Employers have salutary reasons to monitor employees’ work areas and employee conduct. For example, employers must attempt to prevent misconduct such as harassment before it occurs. Employers also are legally responsible to provide a safe work place. Laws and regulations have increased potential liability for workplace conduct. In the past, the work area typically was visible and tangible. Now, employees frequently interact in cyberspace, or over computer systems, rather than on an easily watched “shop floor.”

Although some monitoring may be “for employees’ own good,” Big Brother is never going to be voted most popular manager. Workplace law often operates at the center of employers’ and employees’ competing interests. People naturally do not want to be watched. The Constitution limits government intrusions into privacy, and the law considers certain monitoring an intrusion into privacy.

The California Supreme Court recently considered the limits of employers’ right to conduct secret video surveillance of its workers. The Court ruled in Hernandez v. Hillsides, Inc. that an employer’s hidden video surveillance was lawful. Although the employer’s video surveillance was an intrusion into the employee’ privacy, it was not sufficiently serious or offensive to result in a legal wrong. The Court also determined that the employer’s conduct was supported by its legitimate business concerns.

Hernandez v. Hillsides, Inc.

Defendants Hillsides, Inc., and Hillsides Children Center, Inc. the employer, is a group home for neglected and sexually abused children. One of Hillsides’ managers discovered that someone was viewing pornographic websites after work on at least two of the computers in the administrative offices. Naturally, that conduct conflicted with Hillsides’ mission and its policies.

Management decided to install a hidden video camera to catch the culprit. They hid the camera in an office shared by two female employees, plaintiffs Abigail Hernandez and Maria-Jose Lopez. The camera could be activated remotely. But no one turned it on during the day. Management intended to activate the camera only at night. Therefore, the camera did not record any of the plaintiffs’ activities.

Hillsides did not suspect Hernandez or Lopez, but could tell someone was accessing one of the office’s computers at night without authorization. One day, Hernandez and Lopez discovered the camera because a red light was flashing and it was warm to the touch. They eventually sued Hillsides, claiming that even setting up the camera in their “private” office was an invasion of their privacy. The superior court threw out the case, but the court of appeal reinstated it. The Supreme Court then accepted review. All seven justices agreed with the superior court and Hillsides, but for different reasons.

The Supreme Court analyzed the plaintiffs’ invasion of privacy claim in two parts: “(1) the nature of any intrusion upon reasonable expectations of privacy, and (2) the offensiveness or seriousness of the intrusion, including any justification and other relevant interests.” The Court decided that the plaintiffs could not succeed under the second prong.

The Nature of the Intrusion

The Supreme Court held that the plaintiffs were able to establish evidence of a viable intrusion. The Court noted a number of facts relevant to whether the plaintiffs had a “reasonable expectation of privacy,” essential to any privacy claim. These include the physical layout of the area intruded upon, its relationship to the workplace as a whole, and the nature of the activities commonly performed in such places.

Employees who work in areas that are open and exposed to the public or co-workers have little expectation of privacy. But the plaintiffs’ office had a door that could be closed and locked. It also had a window with blinds that could be drawn. Therefore, plaintiffs reasonably could expect some level of privacy in their office. They could have private conversations or engage in other conduct without others present.

The Court rejected Hillsides’ argument that it was possible to see into the office, and the broken “doggie flap” cut into the door meant that the plaintiffs could not be 100% secluded. It also did not matter to the Court that two plaintiffs shared the office or that several employees had keys to the office. The Court reviewed case law establishing that privacy expectations exist even when total seclusion is not guaranteed. Based on its analysis, the Court determined that the employees had a legitimate expectation they could engage in private conduct in the office.

The “reasonableness” of the employees’ expectations also depended on statutes and case law establishing privacy expectations. The Court noted there were laws against certain monitoring, such as in locker rooms and dressing rooms. There are other laws against eavesdropping, even on business telephones, and limits on “paparazzi-like” activities. Because some of these laws prohibit “attempts” to conduct surveillance, the Court did not agree with Hillsides’ argument that the plaintiffs could not complain of an intrusion because they were not the intended subject of the surveillance, and were not even captured on camera.

The plaintiffs also successfully established an intrusion because Hillsides had no surveillance policy and did not otherwise provide notice to plaintiffs that would diminish their expectations of privacy in their office. Importantly, the employer’s internet access policy did not cover surveillance and therefore did not affect the plaintiffs’ expectation of privacy, either.

Seriousness of the Intrusion

Having established an “intrusion,” the plaintiffs also had to prove the intrusion was “highly offensive” to a reasonable person, and “sufficiently serious” and unwarranted to constitute an “egregious breach” of social norms. The Court made clear that mere accidental intrusion or “overstepping” privacy boundaries is not sufficient. The relevant facts include the “degree and setting” of the intrusion and “the intruder’s motives and objectives.” On this point, the Court agreed with Hillsides that the plaintiffs’ case failed.

In considering the degree and setting, the Court found relevant that Hillsides made efforts not to monitor the plaintiffs themselves, and attempted to limit when the camera would be activated. Hillsides also set up its surveillance only in two locations at its facility, both of which were tied to the use of particular computers to view pornography. The company kept the videotaping equipment in a locked storage room with limited access. While the cameras were always on, the video taping equipment was connected to the camera only three times. And, Hillsides operated the surveillance for only 21 days before abandoning it.

The Court also analyzed under this prong Hillsides’ reasons for conducting surveillance. Unlike cases where surveillance occurred out of curiosity or for blackmail, for example, Hillsides indisputably had legitimate reasons for its monitoring program. “Given the apparent risks under existing law of doing nothing to avert the problem, and the limited range of available solutions, defendants’ conduct was not highly offensive for purposes of establishing a tortious intrusion into private matters.” The Court pointed out case law holding employers can be held liable for unlawful harassment based on computer misuse.

The plaintiffs argued that Hillsides could have used other, less intrusive, methods to prevent computer misuse. But the Court refused to impose such a requirement on employers. The Court noted that Hillsides had a legitimate reason to catch the perpetrator of the pornography, both to protect the children in its facility and to prevent liability by enforcing its policies.

Recommendations

After Hillsides, employers may engage in monitoring employees for legitimate reasons. The most straightforward way for employers to prevent or minimize the risk of liability is by giving employees adequate notice. As the Supreme Court noted, when an employee knows she is subject to monitoring, the employee can conduct herself accordingly. The employee’s legitimate expectations that her conduct or conversation will be private is necessarily diminished.

Of course, there are a number of ways to provide notice. A well-written policy that explains the methods and circumstances under which the employer conducts monitoring is important. Employers also may post notices in work areas that employees are subject to surveillance. While some may argue that notice will make it harder to catch possible wrongdoers, it also will deter those who would not engage in wrongdoing if they knew someone were watching them.

Employers should be able to establish legitimate business reasons for conducting surveillance. Such reasons may include workplace safety where applicable, loss prevention in retail operations, and prevention of misconduct. Along the same lines, employers should tailor surveillance efforts to avoid overreaching or claims that intrusions are unjustifiably broad or severe.

Employers also must be mindful of established restrictions on employee monitoring that Hillsides does not affect. For example, regardless of policy, the California Labor Code prohibits video surveillance of restrooms and locker rooms. Telephone monitoring is governed by specific laws and regulations as well. Accessing employees’ personal email, text messages, or secure websites may also be unlawful, regardless of the legitimacy of the reasons for doing so.