Published on:

Losing the expectation of privacy bit by bit, byte by byte

17 July 2012


Hotels and restaurants are among many other businesses that monitor employees at work through video surveillance, and through employees’ use of company-issued computers and smart phones. While employers gain benefits such as reducing theft, decreasing liability and ensuring safety procedures are followed, employees can feel that this electronic monitoring violates their privacy. In his article below, Mark Adams, a litigator in JMBM’s Global Hospitality Group®, shares with us how courts are ruling in lawsuits that deal with electronic surveillance of employees. He also gives employers advice on how to prevent these lawsuits from happening.

Losing the expectation of privacy bit by bit,
byte by byte

by
Mark S. Adams | Hotel Lawyer

A version of this article was first published in The Bottom Line, the official publication of the California State Bar’s section on Law Practice Management &Technology .

For a generation that has become exceedingly facile with electronic gadgetry and desensitized to the massive amounts of data this gadgetry produces, it perhaps comes as no surprise that video surveillance and on-line monitoring by employers of present and potential employees’ electronic profiles and fingerprints have become the norm.

Billions of emails are sent and received every day. Facebook has over 750 million active users, Twitter more than 75 million users, and YouTube boasts more than 24 hours of uploads every minute, every day, with over 2 billion viewers daily. Closed circuit digital video cameras are commonplace, from office security cameras to ATMs. All of this data can be available for review and analysis by friend or foe, including current and potential employers.

Social Media

Many employers now routinely vet their recruits through the Internet–not just before a formal offer is given, but before even taking an interview. Social media sites provide firms with the kind of information about candidates that was simply unavailable from any source just a few years ago. A company can now easily get a glimpse of a candidate’s off-duty persona to help determine if there will be a good fit. For example, an Internet-chatty candidate may say some nasty things about his or her former employer that would never appear on a resume; perhaps express an ambivalence about the industry; show an unhealthy appetite for engaging in high risk, dangerous activities; or flaunt an illicit, drug-friendly lifestyle. In short, the Internet may reveal a person who is far different than the well-dressed, firm-handshaking, smiling face that’s sitting in the lobby waiting for his or her interview. Absent the use of this Internet vetting process for the purpose of unlawful discrimination, at present, employers are free to make such Internet investigations without any legal repercussions.

Unlike potential employers, current employers have always kept an eye on their employees, and rightly so, because employers suffer the cost of such behaviors as employee theft and various kinds of employee mishaps and indiscretions. Although social media provides current employers with that same window into their employees’ lives–a window voluntarily opened by employees when they post things on a social media site–the new age of electronics offers current employers even more insight. Current employers have access to their employees’ electronic cache. Some employees may have a company-issued smartphone and computer. Usually the company will also assign an email address and provide the Internet access. These give access to information and activities that are not volunteered by the employee. For example, an electronic file scan may catch an employee receiving and sending sexually explicit emails, creating a sexually hostile work environment, or disclosing sensitive company communications via email to third party friends and family.

But there is a big difference between looking at something an employee voluntarily makes public and something obtained from the employee without their permission.

California courts have provided some guidance on what types of actions cross the line from appropriate supervision to invasion of an employee’s right to privacy. If the line is crossed, the employer risks a claim for invasion of privacy against an employer based on two separate legal theories, one grounded on the California Constitution, and the other based on a common law tort of invasion of privacy. Morphed together, the two types of privacy claims turn on the nature of the intrusion upon the reasonable expectations of privacy, and the offensiveness or seriousness of the intrusion, including any justifications. This leads to an inevitable balancing of interests, the outcome of which is often decided on a case-by-case basis.

To protect themselves from meritorious claims, employers should seek to diminish their employees’ expectations of privacy. This can be done by implementing and religiously following a “no expectation of privacy policy,” in which a written statement clearly expressing the policy is given to and acknowledged by all of the employees, from executives to entry level staff. This statement should also be clearly posted in any areas where videotaping is done. Such a policy typically states that the employer routinely, and without any further notice to the employee, will monitor computer use; read emails, texts and Twitter updates; listen to voicemails; and review hidden videotaped surveillance. But beyond the implementation and acknowledgement of such a policy, the facts in a particular case always carry ponderous weight on whether the employee has a reasonable expectation of privacy.

