Delaware Employment Law Blog

In Quon v. City of Ontario, the 9th Circuit held that a California police department’s review of an officer’s text messages was an invasion of the officer’s right to privacy. In a unanimous ruling issued yesterday, the U.S. Supreme Court overturned the Quon decision and ruled that the police department’s review of the provocative text messages sent by the officer to his wife and to his mistress from his employer-issued pager, did not constitute an invasion of the officer’s privacy. (Link to the full opinion in City of Ontario v. Quon).

For employers, the key component of the decision is the Court’s focus on the fact that the police department-employer’s review of the messages comported with its policy and was conducted for a legitimate business reason. The department’s policy provided that messages would not be reviewed unless the employee went over the allotted monthly usage. In Quon, the officer had exceeded the monthly limit and the department reviewed the messages to determine whether the overages were work-related. Officers were responsible for costs incurred for non-work-related messages if they went over the monthly limit.

The 9th Circuit ruled that this review constituted an unreasonable search and seizure in violation of the Fourth Amendment. That decision was based largely on the fact that the officer’s supervisor had told the officer that messages were never reviewed by the department. The federal appellate court found that, because he’d been permitted to use the pager for both personal and work-related use, the officer had a reasonable expectation of privacy in those communications.

This important decision is the Supreme Court’s first in the area of an employer’s right to monitor the electronic communications of its employees sent and received during working time or with work-issued devices.

The decision was not a free-for-all pass for employers who want to review employees' electronic messages. The Supreme Court warned employers of the possibility that an expectation of privacy may exist in certain circumstances. Interestingly, the Court noted that the expectation of privacy may exist due to to the pervasiveness of electronic communications. Justice Kennedy, writing for the Court, explained that “cellphone and text message communications are so pervasive that some persons may consider them to be essential means or necessary instruments for self-expression, even self-identification.”

But the Court also recognized that the pervasiveness of cellphones and other electronic-communication devices, has also driven down the cost of such devices, making them “generally affordable.” The low cost of electronic-communication devices, the Court found, supports the argument that there is a very low or no expectation of privacy because an employee who needs a cellphone for personal use can buy one and avoid having to use the work-issued device for anything other than work-related communications.

The decision is a critical one for employers who want to ensure employee compliance with company rules and policies without violating the employee’s privacy rights and, in turn, exposing the organization to legal liability. The Quon opinion has two key components for employers:

1. Any workplace monitoring must comply with the employer’s policy—if you don’t have a clear policy, now is the time to get one; and

2. A search of electronic communications should not go beyond what is necessary to accomplish the legitimate business purpose behind the policy—use the least intrusive means possible to make the determination at issue.

Electronic monitoring is a very hot topic in employment law these days. But what about other types of electronic monitoring by employers?  A case filed in the U.S. District Court for the Eastern District of Pennsylvania alleges a much more unusual sort of electronic monitoring.  The suit alleges that Lower Marion School District distributed over 1,800 laptops to its students.  So far, so good.

But, according to the Complaint (via Above the Law), the laptops were equipped with webcams. 

How could this not end badly?

The suit alleges that school administrators remotely activated the webcams.  One is alleged to have gone so far as to discipline a student for “improper behavior in his home."  Funny, I've never seen that one in a student code of conduct. It is also alleged that the District was also tracking all the students' online activity. 

Employers commonly provide employees with laptops for business-related use.  If your organization is one such employer, maybe consider skipping the upgrade to the models with webcams.

The line between work and home is hardly visible.  To describe it as “blurred” would be inaccurate. The reality (for most of us) is that the line can barely be seen and, for some, only fades into existence occasionally for short intervals.   And there seems to be little debate about the validity of this conclusion.  The debate begins only when the question is asked whether this reality is a positive or negative one.

