In its first foray into the potentially treacherous intersection of workplace monitoring of electronic communications and employee privacy expectations, the United States Supreme Court considered whether the City of Ontario Police Department violated the privacy rights of Sergeant Jeff Quon by reviewing sexually explicit text messages sent by Quon using a City-issued pager. The Court declined to issue any broad pronouncements concerning the permissible scope of workplace monitoring. The Court's decision, nonetheless, provides useful guidance for employers — whether governmental or private — on steps they can take to reduce their exposure to privacy-based claims arising from their review of employees' text messages, e-mail, and other electronic communications.

Factual Background

The City of Ontario Police Department issued two-way pagers to its SWAT team members, including Quon, and contracted with Arch Wireless Operating Company to be its service provider. The City paid Arch a monthly fee for each officer for the first 25,000 text messaging characters, plus an overage charge for each additional character.

The City's "Computer Usage, Internet and E-mail Policy" contained the types of warnings frequently seen in such policies. The City:

• reserved the right to monitor and log all network activity without notice;
• warned that employees "should have no expectation of privacy or confidentiality when using these resources;"
• explained that all communications using the network were the City's property;
• admonished that its electronic resources should not be used for personal reasons; and
• banned communications containing "inappropriate, derogatory, obscene, suggestive, defamatory, or harassing language."

The City's electronic resources policy did not mention "text messages" as none of the City-provided equipment supported "texting" when the policy was written.

When the City issued the pagers, the City told SWAT team members, including Quon, that text messages would be treated the same as e-mail under the City's electronic resources policy. However, the official responsible for overseeing the pager program, Lieutenant Duke, later told Quon that the City would not review Quon's text messages if Quon paid the overage charge.

Quon exceeded the 25,000-character limit on several occasions, in part, because he was using the City's pager for salacious chats with his then wife, as well as his mistress. Quon always paid the overage charge.

When officer-payment of overage charges became the rule (rather than the exception), the City's Police Chief ordered an audit of the two officers with the highest level of usage, one of whom was Quon. Without Quon's knowledge or consent, the City obtained from Arch a sampling of Quon's text messages, consisting of the transcripts of all texts sent or received by Quon during two different one-month periods. The internal affairs investigator who conducted the review of Quon's text messages redacted all texts sent or received during non-work hours.

Word of the salacious texts filtered through the Department to Quon. Quon, his ex-wife, and his mistress sued the City for violating their right to privacy under the Fourth Amendment of the United States Constitution. Private employers should note that the case is relevant in the context of private employment because the standards governing Fourth Amendment claims are substantially similar to those governing common law claims for invasion of privacy.

Procedural History

A California jury found in favor of the City on Quon's right-to-privacy claim. Quon appealed. The Ninth Circuit Court of Appeals reversed, finding that the City had violated Quon's privacy rights.

The Ninth Circuit held that Quon had a reasonable expectation of privacy in the content of his text messages, in spite of the City's written policy to the contrary. The Ninth Circuit relied principally on Lt. Duke's statement to Quon that Quon's texts would not be reviewed as long as Quon paid the overage charges. The Ninth Circuit also held that the City's review of Quon's text messages was an unreasonable search because there were less intrusive means to accomplish the search's objective.

The Supreme Court's Decision

The Supreme Court held that the City did not violate Quon's right to privacy. The Court reasoned that even assuming Quon had a reasonable expectation of privacy in his text messages, the City's review of the texts was reasonable and did not violate the Fourth Amendment. The Court found that the City had a legitimate business purpose for conducting the search, i.e., to determine whether the character restriction on text messages was too low and, therefore, SWAT team members were being forced to pay overage charges for work-related texts. In addition, the City's search of Quon's text messages was not excessive because the City had limited its review to a relevant sampling of Quon's texts and had redacted all messages transmitted during non-work hours.

The Court expressly rejected the Ninth Circuit's finding that the City's search was actionable because it was not the least intrusive means to achieve the City's objective. The Court observed that the Fourth Amendment does not require the least intrusive search but rather a search that is reasonable and not excessive.

The Court declined to make any broad pronouncements concerning employee privacy rights in electronic communications using employer-issued equipment out of concern that communications technology and societal privacy expectations with respect to that technology are still evolving. The Court, nonetheless, made the following points from which useful guidelines can be drawn:

1. The Court emphasized the importance of having a well-crafted and broadly distributed electronic resources policy by stating, "[E]mployer policies concerning communications will of course shape the reasonable expectations of their employees, especially to the extent that such policies are clearly communicated."
2. The Court highlighted a key distinction between corporate e-mail sent on an employer-owned server and text messages sent by cell phone through a cell phone provider's server. The Court explained that this distinction was important because the City's electronic resources policy addressed only e-mail sent through the City's e-mail server; it did not mention text messages sent through a third party's system. This distinction did not ultimately matter under the circumstances because the City had specifically notified SWAT team members that the e-mail policy would apply to text messages.
3. The Court seriously considered, without addressing on the merits, Quon's contention that Lt. Duke had created an expectation of privacy by telling Quon that his text messages would not be reviewed as long as Quon paid the overage charge.
4. The Court observed, "[The department's] audit of messages on Quon's employer-provided pager was not nearly as intrusive as a search of his personal e-mail account or pager, or a wiretap on his home phone line, would have been."

Recommendations for Employers

The Supreme Court's reluctance to enunciate broad principles in its ruling highlights the need for employers to continue to exercise caution when conducting searches of employee communications. As employees increasingly rely upon personal e-mail accounts and smart phones to conduct company business, the issues confronted by employers and the courts will become even more complex, particularly given the Court's recognition in the above-quoted passage that employees have a greater privacy interest in such communications.

In addition, employers can draw the following useful guidelines from the Quon decision:

• Each employer should implement and "clearly communicate" an electronic resources policy intended to "shape" employees' privacy expectations.
• Policy reminders ? in the form of pop-up screens, emails or texts ? should be considered to provide employees with on-going notice of the employer's policy and any updates to the policy.
• The policy should address not only communications transmitted through the company's own electronic resources but also communications related in any way to the employer's business that are transmitted using an employee's personal accounts or devices or through a third-party service provider, regardless of whether the employer or the employee is the subscriber on the service contract.
• The policy should emphasize that it may be modified only in writing by a high-ranking executive and that no other employee has the authority to modify the policy.
• Managers and supervisors should be trained not to make statements inconsistent with the company's policy (e.g., "We never actually review personal e-mails").
• The policy should be reviewed and updated regularly to address new technologies, such as text messaging, and new developments in the law.
• Searches, reviews, and monitoring should be done only for legitimate, business purposes.
• Searches, reviews, and monitoring should be done in a reasonable manner aimed at collecting information that is relevant to the search's legitimate, business purpose.

Philip L. Gordon, a Shareholder in Littler Mendelson's Denver office, is the Chair of Littler's Privacy and Data Protection Practice Group. Denise Drake is the Office Managing Shareholder of Littler Mendelson's Kansas City office. If you would like further information, please contact your Littler attorney at 1.888.Littler, info@littler.com, Mr. Gordon at pgordon@littler.com, or Ms. Drake at ddrake@littler.com.