Presentation on theme: "1 ELECTRONIC PRIVACY ISSUES IN THE GOVERNMENT WORKPLACE Frederick (“Rick”) Joyce Chair, Communications Practice Group Venable LLP, Washington, DC 202.344.4653."— Presentation transcript:
1 ELECTRONIC PRIVACY ISSUES IN THE GOVERNMENT WORKPLACE Frederick (“Rick”) Joyce Chair, Communications Practice Group Venable LLP, Washington, DC
2 One of The American Lawyer’s top 100 law firms. Venable LLP: PPractices in all areas of corporate & business law, complex litigation, intellectual property & government affairs. NNearly 600 lawyers serving corporata, institutional, nonprofit & individual clients throughout the U.S. & around the world. HHeadquartered in Washington DC & offices in Maryland, Virginia, New York & California. FFounded more than a century ago, the firm has enjoyed a long history of steady growth, quality service & sound management. Venable LLP
3 Our attorneys represent clients in the telecommunications & e-commerce industries, ranging from entrepreneurs & emerging high technology firms, to Fortune 500 companies, large media ownership groups, governmental entities & trade associations. Our attorneys have a special focus on Wireless, Wireline & Internet broadband services & related legal/regulatory/business issues. We represent governmental entities on a variety of communications, privacy, Homeland Security & other technology matters. Venable, LLP – Telecommunications Practice Area
4 Privacy: SPAM, SPIT, SPIM, PHISHING, Pre-Texting - Key issues for employers, consumers and regulators. We assist clients in crafting appropriate privacy & Internet policies & proposals that will help promote appropriate conduct. Digital Property and Technology: We counsel clients in developing and enacting legislative and regulatory solutions aimed at preventing piracy & protecting online intellectual property. Wireless/Mobile Radio Services: Rules and regulations, including telemarketing, record retention and privacy rules enforced by the FTC & the FCC, are constantly evolving; consequently clients turn to Venable to help navigate this ever-changing regulatory maze. Internet-Related Issues: Venable is actively involved in representing clients and helping to define the laws that apply to developing Internet-based communications services such as Voice over the Internet Protocol. Homeland Security: Venable authored chapter of home & security laws & practices on telecommunications & cybersecurity issues in the “Home & Security Deskbook,” published by LexisNexis Matthew Bender. Communications Issues of Interest to Government Workplace
5 Venable is also well-versed on evolving U.S., Canadian, European, & Asian regulations & policies governing privacy. Our attorneys have been actively involved in creation of the following privacy & information security regimes: Venable, LLP - Privacy & Data Protection Practice Area CAN-SPAM Act Children's Online Privacy Protection Act Communications Assistance for Law Enforcement Act Fair Credit Reporting Act Gramm-Leach-Bliley Act Privacy provisions Gramm-Leach-Bliley Act 501(b) provisions on security of customer information Telecommunications Act Health Insurance Portability & Accountability Act USA PATRIOT Act U.S.-EU Safe Harbor Agreement Bank Secrecy Act & Anti-Money Laundering Rules OFAC compliance Federal Right to Financial Privacy Act IRS Information Disclosure Rules
6 Constitutional Foundation for Electronic Privacy Laws: First Amendment (freedom of speech; free press; right of the people peaceably to assemble & to petition the government for a redress of grievances) Fourth Amendment (The right of the people to be secure in their persons, houses, papers, & effects against unreasonable searches & seizures) Common Law: “Reasonable Expectation of Privacy” Other Common Law Privacy Rights (invasion of privacy; trespass; anti- defamation laws) Katz v. United States (U.S. Supreme Court, 1968)
7 Electronic Privacy Laws Section 705, Communications Act of 1934 (prohibits interception & disclosure of wire or wireless communications) The Federal Wiretap Act (1968) The Privacy Act of 1974 (governs use of computerized databases) Electronic Communications Privacy Act (1986) Stored Communications Act (1986) Communications Assistance for Law Enforcement Act (CALEA) (1994) The Controlling the Assault of Non-Solicited Pornography & Marketing Act of 2003 (CAN-SPAM)
8 Electronic Privacy Laws (continued) State laws – state wiretapping statutes; state privacy laws Foreign Intelligence Surveillance Act (FISA) USA Patriot Act Telecommunications Consumer Protection Act (Do No Call/Faxes) Customer Proprietary Network Information (CPNI) (Telecom Act of 1996) 47 USC 230 (Communications Decency Act) (No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.)
