Sitton v. Print Direction – Employees And Their Personal Devices
Posted: July 13, 2012
What privacy rights does an employee have to personal devices used in the workplace? In what is almost certain to be one of many cases addressing the scope of those rights, the Georgia Court of Appeals decided the case Sitton v. Print Direction, Inc., 718 S.E.2d 532 (2011), in which an employee claimed that his employer violated his privacy rights by printing e-mails off of the employee’s personal laptop.
The facts in the Sitton case do not paint the picture of a sympathetic employee whose privacy rights may have been unfairly exploited. Larry Sitton was an at-will employee hired as a salesperson at a commercial printing business, PDI. Mr. Sitton’s wife also owned a printing business, which competed with PDI. PDI alleged that Sitton, using his personal laptop connected to PDI’s network while “working” at PDI, frequently brokered print jobs for his wife’s company. PDI’s CEO eventually “caught wind” that Sitton was competing with PDI. One day, while Sitton was away from his office, the CEO entered Sitton’s office and then “moved the computer’s mouse, clicked on the e-mail listing which appeared on the screen” and printed some of Sitton’s e-mails from a non-PDI account showing that Sitton was brokering print jobs for his wife’s company. The record later developed in the case showed that Sitton brokered more than $150,000 in competing print jobs while at PDI. Not surprisingly, PDI terminated Sitton.
Sitton sued under a Georgia computer crimes statute, alleging that PDI committed computer theft, computer trespass, and computer invasion of privacy, and he also claimed that PDI was liable for a common law invasion of privacy. PDI counter-sued, alleging that Sitton breached his duty of loyalty to the company. Sitton lost at trial, and was ordered to pay over $39,000 in damages to PDI as compensation for lost business as a result of Sitton’s competing work.
The appeals court analyzed the trial record and affirmed the trial court’s decision in all respects. First, the court found that the CEO’s actions, using Sitton’s laptop to print the incriminating e-mails visible on the screen, were not the kinds of actions forbidden by the Georgia computer crimes statute. According to the court, the CEO did not “take, obtain, or convert Sitton’s property,” did not “obstruct or interfere with a computer program or data, or alter or damage a computer, computer network, or computer program” nor did he “examine Sitton’s personal data.”
Perhaps the most compelling aspect of the case is that the court found that another necessary element was missing in Sitton’s charge that PDI violated the statute, ruling that the CEO’s actions were not “without authority.” The court considered PDI’s employee manual and found that PDI’s computer usage policy was not limited to PDI equipment. The manual discussed the necessity for the company “to be able to respond to proper requests resulting from legal proceedings that call for electronically-stored evidence” and, accordingly, stated that PDI employees should not regard “electronic mail left on or transmitted over these systems” as “private or confidential.” The court held that the e-mail on Sitton’s computer screen was subject to review under the company’s computer usage policy and that even if the e-mail was “stored” elsewhere, the policy provided that “PDI will… inspect the contents of computers, voice mail or electronic mail in the course of an investigation triggered by indications of unacceptable behavior.”
Dismissing Sitton’s common law invasion of privacy claim, the court found that the CEO’s actions were not “an unreasonable intrusion upon Sitton’s seclusion or solitude.” The CEO’s conduct was reasonable in light of the situation as he was seeking to obtain evidence in connection with an investigation of improper employee behavior in which the company’s interests were at stake and also had “reason to suspect” that Sitton was competing with PDI.
The Sitton case serves as a reminder that a company’s computer usage policies are critical in managing employee communications of all kinds, including those that occur through personal devices connected to the company’s network or otherwise brought onto company premises. A good policy can be a shield and a sword, and every business should think seriously about their policies on a periodic basis to make sure that they stay current in light of changing technological trends.