Embed Size (px)
Citation preview
Employee Internet Policies for
Government
Government Educator
February 17, 2011
Robert D. Brownstone, Esq.
© 2011
THESE MATERIALS ARE MEANT TO ASSIST IN A GENERAL UNDERSTANDING OF CURRENT LAW AND PRACTICES.
THEY ARE NOT TO BE REGARDED AS LEGAL ADVICE.
THOSE WITH PARTICULAR QUESTIONS SHOULD SEEK ADVICE OF COUNSEL.
Audio Conference
EIM
GR
OU
P© 2
I. INTRO – THE MODERN LANDSCAPE
Strange Things (Prospective) Employees Memorialize
II. SOCIAL-MEDIA/SOCIAL-NETWORKING/WEB-2.0
Individual; and Government/Employer-Sponsored
III. “MONITORING” ELECTRONIC ACTIVITIES
Some Justifications & Some Countervailing Concerns
IV. INVESTIGATING & TRACKING VIRTUAL CONDUCT
?“Off-Duty”? (Web) Activities
V. IMPLEMENTING LEGALLY-COMPLIANT AND DEFENSIBLE POLICIES (time permitting)
Compliance Basics
Outline/Agenda
EIM
GR
OU
P© 3
Modern additional concerns:
Ever-expanding universe of forums
MANY more ways to expose information
Everyone can be a publisher
Personnel matters play out in public
E.g., Joseph Plambeck, Washington Post Suspends Columnist for Twitter Hoax, NYT (8/31/10)
I. INTRO – OurDigital World
EIM
GR
OU
P© 4
Technology-Acceptable-Use Policy (TAUP) =
No-Expectation- of-Privacy Policy (NoEPP)
Many SAMPLES linked off Appendix B
TWO KEYS TO DEFENSIBLE POLICIES:
POLICY CONTENTS
CONSISTENT ENFORCEMENT
I. INTRO – OurDigital World
EIM
GR
OU
P© 5
I. Liability Evidence –“Smoking Gun” Messages
Strange Things People Memorialize
• “Multiple Audiences” Test
• “Green Eggs ‘N’ Ham”
• “Nine Lives of Email”
• Damaging E-mails – “Jokes,” Affairs, etc.
• Texting
Quon Officer – Slides 34-38 & 45 below
Ex-Detroit Mayor Kwame Kilpatrick’s 1,000’s of texts on city-issued pager
8/28/09 NELI White Paper, App. H, at H-1 (.pdf p.168)
EIM
GR
OU
P© 6
6
Many articles and press reports available on request from presenter
In e-mail attachments but also . . .
Public agency risks incl. publicly posted:
Agenda or Minutes
Ordinance or Legislative Bill
Bidding Documents
I. Smoking Guns (c’t’d) –Damaging Metadata
EIM
GR
OU
P© 7
I. Embedded DataSmoking Guns (c’t’d)
MANY famous public entities bitten by cobra of embedded data
UN (Lebanese PM assassination),
British PM’s Office (“Downing Street Memo”)
Social Security Administration
California AG’s Office, etc., etc.. . .
Redaction SNAFU’s by agencies, courts, prosecutors, etc. . . . .
EIM
GR
OU
P© 8
II. Social-Media/Web 2.0/UGC
Now . . . bigger universe of web activities [some via F&W clients ]
EIM
GR
OU
P©
II. Web 2.0 – “Saying, Socializing & Sharing”
9
Per Palo Alto Networks (PAN), Application Usage and Risk Report (6th Ed. Oct. 2010) <http://www.paloaltonetworks.com/researchcenter/reports/> . . .
Live customer traffic @ > 700 orgs. (not survey):
• “Saying” – IM and personal webmail
90% of the time
• “Socializing” apps – social-networking
96% of the time
• “Sharing” – P2P and browser-based
> 80% of organizations
21% of overall bandwidth
EIM
GR
OU
P©
II. Web 2.0 –Socializing (c’t’d)
10
76%
79%
85%
93%
96%
20% 40% 60% 80% 100%
Facebook apps
Myspace
Top 5 Socializing Applications Found
10
EIM
GR
OU
P© 11
II. Social-Media/Web 2.0 (c’t’d)
Facebook surpassed Google in user minutes in August 2010
PROS:
• Per PAN Report (cited in Slide 9 above):
Responsiveness
Rich research
• Transparency
• Networking
EIM
GR
OU
P© 12
II. Social-Media/Web 2.0 (c’t’d)
PROS (c’t’d)
Employers’ tech toolbox growing:
• Teneros’ Social Sentry enables employers to look at employee’s public posts
<http://bits.blogs.nytimes.com/2010/03/26/keeping-a-closer-eye-on-workers-social-networking/>
• PAN’s firewalls can switch Facebook to read-only mode
<http://www.readwriteweb.com/enterprise/2010/06/read-only-facebook-coming-to-y.php>
EIM
GR
OU
P© 13
II. Social-Media/Web 2.0 (c’t’d)
CONS
Web-capture software
Wayback Machine (Internet Archive)
And, especially . . . public tweets
Matt Raymond, How Tweet It Is!: Library [of Congress] Acquires Entire Twitter Archive, Library of Congress Blog (4/14/10)
Jeffrey Rosen, The Web Means the End of Forgetting, NYT (7/19/10)
Ever-changing privacy settings
EIM
GR
OU
P©
II. Privacy?! (c’t’d)
TAG . . . . You’re it . . . .