9 Public/Government Workplace vs. Private Workplace: Constitution Only Protects Citizens Against “state” or government action (“l’etat, c’est toi”;1 st & 4 th Amendment claims apply to you as an employer) Absent a contract or union agreement, most private employees are “at will” & can be terminated for most any reason absent some law protecting a given action (ie, whistleblowers). First Amendment gives them the right to speak, but, they can suffer consequences for their speech. Public Employees are Different: Action by Employer of Government Workers is by Definition “Government Action”; govt job is a “benefit.” Public Employees have Right to Speak About Matters of Public Concern (Pickering v. Board of Education, 391 U.S. 563 (1968) (unless the speech adversely affects efficiency or effectiveness of operations)
10 Electronic Communications Privacy Act of 1986 The statute extended wiretapping protections to cellular telephones, private networks, & intra-company communications while in transit or in storage. Although the ECPA was designed to address anticipated changes in the communications industry, the drafters evidently did not contemplate the rise of the Internet as a major communications device or the range of new communications technologies that would rapidly develop in the ensuing decade. (There’s no mention of the “Internet” in ECPA, no Blogging, no webhosting, etc.)
11 Electronic Communications Privacy Act of 1986 (continued) Under current federal law, the interception of the contents of wire, oral, & electronic communications is regulated by Title III of the Omnibus Crime Control & Safe Streets Act of 1968, as amended by the Electronic Communications Privacy Act of 1986, (“the Wiretap Act”). The Wiretap Act defines “interception” as “the aural or other acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” “Electronic communication” means “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system.”
12 The Stored Communications Act Enacted as Title II to ECPA, the Stored Communications Act (“SCA”) makes it unlawful for a provider of an electronic communications service to knowingly divulge the contents of a communication while in electronic storage. It also prohibits a person or entity providing remote computing services from knowingly divulging the contents of any communication that is carried or maintained on that service. Exemptions: A “service provider” may divulge electronic communications with the lawful consent of the originator or an addressee or intended recipient of the communication. Determining which persons or parties are the “addressee” or “intended recipient” can be difficult, particularly with respect to personal s sent to or from employees. Also, a couple of Federal/Circuit Courts have held that the “Service Provider” exemption allows employers to retrieve all messages stored on their own networks. See Fraser v. Nationwide Insurance (2003, 3 rd Circ.) & Bohach v. City of Reno (D. Nev 1996). Best practice would be to let your employees know this.
13 Blogs and Potential Legal Liability of Bloggers: What is it? A web-based log or diary Liability issues same as anyone making a publication available to the public, same freedom of speech & press protections. Legal liability issues include: Defamation Intellectual Property (Copyright/Trademark) Trade Secret Right of Publicity Publication of Private Facts Invasion of Privacy/Trespass
14 Blogs and Government Workers: Balance between right of public employees to discuss matters of public concern v. cannot adversely impact employer’s operations or disclose confidential information (Anderson v. McCotter, 100 F.3 rd 723 (10th Cir. 1996)(can’t fire public employee who speaks out against employer on a matter of public concern unless the speech adversely affects “efficiency or effectiveness” of operations) Use of Government Equipment & Government Time for Personal Blogs Violates Govt Ethics Regulations 5CFR : Can’t use public office for private gain 5CFR : Can’t use nonpublic information to “further private interests” 5CFR : Can’t use govt property for “other than authorized purposes” 5 CFR : “employee shall use official time in an honest effort to perform official duties.” What is Your Office’s Written Policy re: Electronic Communications (are blogs even addressed?)?