For most, I believe it’s perceived negatively. At least it sounds that way when I hear it discussed.  Because what normally follows is the argument that, because of the “blurred” line between work and home, a metaphor most commonly described with a  visual of a worker whose Blackberry must be surgically removed from his hand, employers must permit employees a bit of “leeway” in their electronic follies.  For example, the story goes, because employees may be expected to respond to a client emergency after normal business hours, they should be permitted to do some online shopping during the work day. Or, another story goes, because employees are working more hours than ever before, they have no choice but to do some online banking from their office.  The need to send personal e-mails, browse the malls of cyberspace, and update one’s Facebook status takes precedent over the need to [gasp] work.

Oh, hogwash.

I just cannot buy into this nonsense.  The argument that employees should retain some right of privacy in the e-mails that they send from the account provided to them by their employers, using the computers purchased, maintained, and serviced by their employers, on a network owned by their employers, using bandwith that their employers intended for use for work-related purposes, is a losing one to me.

Those who argue in favor of this alleged entitlement for online detours during the work day must forget that not all employees are exempt. In fact, most workers are non-exempt, meaning that they must be paid (by their employer) for all time worked in excess of 40 per week.  (More in some states, mind you.)  So , non-exempt employees who take short detours to e-Bay via the information superhighway during working time have one of only two impacts: either they are being paid for something they’re not actually doing—some might call that stealing, or they are getting paid time and a half for it because they need to stay late to get their work completed on time.  There’s also a third option: that the employee completes his or her work in a hurry or in a half-done manner to expedite his access to the Internet.

To me, none of these three is an acceptable solution. Has it really become acceptable to demand we be given the choice to not work while at work?  Maybe the manufacturing sector is the only one that hasn’t lost its collective mind by taking breaks of designated lengths at designated intervals but actually working during the rest of the work day.  Not so novel, really, but seemingly a rarity in the office environment.

Employees love social networking. Some employers also love social networking, especially in the context of recruiting, onboarding, and engagement efforts. But employers are not so crazy about the use of Web 2.0 tools by employees.  The question is often asked whether employers may lawfully access an employee's (or applicant's) social-networking page.  And the answer, as any lawyer worth his oats surely will tell you, is "it depends."

There are a number of different contexts in which this question can arise and each has a different response.  For example, in the hiring context, employers often want to conduct a DIY background check by Googling a candidate or searching for the candidate's Facebook profile.

I've already said plenty on this topic and won't rehash it here.  (See More Good Advice on Best Practices for Use of Social Networks for Employers, Free Podcast: Employers' Use of Facebook, MySpace, and Other Social Networking Sites).  But, generally speaking, this presents only minor (and avoidable) potential legal issues.   

A different context occurs when an employer wants to view a current employee's Facebook or MySpace page.  Add to that the situation where the employer doesn't want the employee to know about it's "investigation" or where the employer sees something it doesn't like and takes adverse action because of it, and you've got an entirely different set of circumstances and associated legal issues.

A recent case in the U.S. District Court in the District of New Jersey is the perfect "flare-gun" case--sending a poignant warning to employers considering similar actions.  In Pietrylo v. Hillstone Restaurant Group, a waiter at the employer's Houston's restaurant created a MySpace page and group.  The group was private--only those who were invited by its creator could access the site. The waiter, Pietrylo, gave access to co-workers, who could then read postings or create postings themselves.

Continue reading "Jury Verdict Against Employer Who Accessed Employee's MySpace Page" »

Employee theft, especially electronic theft, has been on the rise. Some blame falls on the state of the economy. Another explanation is the current state of technology.  Employees are more savvy with technology today than ever before.  And the workplace is more digital than ever before, so there’s more data where employees can find it. Once they find it, they know how to use it, remove it, or, in some cases, destroy it. 

Stories of employees’ theft and destruction of their employers’ data are scarily commonplace.  Usually, employers are left with little recourse. Although they can, of course, terminate the wrongdoer, this option doesn’t compensate the organization for the harm caused. Some employers have looked to the legal system and found the Computer Fraud Abuse Act (CFAA), hoping to find a civil remedy to employers whose computer system has been hacked by an employee.  Some courts have agreed with this interpretation, while others have not.  And some employers are left without recourse, especially those who don’t have the resources to detect the source of the breach.   

But wait!  There may be another answer!  The government!

