Privacy Bulletin: Issue No. 42

In the News
Supreme Court Finds Employee Had No Expectation of Privacy in Work-Issued Cell Phone: On June 17, 2010, in City of Toronto v. Quon, 08-1332, the Supreme Court held that a public employer’s review of an employee’s personalized messages on an employer-issued device did not violate the Fourth Amendment. The Supreme Court’s decision overturned the 9th Circuit, which had held that the plaintiff had a reasonable expectation of privacy in the text messages and that the City’s search was not reasonable even though conducted with a legitimate, work-related rationale. In reaching that holding, the 9th Circuit found that the City could have used less intrusive means to conduct the search and that the wireless carrier had violated the Stored Communications Act (“SCA”) by releasing the transcripts of text messages to the City.

In overturning the 9th Circuit, the Court found that the department’s search of work-issued phone records to determine if officers were using their pagers too often for personal messages was reasonable. While the Court did not reach the issue of whether employees have a reasonable expectation of privacy in work-issued phones, the Court did hold that, when an employer searches phone records for any legitimate business reason, the search does not violate the privacy rights of individuals. The Court found that, even if the City’s employees had a reasonable expectation of privacy in their text messages, the search was justified under Supreme Court precedent because there were “reasonable grounds for suspecting that the search was necessary for a noninvestigatory work-related purpose”- whether the character limit on the City’s plan was sufficient to meet the City’s needs, a purpose which made it necessary for the City to distinguish between work-related and non-work-related text messages. Furthermore, the Court found, any expectation of privacy Quon had must be extremely limited to be reasonable, because the City had a written policy explaining that texts were subject to auditing. The merits of the SCA claim were not before the Court.

FTC Enters Into Settlement with Twitter: On June 24, 2010, the FTC announced that it had approved a settlement order with social networking service Twitter. Hackers allegedly were able to obtain customer passwords and then reset some passwords and took control of others- sending fake tweets from user accounts. Under the terms of the settlement, Twitter will be “barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers.” Twitter also must implement a comprehensive information security program, to be assessed by an independent auditor every other year for 10 years.

Homeland Security Committee Approves Cybersecurity Bill: The Senate Homeland Security and Governmental Affairs Committee approved a cybersecurity bill proposed by Committee Chairman Joseph I. Lieberman (I.-Conn.), after adding a substitute amendment limiting presidential powers under the bill. The bill, entitled the “Protecting Cyberspace as a National Asset Act of 2010,” would create a National Center for Cybersecurity and Communications within the Department of Homeland Security. The bill also would allow the President to seize control of the Internet or shut down access to certain parts of the Internet in the event of a “national cyberemergency,” a provision which concerns privacy advocates. The amendment clarifies that the President can declare a cyberemergency only if cyber-interference has the potential to disrupt the operation of critical infrastructure and limits the extension of a cyberemergency to 120 days, unless Congress passes a resolution approving continuation.

Senate Declines to Extend FTC Authority in Financial Regulatory Reform Legislation: On June 22, 2010, the Senate Banking Committee voted to reject language in H.R. 4173, the Wall Street Reform and Consumer Protection Act, which would have expanded the FTC’s authority in policing unfair trade practices. The provisions would have made it easier for the FTC to create regulations, requiring only a “notice and comment” period for new rules, and would have increased the FTC’s enforcement abilities by allowing it to pursue third-party claims under the FTC Act without coordinating with the U.S. Department of Justice. On June 29, 2010, the Conference Report was filed.

Utah Supreme Court Finds Candidates May Use Electronic Bids for State Office Runs: On June 22, 2010, the Utah Supreme Court held that, under the Uniform Electronic Transactions Act, electronic signatures may be counted towards the 1,000 signatures required for a candidate who is unaffiliated with a party to run for statewide office. The court cited to Utah Code Ann. § 20A-9-501, which requires 1,000 signatures, stating that, as a matter of public policy, courts should “liberally construe” statutes governing unaffiliated candidates, so as to give them “every reasonable opportunity to make their candidacy effective.”

Privacy and Data Protection Team
The attorneys in Womble Carlyle’s Privacy and Data Protection Team provide a wide array of privacy services to clients. We work with clients to assess their privacy and data security obligations, and then develop a compliance plan and controls to meet their needs. This includes privacy and security assessments; drafting and reviewing policies and procedures; training employees; managing privacy risks in contracts and mergers and acquisitions; and providing dedicated staffing for client privacy projects and ongoing privacy management. Our team does not operate in a vacuum—our goal is to help clients avoid pitfalls in privacy and data protection so they can focus on their core business. We also assist clients when privacy protections do not work by helping clients address security breaches. The firm also assists clients regarding monitoring and affecting privacy and data protection legislation and regulations. Should the need arise, we aggressively represent our clients in litigation and in agency or law enforcement matters.