Do you have the right to view messages sent by employees using company equipment? What about if those messages are stored on the network of a service provider, such as Gmail? Do you still have the right to view them? Yup, you probably do, but there could be some hidden pitfalls.

Last year, the U.S. Ninth Circuit Court of Appeals decided that a wireless service provider which provided a copy of a person’s text messages to his employer had violated his Fourth Amendment rights – despite the fact that it was the employer that held the contract with the service provider. The Court’s decision can be viewed here.

The background to the case was as follows. The city of Ontario issued pagers to its employees, including police officer Jeff Quon. The city’s contract with Arch Wireless, the service provider, enabled each pager to send and receive 25,000 characters per month after which excess usage charges applied. The city had in place a computer and email policy which stated:

The use of City-owned computers and all associated equipment, software, programs, networks, Internet, e-mail and other systems operating on these computers is limited to City of Ontario related business. The use of these tools for personal benefit is a significant violation of City of Ontario Policy.

The policy was, however, not applied consistently. According to Quon, he was informed by the person in charge of the pagers, Lieutenant Drake, that his messages would not be audited so long as he paid the excess usage charges, which he did on a number of occasions. The Court decided that, as a result of this, Quon had a reasonable expectation of privacy which was violated when the City of Ontario subsequently decided to audit his messages and obtained copies of them from Arch Wireless. The Court did, however, make clear that the decision would have been different had Ontario’s policy been an operational reality. Ontario asserted that, “because Lieutenant Duke was not a policymaker, his informal policy could not create an objectively reasonable expectation of privacy.” But the Court held:

That Lieutenant Duke was not the official policymaker, or even the final policymaker, does not diminish the chain of command. He was in charge of the pagers, and it was reasonable for Quon to rely on the policy — formal or informal — that Lieutenant Duke established and enforced.

While this case may not have particularly wide ranging implications (the Fourth Amendment only protects people from unreasonable searches by Government agencies, not private individuals or businesses), it nonetheless highlights the importance of implementing policy as written. Businesses need to ensure that their Internet and email policies are properly communicated to all employees and that managers are aware that they must not create exceptions as doing so can have unforeseen consequences.