A recent case out of the Federal Ninth Circuit Court of Appeals (Quon v. Arch Wireless Operating Company, et al. (208 DJDAR 9051, June 18, 2008)), has generated a good deal of news coverage. This case held that the plaintiffs (including officers employed by the Ontario Police Department) could hold a wireless service provider, a fellow officer, the City of Ontario and its police department liable for reviewing text messages exchanged over pagers provided to the officers by the department. While the media reports make the ruling sound as if it can be very expansive, a close reading of the case shows that it is consistent with prior case law, including rulings that have upheld the right of an employer to monitor internet activity and emails. Further, the case is instructive in demonstrating how employers can protect themselves with respect to such monitoring and how they can lose the protection if they are not careful.

It is important to understand the facts of the Quon case in order to understand its holding. It arose out of a situation where the Ontario Police Department provided certain officers with pagers. The department's contract with the service provider allowed for up to 25,000 characters of text messaging a month without additional charges. Some officers, including the plaintiff, Jeff Quon, exceeded that allowance on more than one occasion. The chief of police, concerned about the situation, caused a subordinate to go to the service provider (Arch Wireless Operating Company) and request copies of the messages that had been exchanged. It is unclear what the chief's primary motivation was, whether he thought the department might want a better plan, whether he was concerned about the amount of message units the officers were incurring, or whether he possibly was concerned that the officers were spending a good deal of their on-duty time sending text messages that were not related to work. In any event, Arch turned over the messages to the department, without a subpoena and without any notice to the users, believing that the department, as a "subscriber," had a right to those messages.

The messages did, in fact, contain many that were not business related, some of which were highly personal in nature, including explicit sexual messages, some of which passed between plaintiff Quon and his wife, Jerilyn, who was also a plaintiff.

The plaintiffs alleged that this conduct amounted to an improper and actionable invasion of their privacy. The defendants prevailed at the trial court, but lost on appeal. In the end, Arch was held liable for violation of the Stored Communications Act, a federal law. The liability of Arch turned on an interpretation of that law and whether Arch was an "electronic communication service" as compared to a "remote computing service." The case, in regard to Arch, is very industry specific. The main import of the case has to do with the remaining defendants (other than the chief of police, who was exonerated pursuant to the doctrine of qualified immunity) who were held responsible under the Fourth Amendment to the United States Constitution (guarding against unreasonable searches and seizures) and Article 1, Section 1, of the California Constitution, which recognizes certain rights, including privacy.

The defendants pointed out that the department had a written policy informing all employees that the use of the City's computers, software, networks, internet, email and other systems "operating on these computers" was to be limited to business related purposes. This policy, of which Quon was admittedly aware, informed employees that the City retained the right to monitor and log internet and email activity. Further, officer Quon and a fellow officer, Steve Trujillo (also a plaintiff), had signed an acknowledgment of this policy that further recited that users "should have no expectation of privacy or confidentiality when using these resources." Later, when the officers were given pagers, they were informed that the use of the pagers would be governed by the same policy as that governing the use of computers and email.

Up to this point, it would seem that the department's defense was strong. For example, a 2002 California Court of Appeal case, TBG Insurance Services Corp. v. Superior Court, 96 Cal.App.4th 443, found that an employee had no reasonable expectation of privacy in a company owned computer given to him for his use at home, even if he used it for personal purposes and other family members also used it, during non-working hours. The plaintiff had, as with Quon and Trujillo, signed a document acknowledging the company's policy of monitoring internet and email use, and, therefore, it was held that he had no reasonable expectation of privacy.

However, the evidence in Quon showed that a lieutenant within the Department, charged with the responsibility of monitoring the pager program, had repeatedly come to officers who exceeded the 25,000 characters per month limit (including Officer Quon) and asked them to pay for the overages. The lieutenant told them that if they didn't want to be audited as to the use of the pagers for personal as compared to business purposes, they should pay those overage charges. Quon and Trujillo repeatedly paid those extra charges. In considering whether there was a "reasonable expectation of privacy", the Court noted that this analysis "turns on the Department's policies regarding privacy in his [Quon's] text messages." The Court found that Quon reasonably relied on an "informal policy" allowing him to pay the overages and avoid an audit. This made Quon's professed reliance on this policy reasonable, thereby giving him a reasonable expectation of privacy. Thus, the Department's violation of that privacy made the conduct actionable.

In short, the Quon case is consistent with prior case law of upholding the right of employers to monitor internet and email activity conducted on company equipment when there is an acknowledged, written policy informing the employees that such monitoring that can take place and that the employee has no reasonable expectation of privacy. Because the case is consistent with prior analysis in this area, it is not the groundbreaking decision that some privacy advocates have been claiming it to be. The case, however, does point out that there can be potential for liability even when there is a written policy informing employees of the employer's right to monitor internet and email activity. In order to protect themselves, employers (unless they intend never to monitor internet or email activity) should, at a minimum, do the following:

1. Have a written internet/email policy, signed by the employee, spelling out the company's policy, whereby the employee acknowledges that he or she has no reasonable expectation of privacy with regard to the use of company computers.

2. If an employee is going to be given a pager, the policy should be made applicable to the pager as well.

3. The policy should recite that it cannot be changed by verbal statements, but only by a writing signed by an appropriate company representative.

Use of the practices described above will go a long way towards avoiding problems with respect to employee privacy and the use of company computers and pagers: Consequences for not taking adequate steps can be severe. It is important to recognize that the Quon case allowed not only three employees of the police department to proceed as plaintiffs, but also a non-employee (Jerilyn Quon) as well. Essentially, there is a potential for employers to be held accountable for violation of privacy rights of persons who they do not employ.

If you have any questions about the Quon case or any other issues in this area, please feel free to contact Ferdie Franklin or any other WFB&M attorney with whom you have an existing relationship.

Related Practice Areas: Employment Law Practice
Related Attorneys: Ferdie F. Franklin