See ARMA, EU Investigates Facebook, Google Tagging, Info. Mgmt. (July-Aug 2010)14
EIM
GR
OU
P© 15
II. Social-Media/Web 2.0 (c’t’d)
Privacy Settings (c’t’d)
7 Things to Stop Doing Now on Facebook, Consumer Reports (5/12/10) <http://finance.yahoo.com/family-
home/article/109538/7-things-to-stop-doing-now-on-facebook>
ReclaimPrivacy Launches Facebook Privacy Settings Tool – Privacy – Info. Week, Future Lawyer (5/18/10) <http://futurelawyer.typepad.com/futurelawyer/2010/05/reclaimprivacy-launches-facebook-privacy-settings-tool----privacy----informationweek.html>, linking to:
<http://www.informationweek.com/shared/printableArticle.jhtml;jsessionid=U2HRT2FBVRZKLQE1GHOSKHWATMY32JVN?articleID=224900113>; and
the tool itself at <www.reclaimprivacy.org/>
EIM
GR
OU
P© 16
II. Social-Media/Web 2.0 (c’t’d)
CONS:
• INCOMING!
Threats cited by PAN; Md. Legislature situation, etc.
• OUTBOUND!
Ex: Recent Facebook/Farmville breach
Jared Newman, Facebook's Privacy Breach: What You Need to Know, PC World (10/18/10) <www.pcworld.com/printable/article/id,208135/printable.html>
• See generally this list and that list
• Search-ability keeps increasing . . .
EIM
GR
OU
P© 17
Following Internet Trail
II. Search-abilityEver-Increasing
EIM
GR
OU
P© 18
II. Search-ability Example
EIM
GR
OU
P© 19
II. Web 2.0 Risks (c’t’d) –Intentional Conduct
One key issue = (ostensible) authority to speak on behalf of gov’t re: work-related matter
Also: Direct misuse of confidential information to harm (ex-)employer
EIM
GR
OU
P© 20
Intentional “whistleblower” leaks, i.e. “Wikileaks”
250,000 diplomatic cables from 1966 on . . . <http://www.time.com/time/world/article/0,8599,2034276,00.html >
92,000 reports as to Afghanistan war <wikileaks.org/wiki/Afghan War Diary, 2004-2010>
N.Y. Times, Piecing Together the Reports, and Deciding What to Publish (7/25/10) <nytimes.com/2010/07/26/world/26editors-note.html?pagewanted=print>
Also <washingtonpost.com/wp-dyn/content/article/2010/07/26/AR2010072602084 pf.html>
II. Web 2.0 Risks (c’t’d) –Intentional Conduct (c’t’d)
EIM
GR
OU
P© 21
Tresa Baldas, Lawyers warn employers against giving glowing reviews on LinkedIn, Nat’l L. J. (7/6/09) <www.law.com/jsp/nlj/PubArticleNLJ.jsp?id=1202432039774>
II. IntentionalConduct (c’t’d) –
EIM
GR
OU
P© 22
eDiscovery Case-law emerging. Exs: Romano v. Steelcase, 907 N.Y.S. 2d 650, at *5 (N.Y. Sup. 9/21/10)
<courts.state.ny.us/Reporter/3dseries/2010/2010 20388.htm>
McMillen v. Hummingbird Speedway, Inc., No. 113-2010 CD (Pa. C.P. Jefferson Cty. 9/9/10) <ediscoverylaw.com/uploads/file/McMillen%20v%20Hummingbird%20Speedway.pdf>
Barnes v. CUS Nashville, LLC, [d/b/a Coyote Ugly Saloon], 2010 WL 2265668 (M.D. Tenn. 6/3/10) <https://ecf.tnmd.uscourts.gov/doc1/16911303989>
Crispin v. Christian Audigier, Inc., No. CV 09-09509 MMM (JEMx) (C.D. Cal. 5/26/10) <ecf.cacd.uscourts.gov/doc1/031110245153>
U.S. v. Phaknikone, 605 F.3d 1099, 1107 (11th Cir. 5/10/10) <ca11.uscourts.gov/opinions/ops/200910084.pdf>
Nguyen v. Starbucks Coffee Corp., 2009 WL 4730899 (N.D. Cal. 12/7/09) <https://ecf.cand.uscourts.gov/doc1/03516287723>
Mackelprang v. Fidelity National Title Agency of Nevada, Inc., 2007 U.S. Dist. LEXIS 2379 (D. Nev. 1/9/07) <https://ecf.nvd.uscourts.gov/doc1/11511167020>
II. Social-MediaIn Discovery
EIM
GR
OU
P© 23
II. Government-Sponsored Sites – Reasons/Drivers
NASCIO, A National Survey of Social Media Use in State Gov’t (9/28/10)<nascio.org/publications/documents/NASCIO-SocialMedia.pdf>
EIM
GR
OU
P© 24
II. Government-Sponsored Sites – Major Concerns
“employee access account management acceptable use employee conduct content security legal issues, and citizen conduct”
