• Key point 4-04. Many states recognize “invasion of privacy” as a basis for liability. Invasion of privacy may consist of any one or more of the following: (1) public disclosure of private facts; (2) use of another person’s name or likeness; (3) placing someone in a “false light” in the public eye; or (4) intruding upon another’s seclusion.
* A federal appeals court ruled that an employee did not have an expectation of privacy in his workplace computer, and therefore the police did not act improperly in accessing the computer and finding evidence of child pornography. The FBI received a tip that an employee (Ted) of a local business had accessed child-pornographic websites from his workplace computer. The company agreed to cooperate with the FBI in its investigation. Company employees entered Ted’s office at 10 p.m. one evening, opened his computer’s outer casing and made two copies of the hard drive. Forensic examiners at the FBI discovered many images of child pornography on the hard drive. Ted was later charged with felony offenses pertaining to the possession and receipt of child pornography. Ted pleaded not guilty on the ground that the evidence that was being used against him was unlawfully obtained. The prosecutor insisted that an employee has no reasonable expectation of privacy in a workplace computer when the employee uses a computer paid for by the employer, Internet access is paid for by the employer, in an office where the employer pays the rent, and when the employer ‘has installed a firewall and a whole department of people whose job it was to monitor their employee’s Internet activity.’
The prosecutor conceded that Ted had a ‘subjective’ expectation of privacy in the computer-‘the use of a password on his computer and the lock on his private office door are sufficient evidence of such expectation.’ But, ‘his expectation of privacy in his workplace computer must also have been objectively reasonable.’ A federal district court concluded that this requirement was not met, and a federal appeals court agreed:
Though each computer required its employee to use an individual log-in, the employer had complete administrative access to anybody’s machine. It had also installed a firewall, which is a program that monitors Internet traffic from within the organization to make sure nobody is visiting any sites that might be unprofessional. Monitoring was therefore routine, and the employer reviewed the log created by the firewall on a regular basis, sometimes daily if Internet traffic was high enough to warrant it. Upon their hiring, employees were apprised of the company’s monitoring efforts through training and an employment manual, and they were told that the computers were company-owned and not to be used for activities of a personal nature. Ted, who has the burden of establishing a reasonable expectation of privacy, presented no evidence in contradiction of any of these practices. He does not assert that he was unaware of, or that he had not consented to, the Internet and computer policy.
The court noted that ‘other courts have scrutinized searches of workplace computers in both the public and private context, and they have consistently held that an employer’s policy of routine monitoring is among the factors that may preclude an objectively reasonable expectation of privacy.’
The court acknowledged that some courts had found a reasonable expectation of privacy in a workplace computer, but pointed out that in each of those cases the employer ‘failed to implement a policy limiting personal use of or the scope of privacy in the computers, or had no general practice of routinely conducting searches of the computers.’ The court concluded:
We are concerned in this case with the “community norm” within 21st Century computer-dependent businesses. In 2001, the 700,000 member American Management Association (AMA) reported that more than three-quarters of this country’s major firms monitor, record, and review employee communications and activities on the job, including their telephone calls, e-mails, Internet connections, and computer files. Companies that engage in these practices do so for several reasons, including legal compliance, legal liability, performance review, productivity measures, and security concerns. For these reasons, the use of computers in the employment context carries with it social norms that effectively diminish the employee’s reasonable expectation of privacy with regard to his use of his employer’s computers ….
Social norms suggest that employees are not entitled to privacy in the use of workplace computers, which belong to their employers and pose significant dangers in terms of diminished productivity and even employer liability …. The abuse of access to workplace computers is so common (workers being prone to use them as media of gossip, titillation, and other entertainment and distraction) that reserving a right of inspection is so far from being unreasonable that the failure to do so might well be thought irresponsible. Employer monitoring is largely an assumed practice, and thus we think a disseminated computer-use policy is entirely sufficient to defeat any expectation that an employee might nonetheless harbor.
Application. This case is significant for the following reasons:
1. The case arose in the investigation of a crime, and involved an interpretation of the Fourth Amendment’s ban on unreasonable searches and seizures. While not directly relevant to an ‘invasion of privacy’ allegation in a civil lawsuit, it is at least suggestive of how a court might respond to such claims. According to this court, there is no reasonable, objective expectation of privacy in a workplace computer that is owned by the employer if the employer has adopted a computer policy ‘that involved routine monitoring, a right of access by the employer, and a prohibition against private use of computers by employees.’
2. The court suggested that employees may have a reasonable expectation of privacy in a workplace computer if the employer ‘failed to implement a policy limiting personal use of or the scope of privacy in the computers, or had no general practice of routinely conducting searches of the computers.’
3. The court noted that an employee may have a legitimate expectation of privacy in his office, but it noted that no one conducted a generalized search of Ted’s entire office. Neither did anyone violate ‘some specific realm of privacy, such as a desk or file cabinet given over to Ted’s exclusive use” in which he kept private papers or effects. Rather, the employer ‘entered the office merely to gain access to the computer’s hard drive.’ Its policy entitled it to administrative access to the employees’ computers, and as such, the copying of the computer’s hard drive was an “operational reality of his workplace that diminished his legitimate privacy expectations.”
4. This case suggests that an employer’s inspection of computers it provides to employees will not necessarily constitute an ‘invasion of privacy.’ To minimize this risk, church leaders should adopt a computer use policy that authorizes the inspection and monitoring of computers as well as discipline or dismissal for unauthorized or inappropriate use. Such a policy should be consented to by all employees. It is not clear whether such a policy can apply to current employees unless they provide the church with something of value. This is a result of the basic principle of contract law that no contractual commitment is binding unless a party gives up something of value. This problem may be avoided by having current employees sign a written form (agreeing to the policy) at the time they receive a pay raise. This is an issue that should be addressed with a local attorney. The policy should be explained to all new employees at the time of hiring, and they should be required to sign a statement acknowledging that they understand and agree to the policy. United States v. Ziegler, 456 F.3d 1138 (9th Cir. 2006).
Copyright © 1994 – 2006 Christianity Today International.All rights reserved. This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is provided with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. Church Law & Tax Report, A publication of Christianity Today International, 465 Gundersen Drive, Carol Stream, IL 60188.