The Landscape of Electronic Workplace (eWorkplace)  Technology Acceptable Use Policies

Every U.S. private and public sector employer should develop, maintain and enforce an effective, appropriate workplace technology-acceptable-use policy (“TAUP”).   In large part, a TAUP is a no-expectation-of-employee-privacy (“NoEEP”) policy.  Thus, to strive for maximum defensibility, every employer should keep up on two key tasks.  First, it should have a coherently written acceptable-use policy adapted to modern technologies.  Second, it should train – and periodically remind/re-train – its managers of the do’s and don’ts of consistent, appropriate enforcement.

The U.S. Supreme Court decision in City of Ontario v. Quon, 130 S. Ct. 2619 (June 17, 2010) culminated a long, cautionary tale with many lessons.  The key Quon defendant (a public sector employer) ultimately succeeded in fending off a Fourth Amendment challenge to enforcement of its acceptable-use policy when it reviewed the contents of a police officer’s text messages (to his wife and his mistress) sent on a city-issued pager.    

Yet the years of litigation could have been avoided if the employer, the city of Ontario, had been more disciplined in its  written policy maintenance and less reckless in its policy-enforcement approach.

For a full discussion of the legal reasoning of the U.S. Supreme Court in Quon, see Brownstone eWorkplace Materials II, at 20-24 (.pdf pp. 25-29).  For employees, Quon’s enduring lessons are: be mindful of what one commits to writing; and do one’s best to erect a divide between one’s personal and work-related communications.  For employers — both in the public and private sectors — please read on below for my TopTen post-Quon Taup tips.


Top Ten TAUP Takeaways  

10. Have a clear, bold, highlighted written provision covering – at least as to U.S. employees (EU countries’ privacy laws are much more employee-friendly) – NoEEP as to all information created, stored, received or transmitted on or by any system or device provided by the employer.

9.   Decide whether to extend the NoEEP to all devices supported by (e.g., Outlook access) or costs–reimbursed  by the employer [are you OK with BYOD?]; and then make the scope clear: a) in the written policy; b) to all supervisors/managers; and c) to all staff.

8.   Specify all employer rights, including to: monitor; search; access; inspect; and read.

7.   Give clear written notice to all employees and covered third parties allowed access to employer systems/networks.

6.   Be realistic as to “personal use” – strongly consider a “limited” or “incidental” exception, but with carve-outs for certain activities: violating the law or any other employer policy; interfering with the employee’s job performance; or aiming for personal pecuniary gain to the detriment of the employer.

5.  Train new employees – and periodically retrain experienced ones – on key TAUP provisions, especially as to NoEEPP.

4.  Train supervisors/managers on consistent, fair enforcement.

3.  In the trenches, do not overreach as to: an employee’s own attorney-client privilege; or the illicit obtainment – let alone use – of an employee’s personal login/password.

2. Provide an annual concise reminder summarizing key TAUP provisions, including employees’ right to discuss employment conditions.

1. Periodically – every two or three years? – review (and revise?) the TAUP so it’s: consistent with actual practices; and up-to-date as to current technology, e.g., smartphones, social media and “The Cloud”.


The “e”     Big Picture    

Always remember the Three E’s of compliance: Establish, Educate and Enforce as propounded by Nancy Flynn of the ePolicy Institute <@ePolicyInstitut>.  First, policy goals must be established.  Second, once the policies are written, employees must be educated on the content.  And, third, only then, should technology be used as one enforcement/ implementation mechanism – not as a magic-bullet.


This post is based in part on “A Wake-up Call for 21st Century Employers“, Daily Journal (Sep.  29, 2010), which I co-authored with my colleague Sheeva Ghassemi-Vanni <@EmpLawSJGV>.

 

Print:
EmailTweetLikeLinkedIn
Photo of Robert Brownstone Robert Brownstone

Robert D. Brownstone is the Technology & eDiscovery Counsel and Chair of the Electronic Information Management Group (EIM) Practice Group at Fenwick & West LLP, a national firm with a special mission and headquartered in Silicon Valley. Bob advises clients on electronic discovery, EIM, retention/ destruction, information-security, privacy and social-media.

A dynamic nationwide speaker and prolific writer on many law-and-technology issues, Bob is frequently quoted in the press as an expert on electronic information. He teaches Electronic Discovery Law & Process annually at the University of San Francisco (USF) and University of Puerto Rico (UPR) Schools of Law and has also taught it at Santa Clara U. (SCU) School of Law.

Now in his 27th year as a lawyer, Bob is a member of four state bars and serves on the Advisory Board of the National Employment Law Institute (NELI). To learn more, see Bob’s full bio and extensive bibliography.