NASCIO, A National Survey of Social Media Use in State Gov’t (9/28/10)<nascio.org/publications/documents/NASCIO-SocialMedia.pdf>
CTG, Designing social media policy for gov’t: Eight essential elements (5/12/10) <ctg.albany.edu/publications/guides/social media policy/social media policy.pdf>
EIM
GR
OU
P© 25
II. Gov’t-Sponsored Social-Media Sites
Terms of Service (TOS) Amendment Issues:
FEDERAL
Terms of Service Agreements: GSA Paves the Way for Government Use of New Media (Oct. 2010)(35 providers), linking to Model Agreement
STATE & LOCAL (@ 1/5/11):
Facebook, Amended Pages Terms for State & Local Governments in the United States
NASCIO and Attorneys General Negotiate Model Facebook Agreement for State Government Use
EIM
GR
OU
P© 26
II. Gov’t-Sponsored Social-Media Sites
TO LEARN MORE: <www.ctg.albany.edu/publications/guides/social media policy>
<https://forum.webcontent.gov/?page=TOS agreements>
<https://forum.webcontent.gov/?page=TOS TYagencyPOCs>
<http://www.atg.wa.gov/pressrelease.aspx?id=27120>
<http://gcn.com/articles/2011/01/06/facebook-removes-barriers-to-state-and-local-agency-participation.aspx>
EIM
GR
OU
P© 27
II. Gov’t Social Media (c’t’d)
See how de rigeur tweets have become for legislators, committees, etc.
Congressional Research Service, Social Networking and Constituent Communications: Member Use of Twitter During a Two-Month Period in the 111th Congress (2/3/10) <http://assets.opencrs.com/rpts/R41066 20100203.pdf>
Guidelines for Secure Use of Social Media by Federal Dep’ts and Agencies, v1.0, Fed. CIO Council (9/17/09)<www.cio.gov/Documents/Guidelines for Secure Use Social Media v01-0.pdf>
Government Domain: Tracking Congress 2.0, LLRX (8/31/09) <www.llrx.com/columns/govdomain42.htm>
Cf. Sensei Enterprises, PENTAGON OKS SOCIAL-MEDIA ACCESS, Bytes in Brief (4/4/10)
<senseient.com/publications/bytes/html/april 2010.html> (linking to <www.defense.gov/NEWS/DTM%2009-026.pdf>)
EIM
GR
OU
P© 28
II. Gov’t Web 2.0 (c’t’d) –“Off-Duty” Posts
Current Employees’ Personal Postings
Teachers, Police, etc. 8/28/09 White Paper, at p. 77
(.pdf p. 83), footnote 332
Marine’s “Tea Party” Facebook Page Marine's Anti-Obama Facebook
Comments Fuel Free Speech Debate, Huffington Post (4/15/10) <www.huffingtonpost.com/2010/04/15/marine-gary-stein-antioba n 538875.html>
Jeanette Steele, Pendleton Marine back on Facebook, S.D. Union–Tribune (4/14/10) <signonsandiego.com/news/2010/apr/14/bn14steinfolo/>
EIM
GR
OU
P© 29
II. Gov’t Web 2.0 (c’t’d) –Lobbyists’ Texting
What about legislators on floor getting pinged on smartphones/PDA’s by lobbyists?
Heather Knight, S.F. mayor seeks texting limit at city meetings, S.F. Chron. (3/10/10) <www.sfgate.com/cgi-
bin/article.cgi?f=/c/a/2010/03/10/MNRI1CDC7F.DTL&type=printable>
Nancy Scola, California Reformers Struggle Against Lobbyist-to-Lawmaker Texting, Personal Democracy Forum (3/3/10) (quoting S.J. Merc. News article)
(“[s]eparately, the San Jose City Council . . . unanimously approved a policy . . . . requir[ing] council members to disclose communications received on their personal e-mail or cell phones during meetings — either from lobbyists or from others with a financial interest in the matter under discussion”) <techpresident.com/blog-entry/california-reformers-struggle-against-lobbyist-lawmaker-texting>
EIM
GR
OU
P© 30
© Native Intelligence 2001
Maintain and track workers’ productivity
Network security – viruses, worms & malware, OH MY! – phishing/whaling, P2P…
Direct claims based on breaches and/or leaks
Third parties’ claims (e.g., harassment) based on employee’s conduct/postings
III. General “Monitoring” –Risks as Justifications
EIM
GR
OU
P© 31
Co-workers’ (or third parties’) claims. Ex:
“Guns Don’t Kill People. Dangerous Minorites [sic] Do.”
