The New Jersey court said that files on a work-owned computer
can be accessed and searched if the company gives permission, even
if the user does not.
The ruling came in the case of a man referred to as MA whose
identity was kept secret because he has AIDS. He was convicted of
stealing $650,000 from his employer while acting as a book-keeper
there.
The actions came to light through warrantless searching of his
laptop and desktop computers at work.
MA was convicted over the thefts but argued that his conviction
was unsound because of the way the evidence was gathered. He said
he had a reasonable expectation of privacy in relation to material
on the computers at work which was password protected.
The Superior Court of New Jersey found otherwise.
"[MA] had no reasonable expectation of privacy in the personal
information stored in his workplace computer," said Judge Marie
Simonelli in her ruling. "Even if [MA] had a subjective expectation
of privacy because he used a confidential password, that
expectation was unreasonable under the facts of this case."
MA worked for Certified Data Products (CDP), which was a label
making company owned by Joseph Braun, between 1997 and 2002 as a
book keeper. He also assumed responsibility for the office's
computer systems over time. MA ran a side business selling
computers and supplied CDP with around ten machines.
MA had been transferring money from CDP to himself and to his
mother as well as giving himself unauthorised pay rises which
increased his salary from $40,000 to $125,000 a year.
Those pay rises were discovered in 2002 and Braun dismissed MA,
who left the computers he had used for work and which were owned by
the company behind.
Braun signed warrants permitting police to search those
computers. The police discovered evidence of money being wired to
MA and his mother and cheques being written to each of them by
MA.
MA had covered his tracks sufficiently that it was never made
clear exactly how much was stolen, but Braun was awarded a judgment
of $769, 631.51, which represented $655,935.95 in damages and the
remainder in interest.
MA argued that the computers were his personal machines and not
Braun's or CDP's, but the judge rejected those claims. In fact the
court believed Braun's assertion that he had paid for the laptop
twice. He had bought it from MA second hand for $500, but it
emerged that it had originally been paid for on Braun's corporate
credit card years earlier without Braun's knowledge.
The original judge had believed Braun over MA, and the Superior
Court did too.
"We are satisfied the judge's factual and credibility findings
are amply supported, and there is substantial credible evidence
that Braun, not defendant, owned the computers," said Simonelli.
"Because Braun owned the computers, he had the authority to consent
to their search; and because Braun voluntarily consented to the
search, the search was valid."
MA argued that he had a right to privacy because he had a
private office and had put passwords on the computers to protect
them from third party access.
The court relied on a previous case whose ruling said that
someone who abandons property no longer has an expectation of
privacy in relation to it.
The court found that MA had no expectation of privacy, even if
he believed he did.
"Neither the law nor society recognize as legitimate [MA]'s
subjective expectation of privacy in a workplace computer he used
to commit a crime," said Simonelli.
If the same thing happened in the UK employers would be safe
investigating the issue as long as they were convinced a serious
incident had taken place, said Ben Doherty, an employment law
specialist with Pinsent Masons, the law firm behind
OUT-LAW.COM.
"If an employer had a reasonable suspicion that sombody had been
stealing from them, whether £650,000 or £6.50, I would be very
happy for them to go and look at that computer," said Doherty. "The
way in which an employment tribunal looks at it is if an employer's
actions have infringed an employee's individual rights, they're not
overly concerned about that, provided that the evidence that
they've found shows he's guilty."
Employees can have a right in the UK to use employers'
facilities for private communication, within reason. This is
usually covered by an employer's usage policy which must be adhered
to, said William Malcolm, a specialist in privacy and data
protection at Pinsent Masons.
"If your communications policy says you can use the system for
reasonable personal use you do create an expectation of privacy,"
said Malcolm. "But if you suspect a crime or serious malpractice
has gone on you should consider involving the police."
Disclaimer: We hope you find OUT-LAW’s content useful. It’s prepared by the lawyers at Pinsent Masons. Please remember, though, that it’s intended as general information only. It’s not legal advice. If that’s what you’re seeking, please
contact us. See also: our
full disclaimer
