Tag Archive for AUP

| October 3, 2013
Comments Off on BYOD Could Land Employees in Jail

BYOD Could Land Employees in Jail

BYOD Could Land Employees in JailAgreeing to a BYOD policy could land an employee in jail. Courts can go after employee personal phones in litigation involving companies. Michael Kassner, an information security consultant told FierceMobileIT that employees could be dragged into civil or criminal litigation.

Agreeing to a BYOD policy could land an employee in jailEmployees could be required to give up their personal device to the courts or even have all the data on the device searched, with possible legal ramifications for the owner.  According to Mr. Kassner, “There is legal precedence involving e-discovery and plain-view doctrine that allows the seizure of evidence whether it is related to the case under investigation or not.” There are three possible legal scenarios involving BYOD, says Mr. Kassner who consulted with Tyler Pitchford, with the law firm of Brannock and Humphries.

The first scenario outlined in the article involves an employee who has signed a BYOD end-user license agreement, having his personal data wiped along with the corporate data. If the end-user agreement includes the clause enabling the wiping of all data on the personal device, the employee is out of luck.

Legal contractIn the above scenario we’re talking about a legal contract, which means if the employee signed the contract, he agreed to its terms, granting his employer the right to reset the employee’s phone,” comments lawyer Pitchford.

In the second scenario, the enterprise becomes involved in a civil lawsuit and a subpoena is issued for the employee’s smartphone. During the legal discovery process, sensitive personal information is publicly disclosed.

Since the employee co-mingled work and personal data, she has turned her smartphone into discoverable evidence …The employee can seek an order quashing the subpoena or an order sealing the discovered information, but that’s unlikely in this circumstance,” Mr. Pitchford observes.

DetectiveIn the third scenario brought up in the article, the employee’s company does business with a firm that is the subject of a criminal proceeding. Authorities issue a warrant for the employee’s phone because the employee has done work for the targeted firm. Incriminating evidence is found on the employee’s phone and the employee is now under criminal investigation.

Assuming the warrant is valid, then anything the government located in plain view within the scope of the warrant is admissible against the employee in another proceeding,” Mr. Pitchford notes.

Case lawMr. Kassner concludes: “Until case-law or new technologies decide which way the legal winds are blowing about BYOD, it might be in your best interest to avoid BYOD and its alluring convenience.

rb-

I am not a lawyer and you should consult your own legal counsel but as I have said this before – ummm Acceptable Use Policy?

Related articles

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| June 19, 2010
Comments Off on Supremes Rule on Sexting Case

Supremes Rule on Sexting Case

Supremes Rule on Sexting CaseOn Thursday (June 17, 2010) the U.S. Supreme Court ruled on the City of Ontario, California v. Quon case. I wrote about this sexring case earlier and its implications for corporate technology acceptable use policies (AUP).  The case involved the use of text pagers issued to officers by the city police department. The city issued the pagers for City use, under a general acceptable use policy. The officer in question consistently went over the allotted limit on messages which caused his supervisors to get stored text messages from the service provider. The City discovered that many of the messages were not work-related but were “sexting” or sexually explicit personal text messages. The officer claimed that the search violated the Fourth Amendment.

The Supreme Court ruled unanimously that the police department’s actions were reasonable, and thus did not violate the constitutional rights of the police officer. Justice Kennedy’s opinion ruled narrowly, to avoid a final definition of electronic privacy.

Prudence counsels caution before the facts, in this case, are used to establish far-reaching premises that define the existence, and extent, of privacy expectations of employees using employer-provided communication devices. Rapid changes in the dynamics of communication and information transmission are evident not just in the technology itself but in what society accepts as proper behavior. At present, it is uncertain how workplace norms, and the law’s treatment of them, will evolve.

According to the Center for Democracy & Technology (CDT), the Supreme Court faced an opportunity to curtail workplace privacy (or electronic privacy generally) in this case. However, the Court applied the O’Connor v. Ortega (1987) precedent, that government employees generally retain their Fourth Amendment privacy rights, and it assumed that government employees may have a reasonable expectation of privacy even in communications they send during work hours on employer-issued devices.

The CDT says the message to government employers is that the courts will continue to scrutinize employers’ actions for reasonableness, so supervisors have to be careful. Unless a “no privacy” policy is clear and consistently applied, an employer should assume that employees have a reasonable expectation of privacy and should proceed carefully, with a good reason and a narrow search, before examining employee emails, texts, or Internet usage.

rb-
As we always try to tell our clients, make sure that there is a clear statement of no privacy in all policies and policy enforcement actions and as part of their policies, companies should discourage employees from using personal accounts to conduct company business.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
| May 8, 2010
Comments Off on SCOTUS Look At Texting and Sexting

SCOTUS Look At Texting and Sexting

SCOTUS Look At Texting & SextingThe U.S. Supreme Court recently heard oral arguments in the sexting case City of Ontario, Ontario Police Department, and Lloyd Scharf v. Jeff Quon, et al.  According to the Workplace Privacy Data Management & Security Report by the legal firm of Jackson|Lewis, this case highlights the effects new technologies continue to have on workplace privacy issues.

