In a ruling which could have significant implications for workplace privacy policies, a federal circuit court has ruled (PDF) that employees have a reasonable right to privacy for messages they receive that aren’t stored by the employer or someone the employer pays to store messages. To peer into such messages, companies would need a warrant or the employee’s permission—and that may set of a flurry of writing as company seek to update their privacy policies to grant themselves access to text messages and communications outside their physical control.
The decision comes from the rather complicated case of Quon vs. Arch Wireless, wherein Jeff Quon, a member of the Ontario, California, SWAT team (and some of the people he exchanged messages with) sued the city for accessing the contents of messages sent over a text messaging pager issued by the city. Employees were expected to pay for any charges running over the service plan’s character limits, and in an effort to determine whether the plan’s limit was too low, the city requested (and received) a copy of all messages send over the service. The city discovered many of Quon’s messages were both personal and of an adult nature.
The case centered on the Stored Communications Act, which defines both remote computer services and electronics communications services; Arch Wireless argued it was a remote computing service, and therefore wasn’t violating any privacy rights when it turned over communications to the city, who it considered to be the “subscriber” in this case. The circuit court disagreed, finding that an electronic communications service could also involve data processing more common to a remote computing service. Thus, the court considers a broad range of electronic communications to fall under the same privacy protections as letters and phone calls, where the recipient and dimensions of a message may be public knowledge, but the contents remain private.
If the ruling stands, enterprises, governments, and organizations are generally expected to revise their privacy policies such that employees must agree to surrender their privacy rights and grant access to any messages transmitted over employer-owned or employer-issued messaging systems.
