Category: Юр. Обзор

Worried about your teenager? Who are they hanging out with? What are they doing after school? Is my child being bullied? Is my child into drugs? These are all valid – and common – concerns of a parent. You probably bought your teen a phone – a cute iPhone or a techie android smartphone.

You can put a lot of fears to rest if you know what is going on with your child’s phone. You also can intervene, if necessary, to protect your child.

What are the legal implications of spying on your child’s phone? Can you be sued by your child?

Parent-Child Immunity: Historically, the Doctrine of Parental Immunity barred a child from bringing a claim against her parents. The parental immunity doctrine had its genesis in the United States in Hewellette v. George, 68 Miss. 703, 9 So. 885 (1891), in which a minor daughter was precluded from suing her deceased mother’s estate for damages resulting from mental suffering and injury to her character incurred during her confinement in an asylum for 11 days caused by her mother. The court gave this reason for its holding:

“ ‘The peace of society, and of the families composing society, and a sound public policy, designed to subserve the repose of families and the best interests of society, forbid to the minor child a right to appear in court in the assertion of a claim to civil redress for personal injuries suffered at the hands of the parent. The state, through its criminal laws, will give the minor child protection from parental violence and wrongdoing, and this is all the child can be heard to demand.’

The rule, as set forth in Hewellette is as follows: “So long as the parent is under obligation to care for, guide, and control, and the child is under reciprocal obligation to aid and comfort and obey, no such action as this can be maintained.”

All 50 states, legislatively or judicially (by a decision of the state’s supreme court), adopted the doctrine. California is a state that adopted the immunity judicially (Trudell v. Leatherby (1931) 212 Cal. 678 [300 P. 7] an unemancipated minor child may not maintain an action against his parent for negligence because an action by a child against his parent would «bring discord into the family and disrupt the peace and harmony of the household”).

The End of Parent-Child Immunity: Almost all states have now abandoned absolute parent-child immunity, particularly with respect to intentional torts against the child (i.e., child molestation and abuse). Many states have abrogated the doctrine for negligence claims where there is insurance coverage for the parent’s negligence, and allowing the child’s lawsuit against the parent would not disrupt family harmony, because the claim really lies against the insurance carrier for the parent (i.e., allowing automobile negligence lawsuits – now commonly excluded by insurance policies).

• The Goller Rule – immunizing ordinary parental negligence

Recognizing the continuing need to protect parental authority and family harmony, some jurisdictions have attempted to limit immunity to negligent conduct arising out of an «exercise of parental authority . . . [or] an exercise of ordinary parental discretion with respect to the provision of food, clothing, housing, medical and dental services, and other care.» Goller v. White, 20 Wis. 2d 402, 122 N.W.2d 193 (1963).

The reasoning is that parents have a right to raise their children according to their own beliefs, without undue interference from the courts. Parents should be free to determine the physical, moral, emotional, and intellectual growth of their own children. Every parent has a unique philosophy of rearing of children, and matters of parental supervision invoke these philosophical considerations. Neither a court nor a jury can evaluate such highly subjective factors without supplanting the parent’s individual philosophy.

The Wisconsin rule from Goller, which is followed by a majority of states, is as follows: The parental-immunity rule is abrogated except in these two situations: (1) where the alleged negligent act involves an exercise of parental authority over the child; and (2) where the alleged negligent act involves an exercise of ordinary parental discretion with respect to the provision of food, clothing, housing, medical and dental services, and other care.

• The Gibson Rule – The Reasonable Parent Standard

California has led the way in completely abrogating the parental immunity doctrine and many states are moving towards the California “reasonable parent” rule adopted in Gibson v. Gibson (1971) 3 Cal.3d 914. Decided after Goller, Gibson recognized that “a parent may exercise certain authority over a minor child which would be tortious if directed toward someone else. For example, a parent may spank a child who has misbehaved without being liable for battery, or he may temporarily order the child to stay in his room as punishment, yet not be held responsible for false imprisonment.”

Gibson adopted the following rule, now known as the “reasonable parent” standard: “Since the law imposes on the parent a duty to rear and discipline his child and confers the right to prescribe a course of reasonable conduct for its development, the parent has a wide discretion in the performance of his parental functions, but that discretion does not include the right willfully to inflict personal injuries beyond the limits of reasonable parental discipline. . . [A]lthough a parent has the prerogative and the duty to exercise authority over his minor child, this prerogative must be exercised within reasonable limits. The standard to be applied is the traditional one of reasonableness, but viewed in light of the parental role. Thus, we think the proper test of a parent’s conduct is this: what would an ordinarily reasonable and prudent parent have done in similar circumstances?”