No, really.  The government is here to help. I know, I know, when that investigator from the Department of Labor called, there was no mention of any gratuitous assistance, right? But really, there may be some hope.

There have recently been a few high-profile stories of “employees who hack” who are then investigated and prosecuted in criminal court.  Former Philadelphia news anchor, Larry Mendte, is the first such story that comes to mind. Mendte was convicted of computer crimes after the FBI discovered that he hacked into his co-anchor’s personal email accounts hundreds of times and leaked personal information about her to the media.  Mendte served time on house arrest and recently was released from the confines of his Main Line property and is free to carry out the terms of his probation from the Jersey Shore. 

Another, more recent story is a real-world example of an employer’s worst-case scenario. When LifeGift Center, a nonprofit organ and tissue donation center, terminated its IT director, she accessed the computer network remotely from home.  Once she gained access, she deleted organ-donation database records, invoice files, and database and accounting software.  Danielle Duann, 51, then disabled the computer logging functions on several LifeGift servers and erased the computer logs that recorded her remote access to cover her trail. LifeGift claimed more than $94,9000 in damages from the intrusion.

Enter the government!  The DOJ prosecuted Duann. She was indicted by a grand jury last summer and, in May, pleaded guilty to one count of causing damage to a protected computer. Earlier this month, she was sentenced to a two-year prison term, followed by three years of supervised release, and was ordered to pay the full amount of damages as restitution.

Read more posts on the topic of technology’s impact on the modern workforce.

Larry Mendte’s ankle bracelet came off yesterday. Mendte completed his six-month house arrest and is free to live out the rest of his two-and-a-half-year probation outside the confines of his Main Line home. The house arrest and probation constitute the sentence he received after pleading guilty to intentionally accessing the private e-mail account of his former co-anchor, Alycia Lane. 

Mendte was convicted under the Computer Fraud and Abuse Act (CFAA), which makes it unlawful to intentionally access a protected computer without authorization. In the last few years, employers have tried, with mixed results, to put this statute to work against employees who engage in cyber-sabotage.

In January 2009, for example, an employer filed suit under the CFAA against two former sales reps, alleging that the former employees had deleted information from their company laptops after resigning.[1] That case was dismissed, though, in a somewhat disappointing ruling from the District Court, which held that the intended purpose of the CFAA was limited to preventing and prosecuting computer hacking and did not extend to the misdeeds of former employees.

But in February 2009, another federal court declined to dismiss a claim under similar facts.[2] In that case, an employer sued former executives under the CFAA, alleging they’d e-mailed documents to their home computers when they were preparing to compete with the company.

So often, employers want to file a counter-claim in response to what they believe is a bogus suit filed for a former employee. The law rarely provides for this, though. For many employers and their legal counsel, the application of the CFAA to the wrongdoings of former employees is a developing area of the law with great potential.

[1] Lasco Foods, Inc. v. Hall & Shaw Sales, Marketing & Consulting, LLC, 600 F. Supp. 2d 1045 (E.D. Mo. 2009)

[2] Ervin & Ervin Smith Advertising v. Ervin, No. 8:08-459 (D. Neb. Feb. 3, 2009).

Teens outrank adults in the use of social networking sites by 30%.  But the popularity of social networking sites is not limited to teenagers.  Currently, one-third of adults in the U.S. have a profile at a site like MySpace or Facebook.  And this number is rising.  In fact, the number of adults who utilize these sites has quadrupled since 2005, according to the Pew Internet & American Life Project’s December 2008 tracking survey. 

See the full survey here:  

What are the consequences of this skyrocketing use?   They can only be imagined.  As we've posted about previously, employers are taking a hard line when they discover what they consider unacceptable conduct by employees.  With more and more adults spending time on sites like Facebook and its more "grown-up" cousin, LinkedIn, it seems inevitable that there will be more and more terminations resulting to online conduct.

Larry Mendte, former Philadelphia news anchor, was sentenced today in federal court after pleading guilty to reading the emails of his former co-anchor, Alycia Lane, and forwarding the information along to reporters, reports the Philadelphia Inquirer.   Mendte was sentenced to three years of probation, a $5,000 fine, and 250 hours of community service.