Emails

Regarding emails, the reasonable expectation of privacy can depend on whether the employee used a company computer, the company’s Internet service provider, a company-issued email address, and a secret password to transmit and receive their emails. In Holmes v. Petrovich Dev. Co. (2011) 191 Cal.App.4th 1047, the plaintiff sent emails to her attorney regarding a possible legal action against her employer. The employer obtained the emails from her computer: the plaintiff demanded them back claiming that they were attorney-client privileged communications, and sued the employer for invasion of privacy. The court held that the emails did not constitute “confidential communication between client and lawyer” within the meaning of Evidence Code section 952 because the plaintiff used the employer’s computer to send the emails despite the facts that she had been told of the company’s policy that its computers were to be used only for company business and that employees were prohibited from using them to send or receive personal email. She had been warned that the company would monitor its computers for compliance with this company policy and thus might “inspect all files and messages … at any time;” and she had been explicitly advised that employees using company computers to create or maintain personal information or messages “have no right of privacy with respect to that information or message.” The court stated:

When Holmes emailed her attorney, she did not use her home computer to which some unknown persons involved in the delivery, facilitation, or storage may have access. Had she done so, that would have been a privileged communication unless Holmes allowed others to have access to her emails and disclosed their content. Instead, she used the defendants’ computer, after being expressly advised this was a means that was not private and was accessible by Petrovich, the very person about whom Holmes contacted her lawyer and whom Holmes sued. This is akin to consulting her attorney in one of defendants’ conference rooms, in a loud voice, with the door open, yet unreasonably expecting that the conversation overheard by Petrovich would be privileged.

The Holmes court distinguished Stengart v. Loving Care Agency, Inc. (2010) 201 N.J. 300, 990 A.2d 650, 659, 663-664, in which that court found that the employee had a reasonable expectation of privacy in the use of a personal Web-based email account–even though accessed from the employer’s computer–where the use of such an account was not clearly covered by the company’s policy and the emails contained a standard hallmark warning that the communications were personal, confidential, attorney-client communications.

Video Surveillance

As to the covert videotaping of employees, the legality of this is anchored by two extremes: covert videotaping in open and accessible workplace areas, and vide
otaping in areas reserved for personal acts.

Videotaping in open and accessible workplace areas can be lawful. For example, the lobby and hallways of your hotel may electronically monitor the comings and goings of guests and employees for security purposes. That is lawful. However, videotaping areas reserved for personal acts, such as employee restrooms, is unlawful. Indeed, there is little justification in any company, that would override the right and expectation of privacy in such a personal area.

The outcome in situations that fall somewhere in between videotaping in open and accessible workplace areas, and videotaping in areas reserved for personal acts, are factually driven. For example, a computer server room, which is locked and accessible only by a few people in the firm, may have electronic surveillance all the time. It is only actually monitored a few times a day, or when a high heat sensor, or a water intrusion alarm is triggered. This is a rational, reasonable intrusion. Even so, the eye of the camera can catch unintended images, and so the best practice is to always make a clear disclosure that electronic surveillance is taking place, even if the surveillance is for a rational, lawful purpose.

Employer wins with limited intrusion

In Hernandez v. Hillsides Inc. (2009) 47 Cal.4th 272, the defendants operated a private, nonprofit residential facility for neglected and abused children, including the victims of sexual abuse. Plaintiffs were employees of the defendants. The plaintiffs shared an enclosed office and performed clerical work during daytime business hours. Their office had a door that could be locked, with blinds that could be drawn, and the plaintiffs could perform grooming or hygiene activities or conduct personal conversations, during the workday in that office. The director of the facility, learned that late at night, after the plaintiffs had left the premises, an unknown person had repeatedly used a computer in the plaintiffs’ office to access the Internet and view pornographic Web sites. Such use conflicted with company policy and with the defendants’ aim of providing a safe haven for the children.

Concerned that the culprit might be a staff member who worked with the children, and without notifying the plaintiffs, the defendants set up a hidden camera in the plaintiffs’ office. The camera could be made operable from a remote location, at any time of day or night, to permit either live viewing or videotaping of activities around the targeted workstation. It is undisputed that the camera was not operated for either of these purposes during business hours, and, as a consequence, the plaintiffs’ activities in the office were not viewed or recorded by means of the surveillance system. The defendants did not expect or intend to catch the plaintiffs on tape.

After discovering the hidden camera in their office, the plaintiffs sued the defendants, for, among other things, violation of their privacy rights under the California Constitution. The California Supreme Court reversed the Court of Appeal, and reinstituted the trial court’s order granting the defendants’ motion for summary judgment. The Supreme Court stated:

We appreciate plaintiffs’ dismay over the discovery of video equipment–small, blinking, and hot to the touch–that their employer had hidden among their personal effects in an office that was reasonably secluded from public access and view. Nothing we say here is meant to encourage such surveillance measures, particularly in the absence of adequate notice to persons within camera range that their actions may be viewed and taped.

