Continuing our previous discussion on U.S. Supreme Court case on a data privacy issue related to whether or not an
employee has a reasonable expectation of privacy for personal messages
sent on devices owned by an employer, we have to ask, does it matter that employees know that personal information will be captured and monitored by employers? If a person who is a member of a golf club speaks too loudly in the club restaurant and is overheard by others, that person has no one else to blame if that information is used to cause negative consequences. Just as the loud speaker could have spoken more softly as well as more carefully, so a user of electronic communications tools should recognize that others may see what he or she regarded as private. So logically, a user of an electronic communications channel may very well want to assume that any communications that are made could very be made public.
That does not mean that personal communications would necessarily be exposed. A business may or may not choose to search the data. For example, data on a desktop that is used at home for at least some business use may be protected by being backed up to remote storage and the employer may pay for the protection. In the process, personal information may also be protected. The employer may be protecting the data only so that it can be restored in the case of an emergency and never plans to look at it. However, by residing within the company's data repository that information could be included in an eDiscovery request.
A more typical case is that an authorized representative scans the information that has been collected so that the organization can meet any requirements for knowing what data is available and where it is located. This scan could be made with software, but the analytical capabilities of software are nowhere close to what visual inspection can reveal. Though this statement drifts into speculation, it would seem that both the capture (i.e., scan) of the data and the visual inspection of the data are reasonable.
But how can personal data revealed in this way be appropriately used? Assume that no illegal or otherwise unsavory behavior is revealed in a communication. Still, the examiner of the personal data, which may be an employee's supervisor, unavoidably brings his or her belief system and value judgments to the table in examining these communications. The employer's examiner may form an opinion that the personal communication is morally reprehensible, reflects inappropriate political opinions, or is some other way unacceptable. That may result in direct or indirect consequences for the employee. For example, termination for an employee who admitted smoking in a company that does not tolerate smoking would be a direct consequence. Indirect consequences may be more difficult to prove but could have negative connotations, such as denial of a promotion or unpleasant work assignments.
Although the exposure of what an employee would have liked to keep private is undesirable to the employee, the employee could have avoided the consequences in one of two ways. The first is to exercise discretion and caution in communications that the employee knows may be examined by others, such as a supervisor. The second is to choose channels of communication that are not the responsibility of or captured by the employer. Although, as we have seen that some personal communications may be appropriately commingled with business communications, that does not mean that the individual does not have access to alternative communication channels such as personally buying a cell phone that uses a different carrier than the cell phone used for business. Even though the worker could use such a device for business purposes -- such as calling in sick -- that is not its typical use.