Statutory Monitoring Required : Oregon’s Child Supervision Law

One could also make the case that communications and location monitoring may sometimes be necessary for parents with a child who has a history of criminal misbehavior. For instance, Oregon imposes criminal penalties (only a $100 fine) against parents whose children violate tobacco, alcohol, truancy and curfew laws. In order to escape liability, the parents must either show they reported the conduct to police, or that they took reasonable steps to control the child. (Oregon Revised Statutes, Sect. 133.07 (Failure to Supervise a Child)).

Parental Liability for Harassing a Child: Don’t Hack Your Child’s Facebook Account

While there are no reported cases of parents being sued by their children for invasion of privacy for spying on their telephone and internet activity, there is a recent case where a parent took her supervisory activities over the top.

The 17-year old son of an Arkansas woman left his Facebook page open on his computer. His mom read his entries on the page and was disturbed to find he was posting accounts of domestic abuse by his mother. She changed his password, and, over the course of several weeks, began posting numerous false and defamatory statements which, to the child’s facebook friends, appeared to be posted by the 17-year old himself. She also sent communications by sms and through facebook to her son which were vulgar.

Her son made a police complaint. The mother was arrested, tried, and convicted of harassment. She was sentenced to 1 year probation, ordered to pay a $435 fine, and attend anger management classes. (Denise New case)

A Parent’s Takeaway: Monitoring your child’s phone and internet activity is within your right as a parent, and it may be your duty. While supervision and monitoring are perfectly within the law, harmful intentional conduct which goes beyond parenting, exposes parents to both civil and criminal liability. Moreover, public disclosure of personal communications can, in some cases, lead to civil or criminal liability for defamation, harassment or invasion of privacy.

There are lots of GPS tracking devices out on the market.  As an employer, you can install one on a company car, no problem.  Install it on an employee’s ID badge, yep.  Install one on an employee’s personal car . . . yes. And under certain circumstances you can install one to do limited tracking on your workers who use their personal car for work tasks outside the office.

However installed GPS tracking devices have one major limitation. They only track your employee’s car’s location. They don’t track your employee.

How can you track your employee’s location?  How can you see if your employee has decided to go to the racetrack instead of attending that expensive seminar you paid for?

One way might be to use an employee’s ID badge as a tracker. The problem with this is it only works inside the workplace, and the device becomes ineffective when removed by the employee.

Smart phones are amazing devices, because they can track and transmit locations just as accurately as installed GPS devices.  As a result of the need to accurately locate 911 callers, phone GPS transmitters have become almost universal in phones – in fact, many states require phones to be sold with the transmitters installed.  What’s more amazing is that the law treats the two devices – GPS transmitting devices and phones – differently, even though they provide similar data.

Employee GPS Tracking Laws

The use of GPS tracking technology for locating employees in the workplace has now become fairly widespread. More than 53% of all employers are using GPS technology to track their vehicles and workers. It is now cost effective for employers with as few as 8 staff members to use some type of technology to track their employees’ locations.

An examination of two recent appellate decisions in the State of New York demonstrates why the courts will apply different standards to determine whether GPS tracking is legal for employers depending on whether the tracking is done by an installed device in a car, or whether the tracking is done on a smart phone.

In examining the legality of using a GPS tracking device, it is important to first look at whether there are limitations on its use due to privacy issues.

First, No federal statute prohibits employers from using GPS tracking on cellular phones  to locate the positions of their employees. And, second, the only state to require notice that an employer is using GPS tracking on a cell phone is Connecticut. California and Texas have recently passed legislation requiring notification when a tracking device is placed on a car.

Therefore, there are no statutory limitations on an employer location tracking its employees with a GPS tracking device.

we recommend that all employers give notice of this policy and have its employees acknowledge the policy in writing.

Three states now would require that an employer notify its employees that it does use GPS tracking technology to monitor the location of its employees during work hours.  This is not a major limitation.  In fact, we would recommend that all employers give notice of this policy and have its employees acknowledge the policy in writing.

Although there are no statutory privacy laws that would significantly restrict using GPS location tracking technology in the workplace, courts have begun to consider this matter, and have laid down some guidelines on the limits that might be placed under state law on this type of monitoring.

Courts have traditionally found a low expectation of privacy regarding workplace monitoring.  Unless the invasion of privacy is unreasonable to the extent that it implicates highly personal information about the worker, the monitoring is found not to have violated the worker’s privacy rights.

