The Bottom Line: Losing the Expectation of Privacy Bit by Bit, Byte by Byte

Losing the expectation of privacy bit by bit, byte by byte

By Mark Adams

Published in The Bottom Line, the State Bar of California’s law Practice Management and Technology Section, as well as Hospitality Net, Hotel Online and ehotelier.com.

Download a PDF of the article: Losing the expectation of privacy bit by bit, byte by byte

 

For a generation that has become exceedingly facile with electronic gadgetry and desensitized to the massive amounts of data this gadgetry produces, it perhaps comes as no surprise that video surveillance and on-line monitoring by employers of present and potential employees’ electronic profiles and fingerprints have become the norm.

Billions of emails are sent and received every day. Facebook has over 750 million active users, Twitter more than 75 million users, and YouTube boasts more than 24 hours of uploads every minute, every day, with over 2 billion viewers daily. Closed circuit digital video cameras are commonplace, from office security cameras to ATMs. All of this data can be available for review and analysis by friend or foe, including current and potential employers.

Social Media
Law firms now routinely vet their recruits through the Internet—not just before a formal offer is given, but before even taking an interview. Social media sites provide firms with the kind of information about candidates that was simply unavailable from any source just a few years ago. A firm can now easily get a glimpse of a candidate’s off-duty persona to help determine if there will be a good fit. For example, an Internet-chatty candidate may say some nasty things about his or her former firm that would never appear on a resume; perhaps express an ambivalence about the field of law; show an unhealthy appetite for engaging in high risk, dangerous activities; or flaunt an illicit, drug-friendly lifestyle. In short, the Internet may reveal a person who is far different than the well-dressed, firm-handshaking, smiling face that’s sitting in the lobby waiting for his or her interview. Absent the use of this Internet vetting process for the purpose of unlawful discrimination, at present, law firms are free to make such Internet investigations without any legal repercussions.

Unlike potential employers, current employers have always kept an eye on their employees, and rightly so, because employers suffer the cost of such behaviors as employee theft and various kinds of employee mishaps and indiscretions. Although social media provides current employers with that same window into their employees’ lives—a window voluntarily opened by employees when they post things on a social media site—the new age of electronics offers current employers even more insight. Current employers have access to their employees’ electronic cache. It is rare to find any lawyer without a firm-issued smartphone and computer. Usually the firm also assigns an email address and provides the Internet access. These give access to information and activities that are not volunteered by the employee. For example, an electronic file scan may catch an employee receiving and sending sexually explicit emails, creating a sexually hostile work environment, or disclosing privileged (and juicy) client communications via email to third party friends and family.

But there is a big difference between looking at something an employee voluntarily makes public and something obtained from the employee without their permission.

California courts have provided some guidance on what types of actions cross the line from appropriate supervision to invasion of an employee’s right to privacy. If the line is crossed, the employer risks a claim for invasion of privacy against an employer based on two separate legal theories, one grounded on the California Constitution, and the other based on a common law tort of invasion of privacy. Morphed together, the two types of privacy claims turn on the nature of the intrusion upon the reasonable expectations of privacy, and the offensiveness or seriousness of the intrusion, including any justifications. This leads to an inevitable balancing of interests, the outcome of which is often decided on a case-by-case basis.

Law firms must answer to the law just like any other employer. To protect themselves from meritorious claims, law firms should seek to diminish their employees’ expectations of privacy. This can be done by implementing and religiously following a “no expectation of privacy policy,” in which a written statement clearly expressing the policy is given to and acknowledged by all of the employees, from lawyers to entry level staff. This statement should also be clearly posted in any areas where videotaping is done. Such a policy typically states that the employer routinely, and without any further notice to the employee, will monitor computer use; read emails, texts and Twitter updates; listen to voicemails; and review hidden videotaped surveillance. But beyond the implementation and acknowledgement of such a policy, the facts in a particular case always carry ponderous weight on whether the employee has a reasonable expectation of privacy.