“[A]dults can't speak proper English or spell at a 3rd grade level, but they can sing among 'theyselves' to lyrics of a rap song.”
Complaint in Guardian Civic League v. Philadelphia Police Department(E.D. Pa. 7/15/09) linked from <http://Philly-Sgt-7-15-09.notlong.com>
III. Risk-Management andOther Reasons (c’t’d)
EIM
GR
OU
P© 32
III. Monitoring –Justifications
Protecting Individuals’ Personally Identifiable Information (PII):
States’ notice-of-breach and other anti-identity-theft statutes <www.ncsl.org/IssuesResearch/TelecommunicationsInformationTechnolog
y/SecurityBreachNotificationLaws/tabid/13489/Default.aspx>
<www.consumersunion.org/campaigns//financialprivacynow/002215indiv.html>
> 40 apply to private sector
> 13 of those apply to public sector too (Alaska, Cal., DC. Ill., Ind., Md., Mich., NC, NY, NJ, Nevada, OK, Wash.)
EIM
GR
OU
P© 33
On whole, same rules applicable to employees’ “reasonableness” arguments in Constitutional, statutory & common law
REMEMBER TWO KEYS:
• POLICY CONTENTS
• CONSISTENT ENFORCEMENT
See Quon v. Arch Wireless Op. Co., 554 F.3d 769 (9th Cir. 1/27/09) (“Quon II)”<www.ca9.uscourts.gov/datastore/opinions/2009/02/06/0755282o.pdf>,
reversed, 130 S. Ct. 2619 (6/17/10) <http://www.supremecourt.gov/opinions/09pdf/08-1332.pdf>
III. Monitoring’s Legality –Recent Highlights
EIM
GR
OU
P© 34
III. Monitoring (c’t’d) – USSC RECENT KEY DECISION
Quon II (9th Cir.)
Employer let “operational reality” trump old, unrevised policy language
SCA violation for pager service provider to disclose City employee’s text messages to City/employer
U.S. Sup. Ct. granted cert. – and ultimately reversed – only on 4th Amendment “expectation of privacy” violation
Practical tips . . .
EIM
GR
OU
P© 35
III. Monitoring (c’t’d) –USSC in Quon (c’t’d)
Quon – “Super Six” Takeaways
• 6. CLEAR policy covering all info. created, stored, received or transmitted on or by any system or device provided by the employer.
• 5. Decide whether to extend to all devices supported by or costs reimbursed by employer and make the scope clear to all
EIM
GR
OU
P© 36
III. Quon “Super Six”Takeaways (c’t’d)
4. Specify all employer rights, including to:
• monitor;
• search;
• access;
• inspect; and
• read
EIM
GR
OU
P© 37
III. Quon SuperSix (c’t’d)
3. Be realistic re: “personal use” – strongly consider “limited” or “incidental” exception with carve-outs for illegal, dilatory or unethical activity:
2. Train new employees and managers – and periodically retrain/remind experienced ones – re: key TAUP provisions, especially NoEPP
1. Periodically – every 2-3 years? – review, (and maybe revise) TAUP so it’s:
• consistent with actual practices; and
• up-to-date as to current technology, e.g., smartphones and social networking sites
EIM
GR
OU
P© 38
III. TAUP/NoEPP (c’t’d) –Privacy Expectations (c’t’d)
Aside from some 1st and 4th
Amendment claims, typically courts support employer
BUT 2 potential exceptions even in private sector case law:
• examining locally-stored files impinging on an employee’s attorney-client (a/c) privilege; OR
• illicitly obtaining password and accessing content in personal account or site
EIM
GR
OU
P© 39
III. Privacy Expectations –A/C Privilege – Split (c’t’d)
MOST RECENT DECISION: Holmes v. Petrovich, C059133 (Cal. App. 3 Dist.
1/13/11) <courtinfo.ca.gov/opinions/documents/C059133.PDF>:
Communications sent via work email system NOT confidential because employee:
knew of company TAUP as to no personal use
warned that company would monitor
warned of NOEP
“[A]kin to consulting her lawyer in her employer’s conference room, in a loud voice, with the door open, so that any reasonable person would expect that their discussion of her complaints about her employer would be overheard by him.”