Nevertheless, considering all the relevant circumstances, plaintiffs have not established, and cannot reasonably expect to establish, that the particular conduct of the defendants that is challenged in this case was highly offensive and constituted an egregious violation of prevailing social norms. We reach this conclusion from the standpoint of a reasonable person based on defendants’ vigorous efforts to avoid intruding on plaintiffs’ visual privacy altogether. Activation of the surveillance system was narrowly tailored in place, time, and scope, and was prompted by legitimate business concerns. Plaintiffs were not at risk of being monitored or recorded during regular work hours and were never actually caught on camera or videotape.

Employer loses when intrusion goes too far

In Carter v. County of Los Angeles (C.D.Cal 2011), 770 F.Supp.2d 1042, a case involving government employees (who have greater expectations of privacy from their government employers), the employer received an anonymous complaint alleging that a plaintiff employee, had engaged in sexual activity with a visitor in the dispatch room while she was on duty at night. The employer then installed a hidden video camera in a fake smoke detector in the dispatch room, and set it to record continuously, every hour of every day. The camera recorded several incidences of the act. One of the plaintiffs discovered the hidden camera a few months after it was installed and she (and other employees) sued her employer for, among other things, violation of her privacy rights under the California Constitution. In assessing the reasonableness of the plaintiffs’ privacy expectations, the court noted that the dispatch room door remained closed during regular business hours, non-dispatcher employees would typically knock before entering, and no one could see into the dispatch room. Furthermore, after regular business hours, it was not uncommon for plaintiffs to work alone in the room. The court concluded that the plaintiffs had a reasonable expectation of privacy in the dispatch room.

In assessing whether the surveillance was a sufficiently serious intrusion as to constitute an egregious breach of social norms, the court noted that the plaintiffs were recorded while they unknowingly performed private acts, the surveillance was constant, and it continued even after the stated objective was complete. The defendant monitored all of the employees, not just the subject plaintiff. Finally, there were several less intrusive methods available to the defendants in investigating the allegations against the plaintiff employee, but the defendants did not utilize them. Thus, the court held that the defendants violated the plaintiffs’ right to privacy under the California Constitution.

The Bottom Line

Right to privacy cases turn on whether the employee had a reasonable expectation of privacy under the circumstances. The employer has to somewhat manage the risk of a claim of a violation of privacy and an adverse result by minimizing the employee’s reasonable expectation of privacy. The employer should disclose to the employee that the employee is being observed and monitored, and how that is being done.

adams%20new%20bio.jpgMark S. Adams is an experienced trial lawyer and a member of JMBM’s Global Hospitality Group® and Chinese Investment Group™. He focuses his practice on business litigation including contracts, corporate and partnership disputes, and hospitality disputes and litigation. On behalf of hotel and resort owners, Mark has successfully litigated the termination of long-term, no-cut, hotel management agreements, franchise agreements, fiduciary duty issues, investor-owner disputes, TOT assessments, and more. He has wide-ranging trial experience in a variety of commercial disputes, including complex multi-party litigation and class actions. He has tried numerous cases in state courts, federal courts, and in domestic and international arbitrations, and is a frequent author and speaker on trial practice. Mark’s trial wins have been covered by Forbes, Reuters, and other publications. He has obtained two of California’s annual 50 largest jury verdicts in the same year. Mark has taken or defended nearly 1,000 depositions throughout North America, Europe and the Middle East. He has been quoted as an expert on noncompete agreements in the Wall Street Journal. For more information, contact Mark at 949. 623.7230 or markadams@jmbm.com.

This is Jim Butler, author of www.HotelLawBlog.com and hotel lawyer, signing off. We’ve done more than $60 billion of hotel transactions and have developed innovative solutions to unlock value from hotels. Who’s your hotel lawyer?


Our Perspective. We represent hotel lenders, owners and investors. We have helped our clients find business and legal solutions for more than $60 billion of hotel transactions, involving more than 1,300 properties all over the world. For more information, please contact Jim Butler at jbutler@jmbm.com or +1 (310) 201-3526.

Jim Butler is a founding partner of JMBM, and Chairman of its Global Hospitality Group® and Chinese Investment Group™. Jim is one of the top hospitality attorneys in the world. GOOGLE “hotel lawyer” and you will see why.

Jim and his team are more than “just” great hotel lawyers. They are also hospitality consultants and business advisors. They are deal makers. They can help find the right operator or capital provider. They know who to call and how to reach them.