Mendte, who apologized for his conduct, admitted that he accessed Lane's personal email on more than 500 occasions.  He stated that he was motivated by a "flirtatious, unprofessional, and improper" relationship he'd had with Lane.  Lane was present in the courtroom but did not speak on her own behalf.

For the salacious details of this unusual workplace drama, see our earlier posts:

More Drama at the News Desk: Co-Anchor Suspected of Snooping Through E-Mails

Employee Embarrasses Employer, Who Fires Employee, Who Sues Employer

Prying Eyes: What is "Private" Becomes Even Fuzzier for Employees Who Snoop

ABA Journal Takes Note of Our Newsworthy News Anchors

TV News Anchors' Soap Opera Has the Makings of a Made-for-TV Drama

The Mendte-Lane Saga Concludes With a Guilty Plea and a Lawsuit

And what, if anything, can be learned from this latest chapter? Here's what I would offer as the Lessons to Be Learned from the Love-Hate Saga of Larry Mendte and Alycia Lane:

1. Anti-fraternization policies may get some good publicity from this case.  The "flirtatious" relationship between the two co-anchors seems to be, according to Mendte, what sparked his bizarre conduct.
2. Be careful not to disregard the claims of the co-anchor who cried wolf.  Despite Lane's prior allegations regarding Mendte's alleged snooping, her employer was not inclined to believe her, probably because she'd previously volunteered for the spotlight by appearing on the Dr. Phil show, and other unusually public conduct.  This goes to show that, when receiving a complaint from an employee, not to carry our own biases and preconceived beliefs into the investigation.  Go figure--she might actually be telling the truth!
3. Privacy is a big deal.  It's a big enough deal that his violation of it landed a very popular local public figure into very hot legal water.  As Mendte is reported to have opined during his sentencing hearing: "When I look back on the story of my life, I can't believe it brought me to this moment. I am ashamed."

Stories of technology's effects on employees are everywhere.  Employees are using technology to espouse negative views about their employers.  Employers claim rights to their employees' e-mail accounts--both personal and private, even after the employee resigns, as well as employees' text messages made from the phone the employer provided.  The power of technology has again landed employees in the hot seat, which is likely warmer than the tanning beds they visited at the taxpayers' expense.

This time, technology has led to the arrest of more than 30 persons on the unemployment-insurance payroll.  The N.Y. Department of Labor tracked the allegedly fraudulent conduct with a new system that cross-checks the names reported by employers within the state as "new hires" against those on the unemployment list.  Clever, isn't it?

It gets better.  Once the Department generated a list of individuals whose name appeared on both lists, it was able to track the purchases of the unemployment recipients through a debit card that the state issues as part of its unemployment program.  And what were these "newly employed unemployment recipients purchasing with their state-issued debit cards?  Only the essentials, of course--subscriptions to dating websites, tanning salons, and lots of bar bills and restaurant charges.

Both of these new technology initiatives have produced a clear victory for citizens of New York, demonstrating additional benefits employers stand to gain from implementing effective technology measures. 

For a similar story on citizens' misuse of government money, see Workers’ Compensation Claims - A result of bad luck or bad leadership?

Attention, Employers.  Your Millennial workforce has an important message for you--one that you'll need to get loud and clear if you want to remain competitive in attracting the massive wave of talent currently graduating from college.  So what's the message? 

Well, what's important is not so much the message, really, but how they're going to be communicating it.  The message is going to be coming through via
Wikis, Blogs, and Social Networking sites.  Instant Messaging and Text Messaging will also be the way your future workforce will communicate its needs and demands through the chain of command.  And those employers who aren't equipped to deal with this change to its infrastructure will be left behind.   

The reality is, today's newest employees, known as "Generation Y", are known for their need for speed--on the information highway.  They're about as comfortable as one can get with the idea of technology.  They embrace--instead of reject--the idea of rapid technology changes.  In fact, technology is such an integral part of the daily lives of Millennials that you shouldn't be surprised when you start to get questions about your organization's technology from recruits.