Emails
Regarding emails, the reasonable expectation of privacy can depend on whether the employee used a company computer, the company’s Internet service provider, a company-issued email address, and a secret password to transmit and receive their emails. In Holmes v. Petrovich Dev. Co. (2011) 191 Cal.App.4th 1047, the plaintiff sent emails to her attorney regarding a possible legal action against her employer. The employer obtained the emails from her computer: the plaintiff demanded them back claiming that they were attorney-client privileged communications, and sued the employer for invasion of privacy. The court held that the emails did not constitute “confidential communication between client and lawyer” within the meaning of Evidence Code section 952 because the plaintiff used the employer’s computer to send the emails despite the facts that she had been told of the company’s policy that its computers were to be used only for company business and that employees were prohibited from using them to send or receive personal email. She had been warned that the company would monitor its computers for compliance with this company policy and thus might “inspect all files and messages … at any time;” and she had been explicitly advised that employees using company computers to create or maintain personal information or messages “have no right of privacy with respect to that information or message.” The court stated:

When Holmes emailed her attorney, she did not use her home computer to which some unknown persons involved in the delivery, facilitation, or storage may have access. Had she done so, that would have been a privileged communication unless Holmes allowed others to have access to her emails and disclosed their content. Instead, she used the defendants’ computer, after being expressly advised this was a means that was not private and was accessible by Petrovich, the very person about whom Holmes contacted her lawyer and whom Holmes sued. This is akin to consulting her attorney in one of defendants’ conference rooms, in a loud voice, with the door open, yet unreasonably expecting that the conversation overheard by Petrovich would be privileged.

The Holmes court distinguished Stengart v. Loving Care Agency, Inc. (2010) 201 N.J. 300, 990 A.2d 650, 659, 663–664, in which that court found that the employee had a reasonable expectation of privacy in the use of a personal Web-based email account—even though accessed from the employer’s computer—where the use of such an account was not clearly covered by the company’s policy and the emails contained a standard hallmark warning that the communications were personal, confidential, attorney-client communications.

Video Surveillance
As to the covert videotaping of employees, the legality of this is anchored by two extremes: covert videotaping in open and accessible workplace areas, and videotaping in areas reserved for personal acts.

Videotaping in open and accessible workplace areas can be lawful. For example, the lobby and hallways of our firm electronically monitor the comings and goings of patrons and employees for security purposes. That is lawful. However, videotaping areas reserved for personal acts, such as employee restrooms, is unlawful. Indeed, there is little justification in any law firm, or any other company, that would override the right and expectation of privacy in such a personal area.

The outcome in situations that fall somewhere in between videotaping in open and accessible workplace ares, and videotaping in areas reserved for personal acts, are factually driven. For example, our computer server room, which is locked and accessible only by a few people in the firm, has electronic surveillance all the time. It is only actually monitored a few times a day, or when a high heat sensor, or a water intrusion alarm is triggered. This is a rational, reasonable intrusion. Even so, the eye of the camera can catch unintended images, and so the best practice is to always make a clear disclosure that electronic surveillance is taking place, even if the surveillance is for a rational, lawful purpose.

In Hernandez v. Hillsides Inc. (2009) 47 Cal.4th 272, the defendants operated a private, nonprofit residential facility for neglected and abused children, including the victims of sexual abuse. Plaintiffs were employees of the defendants. The plaintiffs shared an enclosed office and performed clerical work during daytime business hours. Their office had a door that could be locked, with blinds that could be drawn, and the plaintiffs could perform grooming or hygiene activities or conduct personal conversations, during the workday in that office. The director of the facility, learned that late at night, after the plaintiffs had left the premises, an unknown person had repeatedly used a computer in the plaintiffs’ office to access the Internet and view pornographic Web sites. Such use conflicted with company policy and with the defendants’ aim of providing a safe haven for the children.

