In honor of ILTACON 2016, which kicks off August 28, we’d like to share an article originally published in ILTA’s Peer to Peer magazine. The article, authored by kCura’s David Horrigan, received ILTA’s 2015-2016 Outstanding Vendor-Contributed Magazine Article award.
If you're attending ILTACON, check out a session based in part on the legal research in this article: Business and Legal Aspects of Mobile, Social, and Emerging Technologies. Moderated by David, the panel will feature Judge Andrew Peck, Ari Kaplan, and Ed McAndrew of Ballard Spahr LLP.
Henry Ford’s great-grandson was explaining how his company’s cars could meet the demand for mobility, but what is important about minivans and Mustangs is even more important for corporate technology.
As employees seek the freedom of mobility and organizations welcome the increased productivity of the mobile workplace, their lawyers often cringe. The workers’ “freedom” might not be as free as they think, and the information governance challenges keep corporate counsel and law firms up at night.
The exponential growth of corporate mobile technology in the workplace may seem daunting, but a few legal lessons can help.
LESSON ONE: Employers are often allowed to access their employees’ mobile data, but they should proceed with caution.
The Stored Communications Act (SCA) was put into law in 1986 to cover privacy issues created by new technologies. Of course, when Congress debated the SCA in 1986, lawmakers were not thinking about the tweet-powered Facebook world in which we find ourselves today.
Most U.S. employers can monitor their employees’ data activity when the employees are using the employers’ equipment. However, in many European jurisdictions, it is unlawful for employers to monitor employees’ email even when they are on the employer’s system.
In addition, although the U.S. Supreme Court gave government employers broad latitude to search employee data on employer-provided equipment in City of Ontario v. Quon (2010), employers’ legal ability to access employee data is not absolute, and they should exercise caution when doing so.
The SCA can be an issue for employers when accessing employees’ mobile data. In cases such as Garcia v. City of Laredo (2012) and Sunbelt Rentals v. Victor (2014), courts have held that employers do not violate the SCA when they search employee data on mobile devices if data have been downloaded to the devices.
However, employers should watch ongoing cases such as Galey v. Walters (2015). Here, a U.S. District Court distinguished between access to private communications and photographs on a mobile device and access to downloaded data. The court held that there could be a plausible SCA claim had the defendants accessed Galey’s data stored electronically with her wireless service provider, email provider, or the maker of the phone itself.
Employers must encourage employees not to access data from their former employers’ systems, which could trigger liability under the Computer Fraud and Abuse Act (CFAA), a federal law with both civil remedies and criminal penalties for unauthorized access of computer data.
Social media data present even greater challenges. According to the National Conference of State Legislatures, 21 states have enacted laws limiting employers’ access to employee social media data, while 13 states passed laws limiting educational institutions’ access to student social media accounts.
It’s not surprising that social media have triggered a veritable cornucopia of litigation. Courts have placed limits on employer fishing expeditions through employee social media accounts in cases such as Mailhoit v. Home Depot (2012).
LESSON TWO: Have a comprehensive mobile technology policy, and make sure it is adaptable to emerging technologies.
Although the U.S. Supreme Court held the government employer in Quon was not liable for accessing its employee’s private data, the case serves as a good lesson in drafting written mobile technology policies.
As a member of the Special Weapons and Tactics (SWAT) unit for the city of Ontario, California, Jeff Quon received a city-owned pager. Before distributing the pagers, the city established a written policy reserving the right to monitor all network activity.
The policy did not specifically cover text messages, but the city clarified it would treat texts like email. When the inordinate number of Quon’s texts led to an audit of their content, they were found to be largely inappropriate. Disciplinary measures were taken, which led to a lawsuit. Despite the city’s best efforts in establishing a written policy, it still found itself in a legal quagmire.
In drafting mobile technology policies, employers should ensure they do not run afoul of any National Labor Relations Act (NLRA) requirements. Many people mistakenly assume the NLRA applies only to unionized workplaces, but its restrictions in areas such as social media policies govern non-union workplaces if the policies impact “protected concerted activity.”
LESSON THREE: Mobile technology is a growing issue for everyone.
Mobile technology is changing law firms and the corporate workplace. Released in October of 2015, a kCura-Ari Kaplan Advisors survey of partners at major law firms reported 88 percent of their firms had formal remote work/technology policies. Eighty-three percent of respondents said they were comfortable using mobile technology in the courtroom.
As for the future, 67 percent predicted the paperless workplace will become the norm for law firms, but that means a third of respondents disagreed. One partner noted that “Even tech-savvy lawyers are heavily dependent on paper; that will be the toughest nut to crack.”
As more employees take advantage of the mobile workplace, employers need to be aware of the dangers of accessing information on employee-used devices. Keep these lessons learned in mind as you develop your mobile workforce.