Sexting messages

One issue the Court will consider is whether a California police department violated the privacy of one of its officers when it read the personal “sexting” messages on his department issued pager. The U.S. Court of Appeals for the Ninth Court sided with the police officer and ruled that users of text messaging services “have a reasonable expectation of privacy” regarding messages stored on the service provider’s network.

Police Sgt. Jeff Quon, his wife, his girlfriend, and another police sergeant filed the original suit. The suit started after one of Quon’s superiors audited his messages and found that many of them were sexually explicit “sexting” and personal. Among the defendants were the City of Ontario, the Ontario Police Department, and Arch Wireless Operating. Co. Inc. Plaintiffs sought damages for alleged violation of their privacy rights.

Arch Wireless contracted with the employer, the City of Ontario, California, to provide text-messaging services using pagers. The City distributed the pagers to various employees. The employees signed an “Employee Acknowledgment” of the City’s general “Computer Usage, Internet, and E-mail Policy.”

The policy stated that the City reserved the right to “monitor and log all network activity including e-mail and Internet use, with or without notice.” The policy also stated that “[u]sers should have no expectation of privacy or confidentiality when using these resources.” Quon also attended a meeting during which a police Lieutenant stated that pager messages “were considered e-mail and that those messages would fall under the City’s policy as public information and eligible for auditing.”

A certain number of characters each month were allocated to each pager per month, Quon exceeded his allotment on several occasions. The Lieutenant attempted to determine whether the overages were business-related and obtained transcripts of text messages for the employees with overages. After auditing the transcripts provided by Arch Wireless the matter was referred to the City’s Internal Affairs agency. Where it was determined that Quon exceeded his monthly character allotment and many of his messages were personal and not business-related.

Court rulings

The case went to trial and the jury ruled in favor of the employer. The plaintiffs appealed the ruling. The Court of Appeals ruled that the plaintiff had a reasonable expectation of privacy in the text messages. The Court held that he had a reasonable expectation of privacy because the City:

  • Had a practice of not reviewing the messages if employees paid the overage charges.
  • Did not review Quon’s messages even though he exceeded the character allotment several times.

Significantly, the author points out, the court held that the City’s practice trumped its own written policy, its employees’ acknowledgments that they had no privacy interest in electronic communications and its statements in staff meetings that it viewed text messages as e-mail.

no-privacyAmong the issues the Supreme Court will look at in this case is whether the Department’s official “no-privacy” policy conflicts with its informal policy of allowing some personal use of pagers according to the blog. The blog says that this area of the law remains unsettled.

They recommend a well-drafted policy to lower an employee’s expectation of privacy when using employer owned equipment. The law firm cites estimates that 100 million people will use text messages in 2010 and recommends that employers be ready with comprehensive computer and electronic equipment usage policies. Further, the firm says it is critical that:

  • Practices and policies are consistent.
  • Policies reflect current technologies.
  • Employees acknowledge receiving and reviewing policies and procedures, particularly when introducing new technologies.

While this case involves a public sector entity, its outcome is likely to affect electronic communications policies and practices across the country, whether by public or private employers.

rb-

While I’m no lawyer, the biggest message out of this case and one out of New Jersey, which I noted earlier are policies need to be clear and consistent to be enforceable. In the New Jersey case, The court found the company’s policy on email use to be vague, noting it allows “occasional personal use.” The issue in the CA case seems to be the conflict between official policy and informal policy.

Some of the policy suggestions we make to clients include:

  • Have senior management and legal counsel make policy
  • Update the policy often
  • Reduce expectation of privacy
  • Distribute the policy to employees at regular intervals
  • Specify who can change policy in the policy
  • Train managers about the policy
  • Specify that company equipment be used only for business communications
  • Do not allow third-party emails.

Of course don’t forget the example Kwame Kilpatrick

SCOTUS Look At Texting & Sexting

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , ,
| September 26, 2008
Comments Off on 25% of Workers’ Time On Internet Is Personal

25% of Workers’ Time On Internet Is Personal

25% of Workers' Time On Internet Is PersonalSlashdot has a post about employee use and abuse of corporate Internet access, from Voco, an IT consultancy. While network abuse is not a new issue, (I worked on Acceptable Use Policies in 2000), some of the firm’s findings show the change in the size of Acceptable Use Policies (AUP) violations.

According to Voco’s data, for example, many of the pre-release downloads of the movie Hellboy: The Golden Army were over corporate networks. Voco points out that not only does this consume bandwidth meant for business; it also opens up corporate networks to spyware, adware, and other challenges for network security. And, of course, it could pose a legal issue for the company in question as well. “If investigators were tracking who was downloading, then the company address would turn up and the company would be the one facing legal implications,” Voco consultant Paul Hortop said in a statement.

The age-old challenge for firms is to balance staff “personal” and “corporate” use of the resources. Mr. Hortop asks, “Is it more time-efficient to let staff do their banking online than having them leave the office for half an hour?”

This is not a new issue, a CNN poll in 2005 found that 93% of all US employees admitted to using their employer’s Internet access for personal reasons as well as business ones, and 52% said they would rather give up coffee than their Internet connections at work.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,