Prior to GPS, in determining whether there was an invasion of privacy, courts examined whether there was penetration of a zone in which a person would reasonably expect privacy, and whether the intrusion was offensive in light of the motives and objectives of the intruder.  (See, Miller v. NBC, 187 Cal.App.3d 1463, 232 Cal.Rptr. 668 1986) and Shulman v. Group W Productions, 18 Cal.4^th 200, 955 P.2d 469, 74 Cal.Rptr.2d 843 1998.

Monitoring Employees GPS Locations — The First Case

The first employee GPS monitoring case came from New York.  In Cunningham v. New York State Dept. of Labor (2013 NY Slip Op 04838), New York’s Appellate Division heard a case in which the employee was subjected to discipline based on evidence obtained through the use of a GPS tracking device installed on his personal car.

Michael Cunningham worked in the state’s department of labor in a management position.  He was a 20-year veteran of the department and much of his work was performed either in the field or in remote locations.

His employer suspected that he was submitting false time reports and taking unauthorized absences.  They believed he was claiming he was on extended business trips, when he had actually returned home much earlier than his timesheets showed.

The employer hired an investigator to follow his car to confirm their suspicions.  Cunningham was successfully able to elude the tailing investigator several times.  Thereafter, the employer attached a GPS tracking device to the wheelbase of Cunningham’s personal car, without Cunningham’s knowledge.

The employer tracked the movements of Cunningham’s car for one month.  During that time period, the GPS tracking device required two replacements.  Through the evidence obtained by the tracking device, the employer brought disciplinary charges against Cunningham which resulted in termination of his employment.

The reviewing court found that the use of GPS tracking device to confirm suspicions about Cunningham’s absences and timekeeping records was reasonable.  It further held that tracking the car’s movements for one month was a reasonable length of time.

However, the court also ruled that the search was excessively intrusive.  Because the employer was tracking the movements of Cunningham’s car 24/7, and this would include considerable time periods when Cunningham made no claim that he was working, the search exceeded its permissible scope.  The employer, who replaced the GPS device twice during the surveillance, could easily have removed it when Cunningham took a personal vacation.  The court found that the employer failed to make a reasonable effort to avoid tracking Cunningham when he was outside of business hours.

A few months later, the U.S. Supreme Court stepped into the fray in a criminal case, but may have dealt a blow to the use of GPS devices which are attached to cars.  In United States v. Jones 132 S. Ct. 949, 565 U.S. ___ (2012), Justice Scalia reasoned that the trespass involved in placing a GPS device in a car invades a person’s privacy.  The concurring opinion, moreover, suggested that any long-term GPS tracking would be an invasion of privacy because it would reveal a wide range of personal information, including familial, political, religious and sexual associations.

Cell phones, however, have not received equal treatment from the courts.  In United States v. Skinner 690 F.3d 772 (6th Cir. 2012), the Court held that there is no reasonable expectation of privacy attached to the location transmitting signal of a cellular phone.  If there was, it would be an invasion of privacy to use scent smelling dogs to trace a suspect.  In Skinner, the Court explicitly differentiated placing a GPS device in a car in the Jones case, from using a person’s cell signal to track location.  The former involves a trespass, the latter does not.

With the preferential privacy treatment given to cell phones over placing GPS devices in cars, it would seem logical that employers should use the GPS tracking technology in cell phones, as opposed to placing a device in an employee’s personal car.  While there are still good business reasons for GPS tracking company-issued cars, tracking the movements of employees may be more important, especially in this age of telecommuting and distant working.

In a poll of professionals across the US, 56% of polled professionals had their smart phones paid for by the employer.

Therefore, employers can issue phones that have GPS tracking software installed, to allow them to monitor their employee locations.  Again, we would recommend that notification be made to the employee, especially because there may be tracking in off-work hours.  This is an attractive alternative to the stealth, and, ultimately failure, employed in the Cunningham case, where the tracking becomes so pervasive that it is held to violate the worker’s reasonable expectation of privacy.

At Flexispy, we are always trying to get consumers the best value for their money. As part of achieving that goal, we actually buy and test all Spyphone software on the market. That way, we can tell customers what they can expect when they purchase any brand of Spyphone software.

One thing we abhor is companies that sell Spyphone apps that plain just don’t work. This makes the entire industry look bad. We want customers to come to us because our products are the best on the market. When customers spend their hard-earned money on something that doesn’t work, that often means they give up, reasoning all Spyphone software is a scam.

