Workplace Privacy Flashcards
Employee Privacy Framework
o Employee Privacy Framework:
* Sources of privacy protections: (all are varied in coverage and often are limited in protection)
(a) U.S. Constitution (4th Am., Due Process Clause)
(b) state constitution
(c) Federal statutes (Some to federal employees and some to private sector)
(i) Discrimination laws, Genetic Information Non-Discrimination act these also implicate privacy protections although not main goal of regulation.
(ii) ECPA and SCA wiretapping,
(iii) HIPPA
(d) tort of intrusion upon seclusion,
(e) state statutes (significant activity at state level)
(f) General Data Protection Regulation (EU)
(g) contract (for-cause protections, CBA’s, implied-in-fact)
* Balancing of interests (employee vs. employer interests); and
* The role of private ordering.
Sources of Privacy Protection
U.S Constitution (4th Amendment): only for Public Employees. NOT for Private. For Private, you need to use Common Law Tort Theory of “Intrusion upon Seclusion” Test.
2 Step Framework for public employees (Quon/O’Connor Test):
(1) Reasonable expectation of privacy?
(2) If yes, was the search/intrusion reasonable?
* Need a legitimate purpose, justified at inception.
* Scope and means must be reasonable as they relate to the furtherance of that purpose.
* But employer doesn’t need to use the least intrusive means possible; just needs to be a reasonable effort to further the purpose of the search.
(1) Employee must have a reasonable expectation of privacy in the area or thing intruded upon or searched
“Operational realities” test (totality of circumstances – MAJORITY)
“Categorical” test (defining a category that is off-limits i.e. can’t look in desk drawers or lockers – SCALIA)
(2) Employer search/intrusion must be reasonable (i.e. legitimate purpose and appropriate scope).
i. Reasonable grounds for suspecting that the search will turn up evidence that the employee is guilty of work-related misconduct (exception to warrant requirement and probable cause is NOT needed because this is specific to workplace context) This is a more deferential standard -> all the employer needs to do is demonstrate a legitimate purpose and the scope of instrusion was reasonable (not a high level of scrutiny)
ii. Quon rejected the “least intrusive means possible” approach. Need not be the least reasonable.
iii. Scope – measures adopted are reasonably related to the objectives of the search and not excessively intrusive in light of the nature of the misconduct
b. There seems to be a sliding scale approach where the greater the expectation of privacy, the more scrutiny the court gives to the intrusion.
i. For example, the court seems to almost always say there is an expectation of privacy to bodily intrusions(urine screening).
(a) NOTE - this test applies only to PUBLIC employees, but it does inform the rights of private employees as well, at least in terms of framing the debate.
(b) NOTE - state constitutions may also provide protection. (CA)
c. Courts usually find that employees have NO reasonable expectation of privacy in electronic communications or files on employer-provided devices if the employer has in place a sufficiently broad policy that clearly states that employee communications and files may be monitored.
Court said you DO NOT have to use the least intrusive methods.
Cases of 4 Amend.
Quon: gave us the above framework. okay for work related stuff.
Von Raab: Balacing of Employee/Employer Interests in Von Raab. 4A drug testing case. wanted to drug test employees engaged directly in drug interaction and/or otherwise required to carry a firearm. Court says that employer must show compelling interest (low deference to employers). * Whether the employer’s actions are reasonable is determined by using a sliding scale: the more serious the intrusion into an employee’s privacy, the more compelling the employer’s justification must be. compelling gov’t interest to safeguard borders & public safety trumped privacy expectations of impacted employees. Testing was reasonable under 4A. Courts often focus on the NEXUS between the articulated interest and the nature of the intrusion.
Skinner:
Skinner - privacy intrusion OK against railworkers after previous accident.
* Any job w/ safety concerns is more likely to create daylight for permissible drug testing.
Random testing w/o safety concerns often struck down.
Tort Based Protections
For Private, you need to use Common Law Tort Theory of “Intrusion upon Seclusion” Test.
3 Elements to the test:
(1) Intentional intrusion
(2) Into an area of solitude or seclusion
(3) That would be highly offensive to the reasonable person (this framework is VERY SIMILAR to Quon/O’Connor “reasonable expectation” test).
o On who intentionally intrudes, physically or otherwise, upon solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.
d. Intrusion-upon-Seclusion: the most widely recognized common-law privacy claim in the employment context ONLY APPLICABLE IF THERE IS AN ACTUAL INTRUSION
i. In this case court found no intrusion because employee did not consent to intrusion. IF refuse to consent no intrusion. If do consent no breach of privacy since they consented. Catch-22 for the employees. That is why this employee brought public policy claim, Not intrusion upon seclusion.