Concerned that the culprit might be a staff member who worked with the children, and without notifying the plaintiffs, the defendants set up a hidden camera in the plaintiffs’ office. The camera could be made operable from a remote location, at any time of day or night, to permit either live viewing or videotaping of activities around the targeted workstation. It is undisputed that the camera was not operated for either of these purposes during business hours, and, as a consequence, the plaintiffs’ activities in the office were not viewed or recorded by means of the surveillance system. The defendants did not expect or intend to catch the plaintiffs on tape.

After discovering the hidden camera in their office, the plaintiffs sued the defendants, for, among other things, violation of their privacy rights under the California Constitution. The California Supreme Court reversed the Court of Appeal, and reinstituted the trial court’s order granting the defendants’ motion for summary judgment. The Supreme Court stated:

We appreciate plaintiffs’ dismay over the discovery of video equipment—small, blinking, and hot to the touch—that their employer had hidden among their personal effects in an office that was reasonably secluded from public access and view. Nothing we say here is meant to encourage such surveillance measures, particularly in the absence of adequate notice to persons within camera range that their actions may be viewed and taped.

Nevertheless, considering all the relevant circumstances, plaintiffs have not established, and cannot reasonably expect to establish, that the particular conduct of the defendants that is challenged in this case was highly offensive and constituted an egregious violation of prevailing social norms. We reach this conclusion from the standpoint of a reasonable person based on defendants’ vigorous efforts to avoid intruding on plaintiffs’ visual privacy altogether. Activation of the surveillance system was narrowly tailored in place, time, and scope, and was prompted by legitimate business concerns. Plaintiffs were not at risk of being monitored or recorded during regular work hours and were never actually caught on camera or videotape.

In Carter v. County of Los Angeles (C.D.Cal 2011), 770 F.Supp.2d 1042, a case involving government employees (who have greater expectations of privacy from their government employers), the employer received an anonymous complaint alleging that a plaintiff employee, had engaged in sexual activity with a visitor in the dispatch room while she was on duty at night. The employer then installed a hidden video camera in a fake smoke detector in the dispatch room, and set it to record continuously, every hour of every day. The camera recorded several incidences of the act. One of the plaintiffs discovered the hidden camera a few months after it was installed and she (and other employees) sued her employer for, among other things, violation of her privacy rights under the California Constitution. In assessing the reasonableness of the plaintiffs’ privacy expectations, the court noted that the dispatch room door remained closed during regular business hours, non-dispatcher employees would typically knock before entering, and no one could see into the dispatch room. Furthermore, after regular business hours, it was not uncommon for plaintiffs to work alone in the room. The court concluded that the plaintiffs had a reasonable expectation of privacy in the dispatch room.

In assessing whether the surveillance was a sufficiently serious intrusion as to constitute an egregious breach of social norms, the court noted that the plaintiffs were recorded while they unknowingly performed private acts, the surveillance was constant, and it continued even after the stated objective was complete. The defendant monitored all of the employees, not just the subject plaintiff. Finally, there were several less intrusive methods available to the defendants in investigating the allegations against the plaintiff employee, but the defendants did not utilize them. Thus, the court held that the defendants violated the plaintiffs’ right to privacy under the California Constitution.

The Bottom Line
Right to privacy cases turn on whether the employee had a reasonable expectation of privacy under the circumstances. The employer has to somewhat manage the risk of a claim of a violation of privacy and an adverse result by minimizing the employee’s reasonable expectation of privacy. The employer should disclose to the employee that the employee is being observed and monitored, and how that is being done.

Mark S. Adams focuses his practice on business litigation, including, contracts, products liability, corporate and partnership disputes, and hospitality litigation. He has wide-ranging trial experience in commercial disputes, including complex multi-party litigation and class actions. He has tried numerous cases in state courts, federal courts, and in domestic and international arbitrations. Mark’s trial wins have been covered by Forbes, Reuters, Life Science Weekly and other publications. He has obtained two of California’s annual 50 largest jury verdicts in the same year. Mark has taken or defended nearly 1,000 depositions throughout North America, Europe and the Middle East. He has been quoted as an expert on non-compete agreements in the Wall Street Journal.