Court Finds Airport Cannot Fly Under the Radar on Employee’s Email Privacy Claims

A federal district court in Virginia recently grounded an airport’s attempt to escape liability for accessing an employee’s email account. (Hoofnagle v. Smyth-Wythe Airport Commission.) The decision, which delivered a mixed result for the airport, provides important guidance for both public and private sector employers.

The employee was the airport’s operations manager and was responsible for its day-to-day operations, including responding to email from the public. To this end, the manager created a Yahoo! email account, which he used for both airport and personal business. Although the account became the airport’s official email contact, the airport did not have an email policy or any other technology policy that governed how the account was to be used.

Events came to a head when the manager, an NRA member, used the account to send a strongly worded email to U.S. Senator Tim Kaine regarding gun control. The manager signed the email using his official airport title. After learning of the email, the airport terminated the manager based not on the email’s content, but on the manager’s decision to sign it in his official capacity. The airport then used a password provided by the airport’s secretary to gain access to the account to search for business records. The manager sued and claimed that the airport’s access of the email account without his authorization violated the Fourth Amendment’s protection against unreasonable governmental searches, as well as the Stored Communications Act.

Dealing with the Fourth Amendment claim first, the court applied a two-part test used by the U.S. Supreme Court in another case involving the scope of employee privacy in electronic communications. That test looks first at the “operational realities” of a workplace to determine whether a reasonable expectation of privacy exists, and then examines whether the search was reasonable under all the circumstances.

In this case, the court found that the manager did have a reasonable expectation of privacy in the email account – primarily because the account was not clearly owned by the airport, and because the airport did not have an electronic communications policy that would have limited the manager’s expectation of privacy. Nonetheless, because the airport’s search of the account related to a non-investigatory work-related purpose, and because it was limited in scope, the search was reasonable and therefore did not violate the Fourth Amendment.

Turning to the Stored Communications Act, however, the court found that the airport could not escape liability. The SCA is a federal law that prohibits the unauthorized access to stored email and other electronic communications. But the SCA exempts “providers” of electronic communications services and end “users” of those services – and it was under these two exemptions that the airport sought refuge, arguing that the exemptions applied because the airport had provided the computer through which the manager had used the Yahoo! account. The court found neither exemption applied, though, because it was Yahoo! that provided the electronic communications service where the emails were stored, and it was the manager, who had created the account, that was the “user” of the service.

So – what guidance does this case provide for employers? First, it demonstrates that employers must be careful when using, or allowing employees to use, a third-party email provider (e.g., Yahoo!, Gmail, etc.) for company business. In those situations, employers must be sure to have clear policies in place that address the scope of employee privacy in electronic communications and the monitoring of email on workplace computers, and the policies should also clarify who it is – employer or employee – that owns the account and is authorized to access it. Had the airport in this case maintained such a policy, it would have been in a far better position. Second, this case demonstrates that an employee’s use of a work computer does not entitle an employer to access virtually any account used by the employee on the computer – even if the account is used for work purposes. Finally, the case serves as an important reminder for employers to keep abreast of changes in technology and how that technology is used in the workplace.

NLRB Seeking Comments on Employee Email Use

In 2007, the National Labor Relations Board (NLRB) decided in a split decision that employees do not have a statutory right to use an employer’s email system to engage in activities protected under federal labor law.  Relying on this decision, known as Register Guard, many employers have since adopted policies limiting the extent to which employees may use employer-provided email and communications systems for protected concerted activities.

Now, in a case currently pending before the NLRB, the Board has signaled it is considering whether to revisit its holding in Register Guard.  At issue in the case is a decision by an administrative law judge to dismiss an allegation that the employer, Purple Communications, Inc., committed an unfair labor practice by maintaining a rule prohibiting employees from using company email for non-work-related purposes. Disappointed with the judge’s ruling, the NLRB General Counsel filed an exception and requested that the Board overrule the Register Guard decision.
 
The Board appears to have taken the General Counsel’s request to heart and has invited the parties in Purple Communications, Inc., as well as other interested parties, to submit briefs on the issue.  Specifically, the Board has requested parties to address the following questions:

1. Should the Board reconsider its conclusion in Register Guard that employees do not have a statutory right to use their employer’s email system (or other electronic communications systems) for Section 7 purposes?
2. If the Board overrules Register Guard, what standard(s) of employee access to the employer’s electronic communications systems should be established?  What restrictions, if any, may an employer place on such access, and what factors are relevant to such restrictions?
3. In deciding the above questions, to what extent and how should the impact on the employer of employees’ use of an employer’s electronic communications technology affect the issue?
4. Do employee personal electronic devices (e.g., phones, tablets), social media accounts, and/or personal email accounts affect the proper balance to be struck between employers’ rights and employees’ Section 7 rights to communicate about work-related matters? If so, how?
5. Identify any other technological issues concerning email or other electronic communications systems that the Board should consider in answering the foregoing questions, including any relevant changes that may have occurred in electronic communications technology since Register Guard was decided. How should these affect the Board’s decision?

While the invitation for comments on the continuing viability of Register Guard is itself notable, it is also noteworthy that the NLRB has asked parties to comment on the decision in light of how technology, and the uses of that technology, has changed in the last seven years.

The deadline for submitting briefs is June 16, 2014.