Privacy Issues in the Workplace

Communications Privacy Act (ECPA) of 1986 amended the 1968 Wiretap Act. It prohibits intentional interception of electronic communications and disclosure or use of intercepted electronic communications during transmission (before the communication is open or stored). 436 It requires the presence of some federal nexus in its application (such as “the defendant acting under the color of state law or the recordings made through facilities of a communication carrier engaged in the transmission of interstate or foreign communications”) to be constitutional as applied. 437 The ECPA also created the Stored Communications Act (SCA), which prohibits intentional and unauthorized access of a facility providing electronic communication service to obtain “access to a wire or electronic communication while it is in electronic storage in such system.” 438 The SCA also prevents “providers” of communication services from divulging private communications to certain entities and/or individuals. 439 The SCA provides privacy protection to communications held by two types of providers: electronic communication service (ECS) and providers of remote computing service (RCS). An ECS provides its clients with wire or electronic communications services, such as e-mail. The Stored Communications Act prohibits an ECS from releasing the contents of a communication in electronic storage except to the sender or recipient of the communication. On the other hand, an RCS provides its clients with computer storage or processing services “by means of an electronic communications system.” For example, subscribers, such as banks or hospitals, may contract with an RCS for computer processing or storage of records. While the information is communicated electronically for storage or processing to an RCS, providing communications services is not the main purpose of an RCS. Under the Stored Communications Act, an RCS may release the contents of a communication with the lawful consent of a subscriber. Thus, for example, if an employer uses an RCS to store certain employee files, the employer as the subscriber has the right to access those employee files without the consent of the employee. In Quon v. Arch Wireless Operating Co., Inc. 440 , the Ninth Circuit ruled that the employer’s text message provider, Arch Wireless, violated the Federal Stored Communications Act, finding that it was an ECS, and thus, it could not release transcripts of employee text messages, sent and received via employer issued pagers, without the lawful consent of either the sender or the recipient of the communications. While the Supreme Court reversed other aspects of the Ninth Circuit’s decision in Quon v. Arch Wireless Operating Co. , it did not grant review of the ruling that Arch Wireless violated the SCA. Therefore, that ruling remains good law. 441 In Quon , the employer, a city, was the subscriber or contracting party with Arch Wireless, did not have the right to consent to the release of the text message transcripts. The Ninth Circuit rejected the trial court’s finding that Arch Wireless was an RCS. Instead, it found that Arch Wireless’ primary function was to send and receive electronic communications (by allowing users of the pagers to receive and send text messages) which fell precisely within the definition of an ECS. Arch Wireless stored the communications temporarily or for backup purposes; this type of storage by an ECS was contemplated under the Act. Arch Wireless did not provide the city with either “processing services” or “computer storage services,” the primary functions of an RCS.

Privacy Issues in the Workplace ©2019 (s) Liebert Cassidy Whitmore 134