As reported in PC World, Gen Y employees have a laundry list of technology-related demands that must be met in order to have some chance at job satisfaction.  Employers who don't offer virtual learning, internal social networks, or are unwilling to spend the money and time needed to get these essentials will be unable to recruit and retain the best and the brightest young employees

Training is directly connected to employee retention.  Many employees view adequate training as an essential element of a satisfying workplace.  Gen Y sees continuing training as particularly important.  This could be, in part, because of the high priority the Millenial Generation places on making a valuable contribution to the workplace.  And it could be because the average Generation Y employee stays at a job for just 2 years, making continued learning even more important to keeping their skills sharp. 

But how Gen Y defines training is as different as the high value they assign to its importance.  The most recent generation to join the workforce demands access to "knowledge in chunks."  Given their familiarity with YouTube, podcasts, and online tutorials, Gen Y is used to jumping online and having immediate access to on-demand learning whenever it is convenient for them. 

Their older coworkers, on the other hand, are more likely to turn towards the traditional paper manual.  They are also more comfortable with classroom training and will request reimbursement for academic tuition fees-not the cable internet bill.

The same casual approach that characterizes Generation Y's workplace attire carries over to their approach to knowledge sharing.  They are not shy and have no qualms about asking their more knowledgeable coworkers for the answer they need.  And, given that casual attitude, they're more likely to just "holler across the cubicle walls" to a colleague.  Boomers, who have spent a career in a much more formal and structured workplace, are less than comfortable with this casual interaction.

So what's the lesson for employers?  For one, if you haven't already adapted a training and learning approach that fits the Gen Y model, get moving!  Your best Gen Ys may already be "googling" their next career opportunity!!

Ah, the poetic insolence of the bitter employee.  We all know the song by heart.  Sarcastic and   , they lie in wait for their next prey.  All employees are potential targets.  No one is immune from being swallowed whole, the sole of a well-polished Johnston & Murphy shoe the last image of what was once a pleasant co-worker.  Gulp.  

It could be the always-chipper Janet from Food Service--what's she got to be so happy about, anyway?  Or maybe Chad the Summer Intern, in his daily uniform of light-colored khaki pants, light blue, long-sleeved shirt, cuffs rolled, of course, and one of the four ties he's currently got in rotation.  Chad is powerless, really, and too concerned with making a stellar impression to sound like a whiner if he were to complain about the snide, jabbing comments of the bitter employee.  You know who they are. 

And so do they.  Just ask The Angry Receptionist.  She's working very hard--though not at her job duties.  Instead, she has blogged her way to the top of the disengaged-employee list by branding herself as the champion of bitter employees everywhere.  In her words:

I'm a receptionist at a mid-sized corporate office. When I first started here, I was very nice. It took about a week for everyone to try to take advantage of my good will in every awful way possible.
I'm not nice anymore.

And she's good at what she does.  Her blog has attracted lots of attention in the blogosphere. She is fully committed to her efforts, too.  In fact, she has all of the qualities of a potentially outstanding employee.  Except that she holds her cards too long.  If the workplace is as dreadful as she describes, why is she there?  You've gotta' know when to fold 'em, you know? 

For more on the impact of employees blogging at work or about work, see Blogs In the Workplace

Employees' privacy rights.  They're everywhere.  Lately, they've been in the KYW-3 TV Newsroom.  Two former Philadelphia co-anchors have put e-mail privacy in the spotlight.  Larry Mendte, who is accused of reading and leaking Alycia Lane's private e-mail account, was fired today.  His termination comes in the middle of a federal investigation, which involved a raid of Mendte's home and office and the removal of "computer equipment," and follows just days after Lane filed her long-threatened suit against their shared former employer.

This scandal is a big deal in the Philadelphia local news.  And perhaps that has something to do with the fact that Lane had lost her sugary-sweet charm after the third or fourth scandal.  Or maybe it's because Philly is known equally just as much for relentlessly jeering unpopular sports figures as it is for brotherly love.  But maybe it's because this is a story that so many people already know.  They've lived it themselves.

Mendte is suspected of accessing Lane's account "possibly hundreds of times" and then leaking the information to their boss, the news station, or the press.

