United States: Employers Need Policies On Searching Worker Smartphones

Suhaill Morales' article "Employers Need Policies on Searching Worker Smartphones" was featured in Daily Business Review on August 26, 2015.

In the wake of NFL quarterback Tom Brady destroying his cell phone in the midst of the NFL Deflategate investigation, the incident took a turn from sports scandal into a question of workplace privacy.

Brady's subsequent comment about how his employer should respect his "rights as a private citizen" also brought to light the issue of whether an employee's personal cell phone is truly private. So can an employer legally search through its employees' personal cell phones? Well, it depends mostly on the employer's written policies.

In June 2014, the U.S. Supreme Court ruled in Riley v. California that police officers violate the Fourth Amendment if they conduct a warrantless search of a smartphone seized during an arrest. The court stated that "modern cell phones, as a category, implicate privacy concerns far beyond those implicated by the search of a cigarette pack, a wallet or a purse." This is largely due to the quantity of data that can be stored on the device and the nature of that information.

As the court pointed out, even 16 gigabytes of memory, which is standard on most of today's smartphones, "translates to millions of pages of text, thousands of pictures or hundreds of videos."

Although the Fourth Amendment rarely applies to private employers, the Supreme Court's decision remains important for employers whose workplace searches may include personal cell phones that are part of a bring-your-own-device program, which allows employees to use their personal devices for work. While these programs seem like a good idea for employer and employee, they also present a number of risks for both.

In the article, Suhaill provides employers with several steps they should take immediately in light of the decision in Riley:

• Develop company policies to confirm ownership of business-related information and data in all formats. Additionally, explain the right to access and protect this information and data, even if found on an employee's personal cell phone.
• Review and revise generic workplace search policies as they would likely be inapplicable to justify a search through an employee's personal cell phone.
• Require the installation of security software that requires the use of passwords, permits location of lost devices, and allows for remote wiping (deletion) of all data on the device.
• Address permitted or prohibited uses of company-issued devices and, conversely, the use of personal devices for business.
• If you currently have a bring-your-own-device policy, consider whether the company may be better protected by issuing cell phones and other devices to certain employees.
• Implement contracts, policies and procedures regarding confidentiality, nondisclosure and return of property upon separation.

To read the full article, please visit DBR.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.