Employee privacy rights may have received a boost from the U.S. Supreme Court at the end of this year’s term. In Riley v. California, the most recent in a series of criminal search and seizure cases involving technology, the Court held that a warrant is generally required before the police may search an arrestee’s cell phone. Although grounded in the Fourth Amendment – and therefore not directly applicable to private employers – Riley signals heightened respect for privacy rights in mobile devices and this pro-privacy approach may well spill over to the employment context. Employers should take note and as many steps as possible to maximize their ability to access and safeguard work-related data on employees’ mobile devices while minimizing the risk of liability for invasion of privacy.
Private sector employees do not enjoy Fourth Amendment rights with respect to searches by their employers, but do have common law rights to privacy. As a result, prudent employers have clear and well-distributed policies or notices, allowing them to access and monitor data on devices their employees use for work, whether provided by the employer or not. The purpose of such policies/notices is to render unreasonable employees’ expectation of privacy, which is the cornerstone of any invasion of privacy claim.
If sufficiently clear, detailed, and prominent to effectively warn employees that the data on their devices may be searched at any time by their employer, these policies and notices have been generally effective to defeat privacy expectations and insulate employers from liability.
It is unclear, however, whether notices and disclaimers will continue to suffice as technology, and our use of it, evolves. Riley contains a notable discussion of the new reality, where the majority of the population carry “minicomputers,” which we call “cell phones,” but which “could just as easily be called cameras, video players, rolodexes, calendars, tape records, libraries, diaries, albums, televisions, maps, or newspapers.” In Riley, the Court suggests that the sheer volume of information on the typical mobile device—information which, viewed collectively, can reveal far more about an individual than a calendar or even a diary—renders mobile devices worthy of greater protection.
The scope of individual privacy rights in mobile devices provided by employers or used for work is murky. In light of Riley, however, employers should revisit their policies and procedures with respect to inspecting and/or monitoring employees’ mobile devices. At a minimum, written notices or policies should be clear and specific, describing the circumstances under which the employer may search or monitor communications on mobile devices and how it may do so. Rather than placing the onus on employees to review policy manuals, employers should consider seeking affirmative waivers, signed by the employee, which expressly disavow any expectation of privacy in employer-provided mobile devices and/or devices used, even in part, for work purposes.