Case for Tort Protection
Borse:
Refused drug testing. alleged intrusion upon seclusion public policy tort under state law. although she was never tested, intrusion still possible via the process and b/c a reasonable person may think giving urine is an intrusion.
f. Courts have found that consent to an alleged privacy intrusion is a near-absolute defense to common law privacy claims.
i. NOTE – Catch 22:
(1) if the employee agrees to the intrusion -> he has consented to it (so no claim)
(2) if he refuses (and loses his job as a result), there is no intrusion (so no claim)
e. Whether the conduct is objectively offensive is determined by whether it is justified by a legitimate employer interest and appropriately tailored to serve that interest.
i. In short, a reasonable employee should not be offended by a justifiable intrusion.
**Most courts, in applying tort-related privacy claims, use a test that is closely related to the O’Connor test. (“reasonable expectation” test).
**
- Drug testing cases today
o They are generally upheld where public safety is a concern of law enforcement is involved.
o Random drug testing without safety concerns are often struck down
o Private sector needs to find an alternative source of protection since fourth amendment doesn’t apply (see Borse)
o Sometimes they are stuck down as being overly broad (collects info beyond drug use)
- Off-site activities:
a. In private, at-will employment, employees historically have enjoyed little protections from employer retaliation for outside activities, choices, and associations.
b. Even when available, such claims will often hinge on whether the employer can articulate a sufficient business-related reason for its actions.
i. Statutes may also protect employees, at least where the employer does not have a sufficiently compelling reason for taking such action.
c. As a practical matter, at-will employees and job applicants should assume they have little protection against adverse employment actions resulting from things they say or see on non-password protected areas of the Internet.
Private Ordering: Are there limits to consent?
- The Framework used:
i. Did plaintiff have legally protected privacy interest?
Bodily integrity is ALWAYS a privacy interest.
ii. Did plaintiff have a reasonable expectation of privacy in the circumstance?
What about if they consented? Court says that it doesnt get rid of this element but it STRONGLY DIMINISHES a claim that there was a reasonable expectation of privacy.
iii. Did conduct of employer constitute serious invasion of the privacy? (unjustifiable invasion not justified by legitimate employer interest)
this factor really subsumed by the first 2. - What limitation on consent, if any?
Must be knowing and clear?
The nexus to employer justification must be close enough?
Are certain areas entirely off limits?
iv. Courts tend to look at the same factors in analyzing Private Ordering:
(1) The extent to which the employee consented to or was on prior notice of the intrusion (“knowing and clear?”)
(2) Whether the employee has a reasonable expectation of privacy,
(3) Whether the employer has articulated a workplace-related interest to justify the alleged intrusion,
(4) The strength or importance of this employer interest,
(5) The nexus between the employer interest and the intrusion
Cases for Private Ordering/Consent
Feminist Women’s Health Center:
Plaintiff claimed public policy exception claim with CA constitution as source.
Holding: the requirement that employees perform cervical exams is a reasonable condition of employment and does NOT violate the right to privacy where the written employment agreement evidences the plaintiff’s knowledge and agreement/consent to be bound by it. Court seemed to defer to the employer’s mission. Court said you DO NOT have to use the least intrusive methods.
Court in this case did not balance the 2 interests; it instead focused on the fact that employee was reasonably required b/c they were aware at the outset and consented.
Private ordering prevails as long as there is a NEXUS.
Actual consent or contract must be clear & unambigious.
Court said you DO NOT have to use the least intrusive methods.
Stengart:
Employee worked for Loving Care and she used personal email to communicate with their lawyer on work provided computer. Employer searched hard drive and found stored email, even though they were password protected. NJ Court found cause for action on the intrusion upon seclusion theory. Then the court looked to whether there was a reasonable expectation of privacy.
Court found for employee for two reasons:
* Court also said the employer’s policy was not clear. AND
* Because of the important public policy of the attorney-client privilege, even a clear employee manual allowing the company to retrieve private email would not be enforceable against private emails between employee & lawyer probably only because courts value attorney-client privilege so much.
Court suggests that attorney client privilege are so great that employee still might have reasonable expectation of privacy even if consent. Reach remains open as this case was about violation of RPC.