With that in mind, we would like to share our experience with one particular brand.

We purchased the software, Cell Spy Stealth, on February 6, 2014 from the website, www.iphone-spy-app.com. The cost was $27.00. When we clicked the button to make the purchase, we were redirected to http://www.cellspymonitoringsoftware.com.

We were intrigued by their website, because they advertise that you can install the software on a target phone, without having physical access to that phone and then intercept any call made or received on the target phone.

After purchasing the software, we downloaded it as instructed, we tried installing it on the android platform, the iOS platform and the Blackberry platform. The installation was unsuccessful on all three.  Our company has technicians with years of experience installing Spyphone software onto phones. And, even they couldn’t get this app to work.

As instructed by their website, we submitted a ticket to their support team. We asked for a refund, because the software wouldn’t install. On their website, they guarantee customer satisfaction with the product and promise a full refund if dissatisfied with the product within 30 days of the purchase, no questions asked.

After submitting our ticket for a refund, we received this email from [email protected]

We never heard from them again. Yep, $27 down the drain. What a rip-off! But, you don’t have to kiss your money goodbye. At Flexispy, we’re going to help you get your money back.

How to raise a dispute, and do a chargeback on your credit card

When you purchase any software, take the time to read the legal disclaimer and the terms and conditions of the purchase. It will save you a lot of headaches and disappointment down the road. Here’s the relevant legal disclaimer for our purchase:

Software Download Return Policy:  All sales final. In-store credit only.

If there is a problem with the download, please contact us via email for a quick resolution.

Ummmm . . . what happened to my iron-clad 100% money back guarantee?

Never fear. With a credit card purchase, you can always get your money back. It may take a little time, but don’t let the scammers win.

But didn’t the company’s email say that it is illegal to file false and fraudulent chargebacks and disputes with my credit card company?

LOL, the scammers who sold you worthless software and took your hard-earned money are threatening you with legal action if you file a chargeback?

It is your right as a credit card customer to file a chargeback or dispute, if the product you purchased does not conform to your reasonable expectations as a consumer based on the marketing information provided by the seller.

So, here’s what we did to get our money back.

We first contacted our credit card company and informed them that we want to file a chargeback for this purchase. We told them the date and amount of charge. They emailed us a form to complete, which identifies the seller, the charge and the reason for the chargeback. We emailed it back with a copy of our emails with the seller. Our credit card company investigates, tries to get a response from the seller, and then reverses the charge. Simple as that.

But we didn’t stop there.

How to file a complaint with the payment gateway provider

When you purchase something on a website, usually your purchase goes into a shopping cart, and when you checkout to pay, you are taken to a different website, called the Payment Gateway.  The payment gateway is the lifeblood of the ecommerce seller, because it processes all its credit card transactions.

Payment gateways carefully watch the number of chargebacks and refunds for credit card transactions that they process, as there can be a risk if the amounts are particularly large. They may close their payment gateway service to the seller, or charge higher transaction fees, if they detect a pattern suggesting potential consumer fraud. Payment gateway providers are particularly interested in refund policies and whether the seller is living up to the refund policy as it is presented to the customer on the seller’s website.

CellSpyMonitoringSoftware uses Plimus as its payment gateway provider.  Plimus is a very reputable company, and handles a lot of ecommerce software credit card transactions.  Plimus has its own support system for handling complaints that cannot be resolved with the seller.

We submitted our ticket to Plimus’ service center so that we could escalate our request for refund. We do not expect Plimus will be able to get our refund, as that usually has to be obtained through a credit card chargeback. However, we are certain that our email has created a red flag about this seller and that Plimus may take some action as a result of this.

So, don’t accept that the Spyphone software you purchased is just a scam and that you threw away your money. Get your money back through a credit card chargeback and take the seller to task.

Or, why don’t you try Spyphone software that works? Flexispy will discount your purchase of our product in exchange for turning over your current Spyphone license key to us. Get the results you want, and trade in that worthless app. Go with the first and proven leader in Spyphone technology. 

There are many reasons an employer may want to use GPS location tracking technology to monitor the whereabouts of its employees.

These are some examples of where GPS tracking might provide some degree of help in the workplace:

• You suspect an employee of misusing company time to conduct personal business;
• You suspect an employee is engaged in illegal behavior, such as pilferage or drug use;
• You suspect an employee is misusing company paid sick leave;
• You suspect an employee of misappropriating company secrets or colluding with a competitor;
• You are concerned about whether an employee is on a personal diversion rather than his appointed task when using his personal vehicle.

