According to the California Supreme Court, public employees’ communications about official agency business may be subject to California Public Records Act (CPRA). This extends to communications on personal computers, smartphones, tablets, etc…
While this is a case involving a public sector employer and the CPRA, I foresee that it may – and sooner than later — be relevant to private sector employers and “bring your own device” policies (more on those here), as well as private sector employees’ privacy interests.
Shifting toward a device-centric workplace
We are living in an increasingly device-centric world and the case at hand focuses on how laws, originally designed to cover our old way of doing business – on paper – must evolve with the current methods of electronic communication. As many of us experience in our own lives, thanks to smartphones that allow you to check in from anywhere at anytime, not all employment-related activity occurs during a conventional workday, or in an employer-maintained workplace.
The issue the Court considered was a narrow one: Are writings concerning the conduct of public business beyond CPRA’s reach merely because they were sent or received using a nongovernmental account?
The Court’s answer: No.
To arrive at this conclusion, the Court dissected the text of the CPRA. “We begin with the term “public record,” which CPRA defines to include “any writing containing information relating to the conduct of the public’s business prepared, owned, used, or retained by any state or local agency regardless of physical form or characteristics.” (§ 6252, subd. (e); hereafter “public records” definition.) Under this definition, a public record has four aspects. It is (1) a writing, (2) with content relating to the conduct of the public‟s business, which is (3) prepared by, or (4) owned, used, or retained by any state or local agency.
The crux of the issue (apart from “writing”) was whether emails and texts on personal devices were “prepared by, or (4) owned, used, or retained by any state or local agency.”
According to the court, documents otherwise meeting CPRA’s definition of “public records” do not lose this status because they are located in an employee’s personal account. A writing retained by a public employee conducting agency business has been “retained by” the agency within the meaning of section 6252, subdivision (e), even if the writing is retained in the employee’s personal account.
The Court did offer some limitations as to what type of information the public could actually obtain, noting that to qualify as a public record under CPRA, at a minimum, a writing must relate in some substantive way to the conduct of the public’s business. As you might agree, this standard is quite broad, leaving wriggle room for decisions down the road.
To be fair, this type of watchful eye approach is very much lawful and alive and well within the private sector. Generally speaking, employers have broad stroke access to communications, personal or work-related, sent by employees on company devices, including laptops and smartphones. The court has found, for example, that an employee’s personal e-mails to her attorney were not private because they were sent from a work computer. The employer had previously advised the employee that e-mails sent from that computer were not private and were accessible by the employer. Even though a communication to an attorney is normally protected by attorney-client privilege, the e-mails lost their privileged status when a work computer was used and the employer had an established policy that they weren’t private.
In other words, private sector employees should not expect the email messages they send at work to remain private, as courts usually side with the employer when it comes to email privacy. Employers should be certain that their employment policies contain language to this point. Indeed, California employers with Bring Your Own Device programs would be well-advised to ensure there are ways to capture work-related communications. Discovery “holds” may extend to data on these devices, when the employer knows they are in use for business reasons.
For more information on how to approach our BYOD age, contact experienced business attorney Drew E. Pomerance today.