EIM
GR
OU
P©III. A/C Privilege vs.
TAUP/NOEP (c’t’d)
PRACTICAL TIPS
• Policy language
• Investigation protocol
TO LEARN MORE
• Lists of links to articles/decisions available
• Look for Bloomberg Law Reports article
40
EIM
GR
OU
P© 41
III. Overreaching (c’t’d) –ECPA Intrusions
Avoid unauthorized intrusions into employees’ personal Web 2.0 pages, passwords and/or e-mail
Violates ECPA Title I (Wiretap) or Title II (SCA) Pietrylo v. Hillstone Rest. Group d/b/a Houston's, 2009 WL
3128420 (D. N.J. 9/25/09) (MySpace group page; SCA) <www.employerlawreport.com/uploads/file/Opinion%209-25-09.pdf>
Brahmana v. Lembo, 2009 WL 1424438 (N.D. Cal. 5/20/09) (e-mail; Wiretap) <http://op.bna.com/pl.nsf/id/dapn-7sfhhx/$File/brahmana.pdf>
Van Alstyne v. Electronic Scriptorium, Ltd., 560 F.3d 199 (9th Cir. 3/18/09) (e-mail; SCA) <http://pacer.ca4.uscourts.gov/opinion.pdf/071892.P.pdf>
EIM
GR
OU
P© 42
Guard Publ’ng Co. d/b/a Register-Guard v. NLRB (D.C. Cir. 7/7/09)
Selective enforcement of e-mail policy’s no-solicitation rule = unlawfully discriminatory
Cf. AFSCME Local 575 v. PERB; L.A. Cty. Sup. Ct., No. B211910 (Cal. App. 2 Dist. 6/10/09) (denying petition re: PERB Dec. No. 1979-C, 32 PERC ¶ 151)
NEW! NLRB, Complaint alleges Connecticut company illegally fired employee over Facebook comments(11/2/10) <mynlrb.nlrb.gov/link/document.aspx/09031d45803c4e5e>
Takeaways?
Avoid fine distinctions?
Track rejections of personal use?
III. Another Concern –Union Activity
EIM
GR
OU
P© 43
Following Trail (c’t’d)
“Drunken Pirate” in Snyder v. Millersville Univ., No. 07-1660, 2008 WL 5093140 (E.D. Pa. Dec. 3, 2008) <voices.washingtonpost.com/securityfix/Decision%202008.12.03.pdf>
Weak “expectation of privacy” argument
Traditional labor law concepts
For articles comprising barometer re: employers, contact the presenter
IV. Investigations & Checks (c’t’d)
EIM
GR
OU
P© 44
Workplace & Personal Searches
Reasonable expectations standard
More complicated for public employers Quon II [9th Cir.] majority & dissent disagreed
Dissent accused Majority of inaptly applying “less intrusive means” standard
Disagreement on whether search was “special needs” or “investigatory”
Interpretations varied of the factual record as to the breadth of uses to which officers supposed to put pagers
IV. Searching and Tracking Employees
EIM
GR
OU
P© 45
IV. Searching and TrackingPhysical & Virtual Conduct
Video Surveillance• Invasion-of-Privacy Concerns . . .
<http://dilbert-surveillance.notlong.com>:
• 2009 Cal. intrusion decision an anomaly? Hernandez v. Hillsides, Inc., 47 Cal. 4th 272,
211 P.3d 1063, 97 Cal. Rptr. 3d 274 (Cal. 8/3/09)<http://caselaw.lp.findlaw.com/data2/californiastatecases/S147552.PDF>
EIM
GR
OU
P© 46
IV. Video Surveillance (c’t’d) –Recent Developments
10/20/09 Metrolink “trainmen” file suits
10/21/09 Airline laptop incident
<http://blogs.venturacountystar.com/greenberg/qqxsgTexting.jpg>
EIM
GR
OU
P© 47
IV. Transportation (c’t’d) –Texting Bans
Exec. Order, FEDERAL LEADERSHIP ON REDUCING TEXT MESSAGING WHILE DRIVING (Oct. 1, 2009) <whitehouse.gov/the press office/Executive-Order-Federal-Leadership-on-Reducing-Text-Messaging-while-Driving/>
• Richtel, Texting While Driving Banned for Fed. Staff, NYT (10/2/09)<nytimes.com/2009/10/02/technology/02distracted.html?pagewanted=print>
D.O.T., U.S. Transp. Sec’y Ray LaHood Proposes Rule to Ban Texting for Truck & Bus Drivers • DOT 55-10 (3/31/10)
<dot.gov/affairs/2010/dot5510.htm>
Larry Copeland, Software Aims To Block Texting WhileDriving, NewsFactor (7/22/10) <http://www.newsfactor.com/story.xhtml?story id=74411>
EIM
GR
OU
P© 48
Web Activity – Examples:
Fired: Various “out sick” or on leave <http://www.buzzfeed.com/sneeze/top-5-sick-day-fails-u2j>
<http://www.dailymail.co.uk/news/worldnews/article-1080010/Call-centre-worker-caught-boss-posting-sickie-plan-Facebook.html?printingPage=true>
Resigned: Radio reporter, over her personal blog posts re: Alaskan towns-folks’ drinking, inbreeding, incest and sexual mores
<http://www.adn.com/2009/07/27/878744/blogger-ignites-firestorm-in-dillingham.html>
IV. Looking Into “Off-Duty” Activities
EIM
GR
OU
P© 49
More Web Activity Exs.:
Restricted = Marine’s Facebook page
“Armed Forces Tea Party Patriots” <http://Marine-Facebook-4-13-10.notlong.com>
TOO FAR?