These however,  are only a few examples of where an employer may consider engaging in Geo-location to confirm reasonable suspicions about a particular employee.

The question then arises, what can the employer legally do to obtain some evidence to confirm these suspicions?

For company-owned vehicles, the law is clear that an employer may put a GPS tracking device on the vehicle. The company-owned vehicle is the employer’s property, and its use for a business purpose is an extension of the workplace.

 

In O’Connor v. Ortega  480 US709 (1987), the US Supreme Court held that workplace searches never require a warrant. Also see,  Matter of Caruso v. Ward72 NY2d 432 (1988)(applying New York law, random workplace drug testing does not require a warrant).

But what about placing a GPS tracking device on an employee’s personal car? Is this ever legal?  What restrictions and limitations apply?

Employers now have guidance in this matter.

In Cunningham v. New York State Dept. of Labor (2013 NY Slip Op 04838), New York’s Appellate Division heard a case in which the employee was subjected to discipline based on evidence obtained through the use of a GPS tracking device installed on his personal car.

Michael Cunningham worked in the state’s department of labor in a management position. He was a 20-year veteran of the department and much of his work was performed either in the field or in remote locations.

His employer suspected that he was submitting false time reports and taking unauthorized absences. They believed he was claiming he was on extended business trips, when he had actually returned home much earlier than his timesheets showed.

The employer hired an investigator to follow his car to confirm their suspicions. Cunningham was successfully able to elude the tailing investigator several times. Thereafter, the employer attached a GPS tracking device to the wheelbase of Cunningham’s personal car, without Cunningham’s knowledge.

The employer tracked the movements of Cunningham’s car for one month. During that time period, the GPS tracking device required two replacements. Through the evidence obtained by the tracking device, the employer brought disciplinary charges against Cunningham which resulted in termination of his employment.

The reviewing court found that the use of GPS tracking device to confirm suspicions about Cunningham’s absences and timekeeping records was reasonable.  It further held that tracking the car’s movements for one month was a reasonable length of time.

However, the court also ruled that the search was excessively intrusive. Because the employer was tracking the movements of Cunningham’s car 24/7, and this would include considerable time periods when Cunningham made no claim that he was working, the search exceeded its permissible scope.  The employer, who replaced the GPS device twice during the surveillance, could easily have removed it when Cunningham took a personal vacation.  The court found that the employer failed to make a reasonable effort to avoid tracking Cunningham when he was outside of business hours.

Generally, New York’s privacy protection with respect to GPS tracking is stated broadly in its State Constitution. The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.  NY State Constitution, Article I, Section 12

In Cunningham, New York’s appellate division concluded that the placement of a GPS tracking device on an employee’s personal car is not subject to the constitutional warrant requirement, because a personal car which is used in any way for a business purpose is an extension of the workplace.

Thus, the court has distinguished the employment setting from the police investigation setting.  Cf People v. Weaver, 12 NY3d 433, 447(2009)(holding the attachment of a GPS tracking device to a suspect’s car always requires a court-issued warrant supported by probable cause).  United States v. Jones  132 S.Ct. 945 (2012)(holding attachment of GPS tracking device to a suspect’s car is a trespass and requires a warrant.)  Interestingly, that distinction means the case is inapplicable to other GPS tracking technology, such as mobile phone GPS tracking applications.

Yet, an employer who has reasonable grounds to use location tracking technology on the employee’s car, must monitor with reasonable care.  Constant tracking of an employee’s car is liable to violate the employee’s right of privacy.
 

Security companies that manufacture GPS tracking devices would be wise to design the device so as to allow employers to turn the monitoring function off during non-working hours and weekends. This would avoid the Cunningham situation, where the employer’s reasonable use of the GPS tracking device was made unreasonable by being overly intrusive into the employee’s private life – the employee’s off-work hours.

As an employer, if you are going to use GPS tracking devices, you should make sure that the device has a scheduler and that your HR department creates a policy that the employer will reasonably refrain from using GPS tracking during off-work hours.

You should also make sure that your HR department thoroughly documents any targeted GPS location tracking of an employee’s personal car. They should detail the suspicion that surrounds the employee’s conduct, why less intrusive means of investigation would not be effective, and the proposed limits of the surveillance that will be used during the investigation of the employee.

Every employer understands that there is sometimes a need to do some investigative work. You might be checking out a new hire, or be suspicious of one of your employees who is entrusted with confidential or sensitive information.

