Employees seeking privacy in the use of smart phones and laptops at work are advised to use only their own equipment and to pay their own usage bills. If the phone is provided by the employer and the account paid by the employer, the likelihood of a court finding no legal right of privacy is high. If the employer provides the phone, pays the bill, and issues a clear written policy that all information on or through the phone is subject to company inspection, then it is virtually certain that personal use of the device will be without privacy protection. Holmes v. Petrovich Dev. Co. (2011) 191 Cal.App.4th 1047.
The situation is less clear where the phone is owned by the employee, but is used for both personal and business purposes, and the employer reimburses the employee all or part of the bill. In the absence of an employer’s required privacy waiver, I do not believe that paying for business calls entitles the employer full access to an employee’s private mobile phone communications. However, there is nothing that prevents an employee from knowingly waiving his privacy interests in mobile phone data stored on the phone. If the employee signs an acknowledgement and waiver of such privacy rights after being informed of Company policy, potentially everything on the phone becomes accessible to employer inspection. Employees therefore should take seriously any such waivers and acknowledgments they may be required to sign as a condition of receiving payment of the mobile phone bills. TGB Ins. Servs. Corp. v. Superior Court (2002) 96 Cal.App.4th 433.
But even in the face of a broad waiver of privacy rights, I question the validity of such waivers if they are obtained as conditions of receiving reimbursement for the costs of business calls made on employee-owned mobile devices. The duty to reimburse employee costs is statutory and unconditional and is itself a matter of “public policy” under Labor Code Section 2802. The more reasoned approach is that the employer is to be restricted in viewing data that pertains only to company business.
What about the situation however where the employer has no express policy concerning privacy of mobile phone data, but reimburses the employee either a fixed amount or an “actual cost” amount for business related phone calls on the employee’s mobile phone? Assume further of course, that the employee uses the phone for both personal and business calls, and perhaps even has multiple applications on the phone which are for his personal use only. These apps can include abundant “private” information, such as journal entries, GPS tracking histories, music and photos. In my opinion, the employer has no right to seize the phone, and no right to seize the data on the phone. At best, the employer might succeed in obtaining a subpoena for the business data only, or reasonably require the employee as a condition of continuing employment, to disclose only the business call or business app data.
The U.S. Supreme Court in City of Ontario v. Quon (2010) 130 S. Ct. 2619, held against employee ‘s claim of privacy rights in that case, but also declined to make a blanket rule for when data was without privacy protection on employer issued digital communications equipment. In Quon, a public employer issued mobile devices to its officers and paid the full cost of the devices. The police department wanted to determine if the usage plan they had selected was too low, after incurring overage charges under their current plans. The service provider provided the Department with transcripts of usage. The Department discovered Quon had used the device for personal sexually explicit text messaging, and disciplined him. The Court assumed Quon had a reasonable privacy interest in the messages (without having to address the issue head on), but also held that the facts of the situation justified the search of the text messages as part of a reasonable business function. In skirting the privacy expectation issue, the court wrote that the technology of mobile communication devices was advancing so quickly that a blanket privacy rule would be premature.
Where does that leave us? Employees still have privacy rights, and merely that they use a personal communication device to sometimes conduct business does not open the door for employer inspection of all data on the phone. Even if an employer required an employee to waive privacy rights to private communications on the employee’s own device, the employee’s resistance to such a demand would likely be justified, and if the employer fired the employee for his resistance, the employer would be liable for “wrongful termination in violation of public policy.” The “public policy” is found in both the U.S. and California Constitutions guaranteeing the right of personal privacy.