Scott & Scott | Software Compliance Counsel
Scott & Scott Scott & Scott

« Can You Protect Employee Privacy Rights While Protecting Company Security? | Main | An Overview of ISO 19770-1 Processes – Part 3 of 3 »

Other Ideas for Protecting Employee Privacy Rights in Personal Information Stored on Business Computers

The issue of employee privacy rights in data stored on an employer’s computer is a difficult one. If an employee displayed framed family photos on her desk, an employer would not refuse to turn those photos over to the employee upon termination. These days, the employee is just as likely to keep such photos as jpegs or gifs on her PC at work, along with many other types of personal information, from correspondence to recipes. Allowing a terminated employee access to that computer after termination does present practical difficulties, and a business that chooses this method of avoiding liability for breach of employee privacy rights should implement safeguards to prevent the former employee from compromising company security or having access to trade secrets and other valuable business information.

A company could adopt a policy prohibiting employees from storing personal information on a company computer, though this may be impractical to enforce. A number of courts have held that an employee has no privacy expectation in workplace computer files where company guidelines and policy explicitly inform the employee that no expectation of privacy exists. See, e.g., Muick v. Genayre, 280 F.3d 741, 743 (7th Cir.2002); United States v. Simons, 206 F.3d 392, 398 (4th Cir.2000); Thygeson v. Bancorp, 2004 WL 2066746 (D. Or. 2004); Kelleher v. City of Reading, 2002 WL 1067442 (E.D. Pa. 2002). A company could adopt such a policy, which could be used as evidence that when the employee stored in the information, the employee was aware that she had no privacy interest in that electronic data and that the information no longer belonged to her.

It might also be helpful to require employees to acknowledge in writing that any information stored on a company computer belongs to the company and that they have no privacy interests in such information. The Thyroff decision did not indicate whether or not Northwest Mutual had such a policy in place. It is also not clear whether a court might conclude that whether or not there was a privacy expectation, the employee still had a property right in the information that could be enforced in an action for conversion. Nevertheless, a company’s litigation position would in all likelihood be strengthened by implementing and enforcing a policy regarding storage of personal data on company computers.

Tags:

Posted on April 26, 2007 9:13 AM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Search


About

This page contains a single entry from the blog posted on April 26, 2007 9:13 AM.

The previous post in this blog was Can You Protect Employee Privacy Rights While Protecting Company Security?.

The next post in this blog is An Overview of ISO 19770-1 Processes – Part 3 of 3.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Powered by
Movable Type 3.32