created by an employee on an employer’s computer belong to the employer unless they are expressly identified as personal. By adopting this position, the French Supreme Court was consistent with the French Data Protection Agency (CNIL) which, since 2002, has advised that employees should be cautious when using their work computers for personal purposes.

This decision is most helpful in that it clearly informed French companies of the privacy rules that apply to folders and files that employees store on their work computers. If the employee has clearly identified the files as personal, the employer has no choice but to either obtain the employee’s prior consent before opening the files, or to go before a Court to get a Court injunction allowing the employer to open the files.
Tags: , , , , ,

Expectation of Privacy in Student Computer Persists in the Absence of Announced Monitoring Policy

Posted on April 11, 2007 by
Last week, a panel of the Ninth Circuit Court of Appeals held that in the absence of an announced monitoring policy, the mere act of connecting a computer to a network does not extinguish a user’s reasonable expectation of privacy, under the Fourth Amendment, in the contents of his or her computer. The panel announced its holding in United States v. Jerome T. Heckenkamp, Nos. 05-10322 and 05-10323 (9th Cir. April 5, 2007), wherein it upheld the introduction of evidence obtained by University of Wisconsin employees through remote and direct access of a student computer attached to a university network. Although it recognized the defendant’s reasonable expectation of privacy, the panel upheld the lower court’s admission of evidence under the judicially-created “special needs” exception to the Fourth Amendment because the alleged hacking posed an immediate threat to the university network and the searches were not conducted for a law enforcement purpose.   

 Jerome Heckenkamp, a student at University of Wisconsin at Madison, was charged under 18 U.S.C. § 1030(b)(5), the Computer Fraud and Abuse Act, in connection with an alleged attempt to hack into protected systems at University of Wisconsin and Broadcom. At trial, Heckenkamp moved to suppress evidence obtained from two searches of his computer. The first search occurred after Broadcom security alerted the University that a University computer was being used in an attack on Broadcom. A University computer investigator, Jeffrey Savoy, identified the IP address of the offending computer, determined that it also posed an immediate threat to the University’s sensitive systems, and performed a remote search of Heckenkamp’s computer to confirm that it was the computer responsible. Later that day, Savoy suspected that Heckenkamp changed his computer’s IP address in an attempt to mask his activities. Notwithstanding the FBI’s recommendation that Savoy wait for a warrant before proceeding, Savoy, with the help of campus police, entered Heckenkamp’s room when the door was ajar and ran a series of commands that confirmed Heckenkamp was responsible for the attacks. Savoy justified the warrantless search on the grounds that the University’s systems could have been critically damaged and that Heckenkamp could gain access to confidential student files. Heckenkamp was a skilled computer programmer and was familiar with University systems; he had been fired from his position at the University computer help desk for attempting to access University systems without authorization.

Heckenkamp reaffirms the importance of establishing and distributing policies regarding the monitoring of computer use. The panel relied heavily on the fact that the University had no such announced policy, and in fact had assured students of data confidentiality:

A person’s reasonable expectation of privacy may be diminished in transmissions over the Internet or e-mail that have already arrived at the recipient. However, the mere act of accessing a network does not in itself extinguish privacy expectations, nor does the fact that others may have occasional access to the computer. However, privacy expectations may be reduced if the user is advised that information transmitted through the network is not confidential and that the systems administrators may monitor communications transmitted by the user. United States v. Angevine, 281 F.3d 1130, 1134 (10th Cir. 2002) [professor using university computer]; United States v. Simons, 206 F.3d 392, 398 (4th Cir. 2000) [federal employee using federal computer system].

In the instant case, there was no announced monitoring policy on the network. To the contrary, the university’s computer policy itself provides that ‘[i]n general, all computer and electronic files should be free from access by any but the authorized users of those files. Exceptions to this basic principle shall be kept to a minimum and made only where essential to . . . protect the integrity of the University and the rights and property of the State.’

 Heckenkamp at 3888 (citations and quotations omitted).       

The Ninth Circuit likely will have to clarify in future litigation the scope of reduced privacy expectations where users are advised of monitoring.

A copy of the Heckenkamp opinion is available here.   

Tags: , , , , , ,