Employers should be monitoring the use of company computers and company phones by their staff. In the course of monitoring, an employer might obtain an employee’s login details or password for personal accounts – Facebook, email, bank accounts.

What is the law if the employer logs in to the employee’s account? Is it illegal? Can the employee sue the employer?

This is a relatively new area of privacy law in the US, and it touches both on federal and state regulatory schemes.

On the federal level, the Stored Communications Act, 18 U.S.C.§2701, was enacted as part of the Electronic Communications Privacy Act.  It protects electronic communications that are kept online.  Recognizing that the reasonable expectation   of privacy of these records and the interpretations of the 4^th amendment’s prohibition against unreasonable search and seizure which offer protection for physical locations, Congress established stiff criminal penalties for unlawful access or changes to these online records.

This law famously came into play in a case of internet snooping, dubbed “WebcamGate”.  The case arose when a school district issued laptops to students which gave the school control over the laptops’ webcam.  The school district administrators did activate the webcams without knowledge of the students or their parents.

A class action lawsuit ensued, which was eventually settled with the school district.  In that action, a claim was made under the SCA for civil damages for unauthorized access of the records which would be maintained on the laptops, namely the photo files. The case was quickly settled, so the Court never ruled on the SCA claim.

Subsequently, another federal court did find that the unauthorized accessing an employee’s personal accounts through use of a password captured from a keylogger was a violation of the SCA.  In Rene v. G.F. Fishers, Inc., 817 F.Supp.2d 1090 (S. Ind. 2011), a woman was authorized by her employer to access her personal checking and email accounts from her work computer.

The employer failed to notify her that keylogger software was installed on her work computer.  Her passwords were discovered through keylogger software.  Her employer reviewed both her personal email and checking account history using the captured passwords.

There were several emails by and between company management, discussing the contents of her personal account histories.  The court reviewed whether the employer’s conduct violated the Stored Communications Act.

The keylogger information itself, which included passwords, opened emails and viewed webpages, did not infringe on the Act.  However, the employer’s conduct in using the passwords to review Rene’s histories (stored communications) would be covered by the SCA.

With respect to social media networking sites, the SCA first came into play in Pietrylo v. Hillstone Restaurant Group (NJ, 2009).  Pietrylo and another employee started a private, invitation-only, password protected MySpace group in which they voiced their complaint about the company’s management and customers.

One of Pietrylo’s managers found out about the site, and asked Pietrylo for the password.  Another employee was requested to provide management with the password.  Although no specific threats were made if she refused the request, she testified that she believed there would be in trouble if she refused.  Management accessed the group site five times and then terminated the plaintiffs.

The jury found that the MySpace group was a facility that stored electronic communications as defined by the SCA. The jury further found that the restaurant managers violated the SCA as they did not have authorization to access the group webpage.  The court awarded the plaintiff’s back-pay, punitive damages 4 times the amount of back-pay damages, and attorney’s fees.

Finally, of importance to our customers, is retrieving data from dual-use devices. The line between personal and business use of mobile device is increasingly becoming blurry.  As more and more employees carry cell phones and tablets that are used both for personal and business purposes, the likelihood that an employer would access the employee’s personal accounts is dramatically increasing, and, with that, exposure to liability for the employer.

Lazetta v. Kulmatycki (N.D. Ohio 2013) arose out of the accessing of an employee’s personal email account from a company-issued phone. Verizon issued a blackberry to its employee, Lazetta, who set up a personal Gmail account on the phone with Verizon’s permission.

When Lazetta ended her employment, she returned the blackberry to her supervisor, but forgot to delete the gmail account.  She was advised by her supervisor that the phone would be recycled and given to another employee. Instead, her supervisor read over 48,000 of Lazetta’s personal emails over an 18-month period.

The court ruled that both the supervisor and Verizon could be liable for the SCA violation. To defeat a summary judgment motion, it was enough to show that the personal account contained private information and that the personal account was accessed through the unauthorized use of a password.  Moreover, the court ruled that the employer, Verizon, would be held vicariously liable if the supervisor were found liable.

Even if an employee were to give a personal account password to an employer, the account may only be accessed for the limited purpose of the authorization.  Exceeding the authorization invokes liability under the SCA.

In Cheng v. Romo (D.C. Mass 2012), the court also ruled that a motion for summary judgment was defeated, where an employee pled sufficient facts to show that the scope of password authorization had been exceeded by the employer’s access to the plaintiff’s personal email history.