Dropped = sick-leave benefits
Insurance agent saw “cheerful” Chippendale photos of allegedly depressed woman
<http://Ins-Photos-AP-11-22-09.notlong.com
<http://news.cnet.com/8301-17852 3-10404633-71.html>
IV. Looking Into “Off-Duty” Activities
EIM
GR
OU
P© 50
Keys if are going to discipline/terminate:
no reasonable expectation of privacy
nexus to job performance
consistent enforcement of “real” policy, as to which employees received notice
IV. “Off-Duty” Activities In Web Content (c’t’d)
EIM
GR
OU
P© 51
V. ComplianceBasics
KUMBAYA?!
Clear, well-thought-out language on which multiple constituencies have weighed in . . .
Compliance’s “3 E’s” = Establish/Educate/Enforce
© TOSHIBA
EIM
GR
OU
P© 52
See Samples links in Appendix A
NEVER blindly follow a sample
DON’T GO TOO FAR
Right to monitor vs. taking on duty to monitor
Examples: harassing language filter; IM logs
BE REASONABLE/REALISTIC
Incidental/limited personal use exception
Dep’t Of Education v. Choudhri, OATH Index No. 722/06 (N.Y.C. Office Of Admin. T & H 3/9/06)<files.findlaw.com/news.findlaw.com/hdocs/docs/nyc/doechoudri30906opn.pdf>
V. ImplementingDefensible Policies
EIM
GR
OU
P© 53
Public-Records-ACT (PRA)/ FOIL/Sunshine issues
FOR PARTIAL BIBLIOGRAPHY, CONTACT PRESENTER
PRA, 1st Amendment, etc. <www.firstamendmentcoalition.org/2009/08/government-
officials-use-personal-email-and-texting-accounts-to-avoid-public-access-laws-why-not-use-technology-to-enhance-accountability-instead-of-to-subvert-it/>
<www.firstamendmentcoalition.org/2010/01/san-jose-want-to-restrict-use-of-private-e-mails-to-discuss-official-business/>
V. ImplementingPolicies (c’t’d)
Let’s be careful out there . . .
EIM
GR
OU
P© 54
Conclusion/Questions
Q+A
Robert D. Brownstone <www.fenwick.com/attorneys/4.2.1.asp?aid=544>
650.335.7912 or <[email protected]>
Please visit F&W EIM <www.fenwick.com/services/2.23.0.asp?s=1055>
<www.fenwick.com/services/2.23.4.asp?s=1055>
THESE MATERIALS ARE MEANT TO ASSIST IN A GENERAL UNDERSTANDING OF CURRENT LAW AND PRACTICES.
THEY ARE NOT TO BE REGARDED AS LEGAL ADVICE.
THOSE WITH PARTICULAR QUESTIONS SHOULD SEEK ADVICE OF COUNSEL.
