Archive for the ‘Privacy & Non-Disclosure’ Category
Inadvertent Waiver of Employer Computer, Internet and E-Mail Policies
Over the next few weeks, I will discuss recent, noteworthy legal developments that occurred prior to the launch of this blog. The first development pertains to the Ninth Circuit’s decision in Quon et al. v. Arch Wireless Operating Co. Inc. et al., 529 F.3d 892 (9th Cir. 2008), filed on June 18, 2008. [Decision]
In Quon, the City of Ontario had a Computer Usage, Internet and E-Mail Policy, which Quon acknowledged, and agreed to comply with, as part of his employment. However, the City failed to enforce the policy. In fact, the City acted contrary to the policy by allowing its employees to avoid audits of their cell phone usage so long as they reimbursed the City for overage charges, which Quon did.
When the City subsequently enforced the Policy, the plaintiffs sued the City, wireless provider and other defendants for invasion of privacy. The Court noted that the Policy may have been enforceable if the City had complied with it. However, the Court found that the plaintiffs enjoyed a reasonable expectation of privacy in their cell phone text messages – notwithstanding Quon’s prior agreement to the Computer Usage, Internet and E-Mail Policy – due to the City’s inconsistent and contrary conduct (the “operational reality”) with respect to that Policy.
This decision ultimately serves as a strong reminder that employers may inadvertently undermine their computer, Internet and e-mail policies by acting inconsistently with those policies. Employers should take special care not to do so, and emphasize such care to their supervisors and managers, especially given the importance of computer, Internet and e-mail data in discovering instances of employee misconduct.
Hacking and Violations of the Computer Fraud and Abuse Act
CNN posted an article yesterday concerning charges brought against a former TV anchor for accessing a colleague’s e-mail accounts and releasing details of her personal life. [Article] The charges arise from the Computer Fraud and Abuse Act (18 U.S.C. ยง 1030), which was passed in 1986 to address the hacking of computer systems.
While the charges brought against the former TV anchor are of a criminal nature, many employers and attorneys do not realize that the Computer Fraud and Abuse Act may also be used in civil litigation, particularly against any wrongful conduct perpetuated by competitors, former employees, etc. Specifically, a civil claim under the Computer Fraud and Abuse Act may be brought against any person who:
knowingly causes the transmission of a program, information, code or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;
intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or
intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage;
provided that the conduct (or attempted conduct, if it had been successful) causes, or would have caused, a loss of at least $5,000.00 in value during a one year period.
The Computer Fraud and Abuse Act also provides a claim against those who knowingly, and with intent to defraud, traffic in computer passwords or any other information that would allow a computer to be accessed without authorization, provided that such trafficking affects interstate or foreign commerce.