So what happens to Mendte if it's later found out that he did secretly sabotage his former partner at the news desk?  Not much.  Mendte isn't a supervisor so, unless the station is found to have known about the snooping or somehow endorsing it, the station will not be held responsible for the acts of Mendte.  Obviously, losing his long-time job, where he spent many years enjoying the favor of Philadelphians, is a big deal and probably one of the most severe consequences he could face.

And Lane could certainly sue Mendte, as well as the station.  It's unlikely that she will, though, given the low value of any possible recovery for privacy claims brought against an individual, as opposed to an employer.

But the real question is not who will be victorious in the media or in the courtroom.  The real question is whether your organization faces similar risks to the potential espionage of trade secrets and confidential information or to a Jerks-at-Work campaign where a bully secretly accesses a target-coworkers' emails with bad intentions.

What safeguards do you have in place to automatically monitor technology use of company computers?

What policies do you utilize to ensure employees' data is protected with regular password changes and by communicating that an employee who shares her password with another may be subject to serious discipline?

What about the specifics of what an employee may and may not take from the workplace, which includes sending it out of the organization and into the world wide web?  Have you expressly told employees about the consequences of such action?  Do you know what the consequences are?

Take the Mendte-Lane debacle as a cue for you to review your policies, practices, and how those messages are communicated to employees.

Michael Klein and John Shiffman at the Philadelphia Inquirer, have more on this story.

Prior Related Posts:

More Drama at the News Desk

Employee Embarrasses Employer, Who Fires Employee, Who Sues Employer

What do News Anchors, Sports Figures, and Corporate Executives Have in Common? Employment Agreements and Risk-Avoidance Clauses

Bad Boys, Bad Boys, Whatcha' Gonna Do . . . When They Work for You?

Employee-privacy advocates are not in favor of biometrics in the workplace. But many employers do not share the concern. Biometrics are being used in workplaces across the country for purposes ranging from security to timekeeping and attendance.

What are Biometrics?

You may not know it, but you have probably seen biometrics in use numerous times. Catch any modern spy movie and there is sure to be a scene where the main character accesses the inevitable Restricted Area using the fingerprint of a dead man via a "borrowed" digit. Or maybe the triple-secret bank vault can be opened only via a a retina scan of the bank's Very Important President. You get the idea.

Biometrics run the gamut from simple to NASA-level technology. Biometrics on the most basic level could include simple ID badges with the employee's mug-shot style photograph. Signatures are even included in biometrics that are used as a security measure. Today, employers utilize password-management systems that require employees to regularly change their personal passwords in order to access the company's network.

The term "biometrics" refers to a method of authenticating the identity of an individual using enduring physical or behavioural characteristics. Any system that utilizes biometrics relies on the use of biometric identifiers. Also known as "BIs," biometric identifiers are select pieces of information that relay an encrypted picture of some unique feature of the person's biological makeup. Common BIs include fingerprints, retinal scans and voice scans.

Other identifiers that have been suggested and used include: hands, feet, faces, ears, teeth, veins, voices, signatures, typing styles (keystroke), gaits and odors.

How Effective Are Biometrics?

In the employment context, biometrics are used as an authentication tool. The BI is compared to the authenticated BI, which is stored in a database. Used this way, biometrics offer a nearly infallible security system. Unlike traditional security measures, like passwords or security badges, biometrics cannot be shared, lost, forgotten, stolen, or recreated.

But there are security risks for the user. For example, the authenticating, or original, data must be kept as secure as possible, which usually means not being sent wirelessly. And, if it is sent across a network, encryption should be at a maximum. As a compromise, systems often provide for a larger margin of error. And, unlike passwords and security questions, biometrics cannot be changed or revoked when the employment relationship ends.

What Else Could Go Wrong?

Well, lots, actually. Unauthorized access to highly sensitive personal information raises very legitimate concerns about identity theft--a problem that already has employers on high alert for potential liability. And, without any regulatory system in place, what about the potential privacy implications? Surely, employees will want to know what other information can be obtained should the wrong person have access to the database.