As traffic on the "information superhighway" continues to explode several substantive questions about the use and abuse of these information networks arises. One issue of primary concern is whether the current law provides adequate protection for the individual's right to privacy in the workplace from threats posed by computer technology, electronic eavesdropping, video and sound recording equipment, and databases filled with personal information. What are the ramifications for an employees' right to privacy in the workplace? Does an employer have the right to search an employee's computer files or review the employee's E-mail?
The Right to Privacy
The right to privacy plays a unique role in American law and society. Privacy, although not explicitly protected by the Constitution, is considered a core value by most Americans. It has also taken on multifarious meanings so that it no longer conveys one coherent concept. Privacy rights, guaranteeing an individual's right to a private life, find their authority in the Constitution, state constitutions, federal and state statutes, and tort law judicial decisions.
When the framers wrote the Constitution and the Bill of Rights they specifically addressed that day's most pressing privacy fears:
- that government would search one's home whenever it desired; and
- the quartering of troops in the home.
The framers, however, were unable to address future changes in technology and the myriad of privacy concerns that have evolved as new technologies permeated their way into our society. Therefore one must ask whether the law protecting the right to privacy has evolved with the new technologies to ensure the vitality of the Fourth Amendment.
The Supreme Court has broadly defined privacy as the right of the individual to control the dissemination of information about oneself. [See Griswold v Connecticut.] Privacy as guaranteed by the U.S. Constitution differs in two significant ways from privacy protected by tort law:
- the types of acts constituting an invasion of privacy are very different, and
- the type of protection provided to individuals - constitutional privacy protects against governmental intrusion while tort law primarily protects against invasion by private parties.
The Fourth Amendment privacy rights only apply in those situations where the government is the primary actor, however it encompasses government employees and some government contractors whose activities might be considered as state action. Twenty-four states, including Colorado, through state constitutional provisions or statutes protect the individuals' right to privacy. Some of these constitutional provisions or statutes have been held to create a civil claim for invasion of privacy by private parties, while others have not.
The U.S. Constitutional Framework
The Fourth Amendment provides "[t]he right of people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures ...." Restrictions imposed by the Fourth Amendment are effective against the federal government while the Fourteenth Amendment imposes these restrictions on state and local governments. The Fourth Amendment is not effective against private entities.
As a starting point it must be recognized that electronic monitoring did not fit the traditional definition of a search. This position changed when the Supreme Court held that electronic listening and recording of telephone conversations without a warrant constituted an unreasonable search and seizure that violated the Fourth Amendment. Subsequently, when determining whether an employee has an "expectation of privacy" the courts have employed the following tests:
- a subjective test which evaluates how an employee has attempted to protect his/her privacy;
- an objective test which evaluates the expectation of privacy an employee has in his office or desk considering security measures and surveillance of employees in the workplace; and
- a reasonableness standard which judges whether the inception and the scope of invasion of privacy is reasonable under the circumstances and thereby attempts to balance the government's need for supervision, control and an efficient workplace against the employee's expectation of privacy.
Court-made and statutory law have purported to protect a government employees' workplace privacy; however, the reality of case law is that the protection afforded to public employees for work-related search and seizure is minimal. The seminal case with regard to the "reasonableness standard," O'Connor v. Ortega, held that the reasonable standard applies to supervisory searches of public employees. Ortega stands for the proposition that if an employee has a "reasonable expectation of privacy" then one must analyze the reasonableness of the search under the circumstances, i.e., supervision, control and efficiency. Therefore, a public employee has a reasonable expectation of privacy, but it is a qualified one that is subject to the "operational realities" of the workplace. Although Ortega only focused on public employees the decision implied that private employees were not afforded protection.
Ortega further suggests that E-mail would be considered an employer tool that is used by employees for work-related communications. If this is the case, and the employer's interests outweigh those of the employee, and privacy interests are less in the workplace than in the home, it becomes highly likely that Ortega extends to E-mail with the probable result that E-mail will be precluded from privacy protection.
When analyzing the results of Ortega one needs to ask certain questions concerning future implications of this decision in the workplace such as:
- What is the impact upon employee efficiency?;
- Is the employer and employee placed in an adversarial position regarding the issue of "trust?";
- Will there be competitive disadvantages for the employer?; and
- What about employee dignity?