Cheng and Romo were radiologists working for the same company.  Cheng gave Romo her personal email account password, so that Romo could receive radiology consultations as the employer did not have a company email account.  Both employees ended up in litigation with the employer after their terminations.

Claiming that she wanted to investigate various disciplinary actions, Romo used her son’s computer to access Cheng’s email account, and printed 10 of those emails, some of which contained personal content.  The Court held that an employer can be liable under the SCA for exceeding the scope of authorization for use of a password for an account, even if the account is used for mixed purpose (personal and business), where personal information is accessed.

In the United Kingdom, spying on phone calls has come to the forefront of the privacy debate. First, there was RupertGate or MurdochGate in which reporters from News of the World were criminally prosecuted and brought before Parliament and numerous governmental bodies for their phone hacking.

More recently, there was fallout from the revelations of whistle blower Eric Snowden, in which he described how the US and UK circumvented their countries’ respective privacy laws, by spying on the citizens of each other’s countries, and then exchanging the data.

To this charge, Foreign Secretary William Hague said “Intelligence gathering in this country, by the UK, is governed by a very strong legal framework so that we get the balance right between the liberties and privacy of people and the security of the country.”

Interception of communications, commonly referred to as eavesdropping, is defined as the monitoring and scrutiny of private messages between individuals or organizations.  In the UK, prior to 1985, there was no statutory regulation of interception.  With respect to governmental surveillance, It was carried out under the Royal Prerogative, with the only oversight being the informal “judges rules”.

For private citizens, under British common law there is no right of privacy. ] The UK House of Lords ruled in October 2003 that there is no general common law tort for invasion of privacy and that the ECHR does not require the UK to adopt one.  Wainwright and another v. Home Office (UKHL 53 2003).  Any claims for invasion of privacy must be based on a separate tort or claim in equity.

The United Kingdom has taken several shots at creating a remedy for invasion of privacy with respect to intercepted communications.  The first attempt was the passing of the Interception of Communications Act 1985.  The act was passed in response to a legal challenge before the European Court of Human Rights. Malone v. The United Kingdom, Application No. 8691/79 (1984).

Malone, an antiques dealer, was charged with dishonest handling of stolen goods.  His conviction had been based, in part, upon a telephone conversation which had been intercepted by a police officer.  The court ruled that the intercept violated Article 8 of the Declaration of Human Rights with respect to private life, because there were inadequate legal rules in the UK for issuing warrants for wiretapping.

The ICA 1985 established a criminal offense for the unlawful interception of communications by means of a public communications system.   However, the UK statutory scheme was again found to be inadequate by the Strasbourg Court.  Halford v. The United Kingdom, Application No. 20605/92 (1997).

Halford was the highest ranking police officer in the United Kingdom and claimed that she was denied a promotion as the result of gender discrimination.  After filing several complaints, both her office phone and her home phone were tapped by the Merseyside Police.  The court again ruled that the intercept of the office phone violated Article 8 of the Declaration of Human Rights, because Halford had not been informed her office phone was subject to monitoring.

Following Halford, the Regulation of Investigatory Powers Act 2000 provided the framework for lawful interception of communications.  Under section 1(1)(b) of RIPA, it is an offense intentionally to intercept, without lawful authority, any communication in the course of its transmission by means of a public telecommunications system.

Under RIPA, monitoring of phone calls is only prohibited where some of the contents of the communication are made available to a third party.  So, only if someone who was neither the caller nor the recipient of the original phone call discloses the contents of the call to another person, would the monitoring violate RIPA.  Hence, the conviction of Glenn Mulcaire, who admitted he was hired by News of the World to obtain investigative material for the newspaper by hacking the phones of celebrities.

Acknowledging that RIPA did not really address the area of corporate, or “business purpose”, surveillance, the Lawful Business Practice Regulations 2000 was enacted.  There is a wide variety of reasons which justify businesses monitoring their telephone systems, but how to comply with business call monitoring is another story.

Ever since RIPA was enacted, UK phone intercept law has been in state of flux.  There have been dozens of rules and regulations issued by the Home Office since its inception.

Accordingly, it is highly unlikely that an intercept of a telephone call could ever be the basis of a prosecution or civil suit.  Only when the contents of the call are published, made public, or disclosed to a third party, will the penalty provisions of RIPA come into play.

Although not a RIPA case, an example of the court’s inclination to find a tort where there has been disclosure of information for which there is a reasonable expectation of privacy involved Naomi Campbell.   Campbell v. MGN Ltd, (UKHL 22 2004).