Robert D. Brownstone – Materials & Resources – SAMPLE TECHNOLOGY-ACCEPTABLE-USE POLICIES (“TAUP’s”) – @ 2/15/11
Generic TAUP’s – Samples appended to 8/28/09 NELI White Paper:
o Pages D-1 through D-17 (.pdf pp. 142-58) (blogging policy should be expanded to cover all Web 2.0 sites)
<http://fenwick.com/docstore/publications/EIM/eWorkplace_Policies_Materials_Public_Sector_EEO_8-28-09.pdf#page=142>
Web-2.0/Social-Media Policies – Non-Fenwick-Drafted Generic Samples:
o 160+ Policies in database at <http://socialmediagovernance.com/policies.php>
o <http://op.bna.com/pl.nsf/id/dapn-7vak72/$File/AP.pdf> (AP’s Social-Media “Q&A”)
o <http://www.ibm.com/blogs/zz/en/guidelines.html (“IBM Social Computing Guidelines ”)
o <http://domino.research.ibm.com/comm/research_projects.nsf/pages/virtualworlds.IBMVirtualWorldGuidelines.html> (“IBM Virtual World Guidelines”)
o <http://socialmediagovernance.com/studies/>
o <www.records.ncdcr.gov/guides/best_practices_socialmedia_usage_20091217.pdf>
o <www.utahta.wikispaces.net/file/view/State+of+Utah+Social+Media+Guidelines+9.29.pdf>
o <http://www.law.com/jsp/tal/PubArticleTAL.jsp?id=1202426674355>, linking to sample:
< http://www.jaffepr.com/about-us/industry-insight/white-papers/social-media-
policy-procedures-and-social-network-policy-proc>
o <http://www.lehrmiddlebrooks.com/SocialMedia.html>
o <www.epolicyinstitute.com/bin/loadpage.cgi?1254863981+forms/index.asp> ($99)
o <www.messagelabs.com/white_papers/epolicy_form> (free registration)
Related Helpful Resources
o <http://www.records.ncdcr.gov/>
o <www.law.com/jsp/cc/PubArticleCC.jsp?id=1202428377614>
o <www.delawareemploymentlawblog.com/technology/the_internet_as_a_hiring_tool/>
o <http://mashable.com/2009/04/28/facebook-privacy-settings>
APPENDIX B – Robert D. Brownstone – Gov’t Educator Materials Public Records – Partial Bibliography (@ 2/15/11)
1
A. Miscellaneous Primary and Secondary Authorities
• Federal agency retention requirements (SOME): National Archives, General Records Schedules (Apr. 19, 2010) <http://www.archives.gov/records-mgmt/grs/>
• State governments generically: NASCIO publications linked off of <http://www.nascio.org/publications/pubsSubject2.cfm?category=30>, including:
• Cal. Exemplar set of retention periods for a state’s agencies and local government entities: Cal. Sec. of State, Local Gov’t Records Mgmt. Guidelines (Feb. 2006) <sos.ca.gov/archives/local-gov-program/pdf/records-management-8.pdf> (I have a Word version I was able to obtain from the Cal. Secretary of State in Sep. 2007; I think, but am not sure, it has the same content as the .pdf
• D.C. Government Administrative, E-mail Retention Policy, Mayor’s Order 2007-157 <http://os.dc.gov/os/frames.asp?doc=/os/lib/os/info/mayors_orders/2007/jul/2007-157_citywide_email_rentention_policy.pdf> [SUBSEQUENTLY REPEALED]
• Wash. Exemplar set of retention periods for a state’s agencies: Sec. of State, State Government General Records Retention Schedule Version 5.0 (Oct. 2010), available in Word and in.pdf formats at <sos.wa.gov/archives/RecordsManagement/RecordsRetentionSchedulesforStateGovernmentAgencies.aspx>
B. Decisions (some; there are MANY more on privacy, back-ups, etc.)
• NDLON v. U.S. I.C.E., 2011 WL 381625 (S.D.N.Y. 2/7/11 (“consistent with the state court decisions . . . certain metadata is an integral or intrinsic part of an electronic record; [a]s a result, such metadata is ‘readily reproducible’ in the FOIA context”) <http://ralphlosey.files.wordpress.com/2011/02/ndlon-v-ice-10-civ-3488-metadata-foia_revised.pdf>
• Associated Press v. Canterbury, No. 34768 (W. Va. Sup. Ct. App. Nov. 2009): Majority opinion (11/12/09) (“[u]nder the clear language of the ‘public record’ definition, a personal e-mail communication by a public official or public employee, which does not relate to the conduct of the public's business, is not a public record subject to disclosure under FOIA”) <www.state.wv.us/wvsca/docs/fall09/34768.pdf>; and Concurring/Dissenting Opinion (11/18/09) <www.state.wv.us/wvsca/docs/fall09/34768c.pdf>
• Lake v. City of Phoenix (“Lake II”), 2009 Ariz. LEXIS 257 (Oct. 20, 2009) (“if a public entity maintains a public record in an electronic format, then the electronic version, including any embedded metadata, is subject to disclosure under our public records laws”) <supreme.state.az.us/opin/pdf2009/CV090036PR.pdf>