Subsequent decisions, such as Schowengerdt v. General Dynamics Corp. and Ontario v Quon and have followed Ortega and further weakened, and possibly practically eliminated, an employee's right to privacy in the computerized workplace. Schowengerdt held that the employee had a reasonable expectation to privacy in work areas of exclusive use to the employee, such as the employee's office, unless the employer had previously notified the employee that the employee's office was subject to a work-related search on a regular basis. The court concluded that despite the employee's reasonable expectation to privacy in his office that a warrantless search of the office was permissible when it was work-related and reasonable under the circumstances. Quon held that the City of Ontario did not violate the constitutional rights of an employee when the city received and reviewed transcripts of the employee's text messages on a city supplied pager. The Quon court did not over turn Ortega, but left a question as to the correct approach for determing an employee's reasonable expectation of privacy.
The federal government enacted the Electronic Communications Privacy Act of 1986 (ECPA)(18 U.S.C. 2510 - 22) because the Federal wiretap statute failed to provide sufficient protection for modern computer transmission technologies. The primary purpose of ECPA is to provide protection against unauthorized surveillance of electronic communications. ECPA protection extends to textual information and transmissions of private carriers. ECPA although not specifically providing privacy protection for E-mail systems - court decisions have focused on cellular phone transmissions - does provide protection from unauthorized users who break into the system, steal or manipulate information or damage the system. One difficulty with ECPA is that many commentators read the provider exception to exclude acts of private employers, however, there is nothing in the legislative history that indicates that Congress did not intend ECPA to apply to the situation where a private employer monitored an employee's E-mail transmissions. Congress in an attempt to close this gap introduced legislation in 1993, Privacy for Consumers and Workers Act, that while not banning electronic monitoring, attempted to protect employees by granting them the right to know, i.e., the employee must be given notice. However, the bill died in Congress and was not enacted.
The State Framework
Currently one might contend that the best place to find privacy protection for private employees E-mail is in respective state constitutions and statutes. The federal courts have stated that the states may enact greater privacy protection than that required by ECPA. Furthermore, state wiretapping and eavesdropping statutes can provide greater privacy protection than respective federal legislation. Today the right to privacy is recognized in almost all states by statute or common law decisions. Many states have enacted statutes that appear to protect privacy that encompasses technology similar to E-mail. A difficulty with state court privacy decisions is that they have traditionally favored the employer with the effect that employees have had minimal privacy in the workplace. These decisions have focused upon the employer's interest of assuring the work product and protecting against theft and fraud in the workplace. Therefore, one crucial policy decision that must be resolved is whether computer technology has so shifted the balance of control that new legislation is required to better protect an employee's right to privacy in the workplace. One possible starting point for this discussion is whether E-mail should be considered analogous to mail and telephone conversations.
Since many state constitutions are interpreted as providing greater privacy protection than the Constitution it would not be beyond the scope of the state's highest court to regard E-mail within the scope of a state's anti-wiretapping or eavesdropping statutes particularly where the legislative "intent" supports such a reading or where the state courts have implied such a reading.
The Tort Framework
It may be that the basic legal foundation for private sector employee privacy protection is the common law of torts, specifically privacy protection against the tort of "intrusion". The Restatement, Second of Torts §652A provides that "one who invades the right to privacy of another is subject to liability for the resulting harm to the interests of the other. The right to privacy is invaded by the unreasonable intrusion upon the seclusion of another[.]" The Restatement should encompass electronic communications since an "unreasonable intrusion" does not require that the intrusion be physical.
The framers of the Constitution could not address the myriad of privacy concerns that evolved as new technologies proliferated and became a part of an individual's everyday life at home and in the workplace. Computers and digital communication technologies present a serious challenge to our legislators, judges and legal system requiring them to react to these new developments while constantly balancing the individual's civil liberties and the needs of society. The court must continuously be vigilant in balancing the rights of the employee and the employer. This is especially necessary when a privacy cause of action involves new technologies and a claim by the employee that his privacy has been invaded by the employer. It becomes even more pressing when statutory or common law has not addressed the privacy issue with respect to the new technology or the old law does not clearly cover the issue of privacy that is at question. When this occurs, the court must decide whether the newly-created privacy issues may be brought within the scope of protection provided by existing privacy law.