Privacy Issues in the Community College Workplace

information about McVeigh in order to determine his sexual orientation. The court held that the Navy’s investigation of McVeigh was illegal under the ECPA since the ECPA only allows the government to obtain information from an online service provider if it (a) obtains a search warrant or (b) if it gives prior notice to the online subscriber and then issues a subpoena or receives a court order authorizing disclosure of the information in question. Accordingly, the court suppressed the evidence since it found that the Navy had unlawfully obtained the information

E. A PPLICABLE C ALIFORNIA L AW California employees claiming that the employer breached his/her privacy rights in monitoring his/her electronic communications may potentially assert: (1) violations of Article I, section 1 of the California Constitution which specifically protects privacy, (2) intrusion into seclusion under California Civil Code section 1708.8, and/or (3) the tort of invasion of privacy.

Additionally, California also has two primary bodies of statutory law that specifically governs employer monitoring of electronic communications.

The first is California Penal Code section 502, which was enacted to address the proliferation of computer crime and other forms of unauthorized access to computers, computer systems, and computer data. 429 Section 502 protects computer systems, data, the privacy of individuals and “the well-being of financial institutions, business concerns, governmental agencies, and others.” It prohibits, in pertinent part, the unauthorized use, copying, damage, interference, and access to lawfully created computer data and computer systems from an internal or external computer or network. The statute provides both criminal and civil remedies. Section 502 explicitly excludes individuals who access their employer's computer systems or data when acting within the scope of their lawful employment. However, the statute does not include similar language protecting the employer from liability. Because the statute only applies to “unauthorized” conduct, the employer may avoid liability under section 502 by obtaining the employee’s written acknowledgement and consent to employer monitoring. In another California Court of Appeal case, People v. Childs 430 , the court confirmed the conviction and restitution order of $1.4 million entered against an employee for disrupting or denying computer services to an authorized user (his employer) in violation of Penal Code section 502(c)(5). Penal Code section 502(c)(5) makes it a criminal offense to “knowingly and without permission” disrupt or cause the disruption of computer services or to deny or cause the denial of computer services “to an authorized user of a computer, computer system, or computer network.” The employee, Terry Childs, was the principal network engineer for the Department of Telecommunications and Information Services (DTIS) of the City and County of San Francisco. He was assigned to “configure, implement and administer” the City’s new fiber-optic wide area network (FiberWAN) using Cisco products. He convinced the City to let him implement the network himself instead of having Cisco do it. Against the expressed concerns of his supervisor, Childs designed the network so that only Childs had access to the passwords to

Privacy Issues in the Community College Workplace ©2021 (c) Liebert Cassidy Whitmore 139