15 Top Reasons for Employee Blogger Termination: Many offices & employers have “official” blogs (but, see: Blakey v. Continental Airlines, S. Ct of NJ: employer could be liable for harassing/defamatory content postings if it has “reason to know” & elect. bulletin board is “related to the workplace”) “Violating Company Policies” (Delta stewardess appearing in uniform; poor- mouthing employer or employees) Divulging trade secrets (US soldier fined & demoted for publishing “classified” info on his blog) Personal blogging on company time “Inappropriate” or Libelous Content (“Washingtonienne”; inflammatory or controversial commentary)
16 Electronic Monitoring of Public Employees: Government employees enjoy some protection from searches under the Fourth Amendment. O’Connor v. Ortega, the Supreme Court extended Fourth Amendment privacy protection to public workplace (but, whether an employee has a “reasonable expectation of privacy” is a case by case analysis). “Expectation of privacy” can be affected by office policies & practices. Government still has the right to perform searches that serve interests in promoting efficient operation of the workforce.
17 Electronic Monitoring of Public Employees: Government employers can weaken expectations of privacy by informing employees that they do not have an expectation of privacy, or that their desks, computers, & lockers may be searched. Note: this can also apply to work performed at home, particularly if it involves govt-issued equipment. See: TBG Insurance v. Zieminski (CA Ct of Appeals, Feb 2002) (fired exec accessed porn at office; employer moved to compel access to home computer citing company policy)
18 Other Electronic Services & Devices and Workplace Privacy Issues: Can you monitor employee s? Courts now generally assume that s are monitored; “no reasonable expectation of privacy.” NLRB opinion says you can’t prohibit all non-business use of office s as they might include union solicitations (Pratt & Whitney), but, reasonable restrictions on personal /Internet use ok (Associated Press). Internet Use: Problems related to accessing public files from office vs. “private folders”, etc. Electronic Bulletin Boards: In Konop v. Hawaiian Airlines, an airline employer used third party access codes to access the Plaintiff's "secured" website, where unfavorable comments about the airline had been posted. Plaintiff had pled a potential violation by the airline of the Stored Communications Act in that the supervisors were not authorized "users" of the employee's secured website without proper authorization.
19 Other Electronic Services & Devices and Workplace Privacy Issues (cont.): Cell phones/Pagers: (Quon v. Arch Wireless Operating Company, Inc; Court found that the department’s informal policy of occasionally allowing personal use of pagers undercut the formal policy allowing the department to review & monitor all pager messages.) Location & Monitoring Issues: A “roving bug” occurs when a government agent “with court approval & mobile-phone carrier assistance required by law[,] can exploit mobile phones over the air in such a way that microphones in handsets are activated & nearby conversations picked up by federal investigators. Office Telephone Use/Monitoring: ECPA prohibits, but, Employers have generally been permitted to rely on one of three exceptions: (a) the business extension or ordinary course of business exception; (b) the consent exception; & (c) the provider exception.
20 Other Electronic Services & Devices and Workplace Privacy Issues (cont.): Telephone Records: see National Security Agency cases. (CPNI violations). Office Telephone Use/Monitoring: ECPA prohibits, but, Employers have generally been permitted to rely on one of three exceptions: (a) the business extension or ordinary course of business exception; (b) the consent exception; & (c) the provider exception. Telephone Records: Hepting v National Security Agency (CPNI violations; FISA; Common Law Privacy)
21 IIf criminal conduct suspected, a court order may be necessary. AAll workplaces ought to have clearly defined internal rules & procedures for handling every form of electronic communications. EElectronic communications policies need to be in writing. TThey need to be explained to all employees. TThese policies need to be routinely honored & enforced. TThey need to be revised whenever new laws, cases, technologies or situations warrant their reconsideration. What’s An Ethics Officer to Do?
22 Locations Washington, DC 575 7th Street, NW Washington, DC New York, NY 405 Lexington Avenue, 56th Floor New York, NY Tysons Corner, VA 8010 Towers Crescent Drive Tysons Corner, VA Los Angeles, CA 2049 Century Park East, Suite 2100 Los Angeles, CA Baltimore, MD Two Hopkins Plaza, Suite 1800 Baltimore, MD