I have a great concept for a reality TV show: “Employees Do the Darndest Things.” Or maybe "Stupid is as Stupid Does," with apologies to Mr. Gump. A recurring storyline would have to involve the privacy rights employees think they have. A recent Ninth Circuit case could be featured, where the court held kiddie porn on a manager’s workplace computer was admissible in his criminal trial (United States v. Ziegler, No. 05-30177, 8/8/06). The court did not allow the employee to invoke the protections of the Fourth Amendment because the computers were company-owned and the company’s policies included routine Internet monitoring, a right of company access and prohibition against private use.
You would think employees would realize that when it comes to workplace computers, Big Brother is often watching. After the FBI discovered Ziegler had accessed child-porn Web sites from his workplace computer, the employer’s IT department claimed (and the FBI denied) that the FBI told them to copy Ziegler's hard drive. The employer turned over Ziegler's computer and copies of the hard drive. The FBI found images of child pornography and Ziegler was sentenced to two-year’s probation and a fine of $1,000.
Although company ownership of the employee’s computer alone was insufficient to defeat an expectation of privacy, the Ninth Circuit decision still leaves the ball in the employer’s court, for without a reasonable expectation of privacy, Ziegler's hard drive was fair game. Ziegler’s expectation of privacy was not seen as reasonable because he was aware of his employer's policy and practice of monitoring Internet activity. “[A] criminal defendant may invoke the protections of the Fourth Amendment only if he can show that he had a legitimate expectation of privacy in the place searched or the item seized”. Pointing to social norms, Ziegler’s expectation of privacy was not seen as “reasonable” because “[e]mployer monitoring is largely an assumed practice, and thus we think a disseminated computer-use policy is entirely sufficient to defeat any expectation that an employee might nonetheless harbor.”
So, in determining whether Mr. Ziegler would be crowned the next American Idiot, let's look at his behavior. One, he accessed child porn - egregious enough on its own. Two, he was a manager, expected to set a good example for his employees, instead of an example of what not do to. Three, he used his office computer to engage in this behavior. (Insert your own image of a dunce cap here). And finally, he had the audacity to argue that his web-based workplace frolic was private, and therefore inadmissible. No question, as far as I'm concerned, that he is this week's winner.
Although not a civil employment case, this one presents a critical (yet often overlooked) lesson for employers: make sure you have a policy covering the monitoring of electronic communications. Despite the decision Lou discussed here, it matters. Especially in the Ninth Circuit. Moreover, although the case didn't address it, make sure your policy is broad enough to cover evolving communication methods, such as Instant Messaging, blogging, and text messaging. Early adopters of email and internet acceptable use policies may not have written the policies to include such technology, so they should be reviewed and updated regularly.