• Fla. A.G., McCollum Announces New Policy on Public Records, Press Release (Sep. 15, 2009) <http://www.myflsunshine.com/newsrel.nsf/sunreleases/2C3A7E796E3933338525763200577CB0>
• Evertson v. City of Kimball, 278 Neb. 1, 767 N.W.2d 751 (July 2, 2009) (“private investigator’s written data and reports constitute[d] public records . . . when the public body contractually delegated its investigative authority to the private investigators[; but] . . . requested materials [were] . . . exempt from disclosure under” statutory exception) <www.localopengovernment.com/uploads/file/EvertsonCity-Kimballs08-524.pdf>
• O'Neill v. City of Shoreline, 240 P.3d 1149 (Oct. 7, 2010) (““an electronic version of a record, including its embedded metadata, is a public record subject to disclosure. There is no doubt here that the relevant e-mail itself is a public record, so its embedded metadata is also a public record and must be disclosed”) <http://www.wasupremecourtblog.com/tags/oneill-v-city-of-shoreline/> (linking to majority and dissent)
APPENDIX B – Robert D. Brownstone – Gov’t Educator Materials Public Records – Partial Bibliography (@ 2/15/11)
2
B. Decisions (some) (c’t’d)
• Burnett v. County of Bergen, 198 N.J. 408, 968 A.2d 1151 (Apr. 27, 2009) (requiring requestor to pay costs of redacting Social Security Numbers – from land title records) <http://lawlibrary.rutgers.edu/courts/supreme/a-43-08.doc.html>
• State ex rel. Toledo Blade Co. v. Seneca Cty. Bd. of Com’rs, 120 Ohio St.3d 372, 899 N.E.2d 961 (Dec. 9, 2008) (“grant[ing] writ to compel the board to make reasonable efforts to recover, at its expense, the requested deleted e-mails and to make them promptly available for inspection”) <http://www.sconet.state.oh.us/rod/docs/pdf/0/2008/2008-ohio-6253.pdf>
• Georgia Dept. of Agriculture v. Griffin Indus., 284 Ga. App. 259, 644 S.E. 2d 286 (Mar. 19, 2007) (remanding for properly noticed hearing as to whether state agency had to restore email from back-up) <http://ga.findacase.com/research/wfrmDocViewer.aspx/xq/fac.%5CGA%5C2007%5C20070319_0000363.GA.htm/qx>
• Cowles Pub. Co. v. Kootenai County Bd. of County Com’rs, 144 Idaho 259, 159 P.3d 896 (2007) (e-mails between public employees were public records and, due to signed County e-mail policy, were not protected by legitimate privacy expectation) <http://www.isc.idaho.gov/opinions/cowles14.pdf>
• Wiredata, Inc. v. Village of Sussex, 298 Wis. 2d 743, 729 N.W.2d 757 (Ct. App. Jan. 3, 2007) (finding violation of open records law via disclosure of .pdf image files instead of provision of database access) <http://www.wicourts.gov/ca/opinion/DisplayDocument.pdf?content=pdf&seqNo=27629>
C. Articles
• ARMA, E-Mail Problems Still Plague [Fed.] Gov. Agencies, Info. Mgmt. J. (Sep./Oct. 2010) <http://content.arma.org/IMM/images/IMM_0910_issue.pdf#page=12>
• ARMA, Suit Prompts Wisconsin to Revisit E-Mail Policies, Info. Mgmt. J. (Nov.-Dec. 2009) <http://findarticles.com/p/articles/mi_qa3937/is_200911/ai_n42858544/>
• ARMA, Judge: Palin's Private E-Mail Use Legal, Info. Mgmt. J. (Nov.-Dec. 2009) <http://findarticles.com/p/articles/mi_qa3937/is_200911/ai_n42858560/>
• Breen, Tom, Don Blankenship: Public Officials' Emails Are Private, State Supreme Court Rules, AP (Nov. 13, 2009) <http://www.huffingtonpost.com/2009/11/13/don-blankenship-public-of_n_357401.html>
• ARMA, Oklahoma Opts for Open Records, Info. Mgmt. J. (Sep./Oct. 2009) <http://findarticles.com/p/articles/mi_qa3937/is_200909/ai_n39233479/>
• Slack, Donovan and Levenson, Michael, Menino’s office acknowledges city employees routinely deleted e-mails, Boston Globe (Sep. 13, 2009) <http://Slack-Pub-Records-9-13-09.notlong.com>
• Fruehling-Watson, Rosa, Documents Prepared by Private Investigator for City Exempt from Disclosure, Local Open Government Blog (Aug. 31, 2009) <www.localopengovernment.com/tags/nebraska/>
• Scheer, Peter, Commentary: Government officials use personal email and texting accounts to avoid public access laws. Why not use technology to enhance accountability instead of to subvert it? Cal. First Amendment Coalition (Aug. 20, 2009) <http://Scheer-Pub-Records-8-20-09.notlong.com>
• Lieb, David A., State to pay $500,000 to settle e-mail lawsuit filed against former Gov. Blunt, AP (May 22, 2009) <http://Lieb-Blunt-AP-5-22-09.notlong.com>
• West, Natalie and Jenkins, Michael, When Does Your E-Mail Become a Matter of Public Record?, Inst. for Local Gov't (Sep. 1, 2003) (quoting CPRA Senate Floor Analysis, Aug. 20, 2002)) <http://West-Pub-Records-9-1-03.notlong.com>