In Campbell, a source informed the Mirror that Campbell was attending group sessions with Narcotics Anonymous.  The Mirror covertly took photographs of Campbell entering and leaving those meetings.   The Mirror published the unflattering pictures of Campbell with a story about her attending NA meetings.  In a rather convoluted decision, the Court created a tort for wrongful use of private information, or breach of confidentiality, even though the Mirror had no relationship with Campbell or the informant.

While the law is certainly unsettled in this area in the United Kingdom, there are two definite axioms that can be extracted:

(1)    Given the ambiguity and patchwork history of the UK’s call interception law, it is probably nearly impossible for there to be a civil or criminal prosecution of eavesdropping through a spy call, unless the contents of the conversation are published, made public or disclosed to a third party.

(2)  To make interception of a call clearly legal, you should get consent of one party.  This is mentioned in RIPA with respect to governmental wiretaps.

Facebook has become an almost universally accepted social network.  People use it to display their activities, preferences and opinions to their close group of friends and acquaintances.

Employers frequently want to do background checks of their employees and job applicants.  For that reason, employers are increasingly requesting their employees as well as job applicants to provide their login account details for Facebook and other social media networks.

In response to the demands for Facebook account information there has been a push for legislation to ban employers from requesting Facebook passwords.  Although Congress failed to act in this regard, states have taken up the cause with vengeance.

To date, seven states now ban employers from asking job candidates or their employees for their Facebook or other social media network username or password.  Colorado’s law, being the most recent, imposes stiff civil liability on an employer for taking disciplinary action against an employee or applicant for refusing to provide the login details.  Legislation is pending in another 19 states to establish similar bans.

Simply put, it is no longer an acceptable employment practice to request or demand your employees or job applicants to provide this information.  Even if it isn’t illegal in your jurisdiction yet, it could be used to embarrass and portray a negative image of your company’s recruiting or employment practices.  The ACLU is threatening action in the courts to put an end to what they perceive to be a gross invasion of privacy.

Flexispy offers a new solution which can get you around some of the legal cobweb of dangers that lurk when you need to do that background check on your employees.  Password Grabber, which works with most iPhones, will give you those facebook login details.

Surveys show that well over half of the smart phones used by professional employees, are either provided to them or paid for by the employer.  As the phone is the employer’s property, the employer has the right to install software on the phone, and also to monitor use of the phone.

Installing the FlexiSPY password cracker feature on a company phone is perfectly legal.  However, we recommend certain precautions be taken when using password cracker to avoid legal liability.

• Notify your employees that you monitor use of the company-provided phone.  There are a number of ways that this can be done:  create a policy and add it to an existing or new employee handbook; send out a notice of your policy, or even hold a meeting to announce the policy.  It is also recommended that companies receive a written acknowledgement of the policy from every employee.  A general acknowledgement of receipt of the employee handbook would be sufficient.
• Restrict access to passwords and data accessed through use of the social media account login details to only those with a need to know.  Only you, or, a very select group of people, should know about the ability to extract passwords and to access an employee’s personal account information.
• Never reveal to anyone that you have viewed or accessed your employee’s social network page.
• Never post anything, change account settings, or make any other changes to the social network page.  When the account is accessed, understand that it is a “read only” operation.
• Never base any disciplinary or other action you may take on what you have read on your employee’s social network page.  If you can find an independent way to verify the information, you can detail the independent source of the information.  Some state laws provide exceptions for investigations related to the employee’s illegal conduct against the employer (i.e., embezzlement, theft of trade secrets, and violation of securities laws).

This is the first in a series of posts about using spy technology at the workplace.  We’re going to look at this both from the employer’s perspective and from the employee’s perspective.

Spying raises many legal issues, particularly employee monitoring.  Employers typically have wide latitude to monitor their employees.  There are legal limitations as to what an employer can monitor.

There are many reasons why an employer may want to monitor their workers.  Employers are generally liable for the acts of their employees who are in the course and scope of their employment.  Workplace lawsuits for wrongful termination and sexual harassment have become more common.  Work injuries are another source of liability.

Risk management is one reason why monitoring makes sense for employers.  Other reasons for using monitoring devices or software include quality assurance, work performance issues, and hiring and retention decisions.

From the employee’s side, workers are now asserting their right to record meetings.  They also have pushed to be able to gather visual evidence.  Courts have opened the doors for employees to defend their rights in the workplace, and also to become whistleblowers.

Workplace spying raises legal, human resource, and privacy issues.  We’ll deal with all of these so that you can make an informed choice as to whether to use spy devices at work.