Let’s say you have a personal iPhone and a company-issued iPhone. On your work phone, you enter the same personal iCloud username and password you use on your personal iPhone so you can listen to your music library on either one.
One day, you start up a text conversation with a co-worker on your personal iPhone. You’re both talking about this woman you work with named Kate, and because it’s a private conversation, you use some pretty insulting, derogatory, and obscene terms. Nobody will ever know, right?
Two months later, your employer asks you to turn in your Company-issued iPhone so it can issue you a newer version. In the meantime, it loans the older Company-issued iPhone to Kate, the co-worker you and your work buddy were disparaging a few months ago. Surprise…Kate turns on the phone to begin using it and she sees ALL your messages about her. Because your iCloud account was linked on the work phone, all of your iMessages with your co-worker that you sent and received on your personal phone also synced and downloaded to the work phone. Yikes, right?
It gets even worse. Kate shows the phone to your manager and then HR calls and tells you the company is terminating your employment (and your buddy’s too). “WHAT?! How can I be terminated for a no-harm conversation I had on my own time outside of work and on my own phone?,” you ask.
Let’s go back and look at your employee handbook. Oh, you didn’t read that, did you? Well, here’s one policy contained in your handbook:
“All computers and electronic devices (including but not limited to smart phones, tablets, desktop computers, and laptops) owned, operated, or issued by the Company (collectively, “Company Devices”) may only be used for business-related purposes. Employees may not send or receive personal email nor may they create, download, upload, store, or transmit personal content using Company Devices. Employees DO NOT have an expectation of privacy in any content created, stored, published, sent, or received on: (1) Company Devices, OR (2) personal electronic devices when those devices are connected to a Company network or to a Company Device. The Company may monitor any electronic communication or data created, sent, or received on Company devices.”
Whether you realized your iMessages would transfer to the work phone or not, you violated company policy by creating, downloading, uploading, storing, or transmitting personal content using a Company Device. Furthermore, the policy made it crystal clear that you had no expectation of privacy in any information stored or received on your work phone.
A very similar scenario recently occurred in New Jersey to a few employees of Anheuser-Busch. While they have initiated a lawsuit alleging a violation of their right to privacy under the New Jersey Constitution, their chances seem pretty slim.
Here in North Carolina, there is no law protecting employees for most kinds of lawful off-duty conduct. So you can’t file a wrongful discharge claim under state law. There’s no explicit common law expectation of privacy found in North Carolina law that would apply to these facts. In fact, consent by one party to an “intrusion” of privacy would provide an excellent defense to the party accused of intrusion. Here, the employee handbook you acknowledged with your signature when you started your job is all the advance notice and consent your employer needs. There’s also no federal protection for you. What can you do? Probably nothing in this scenario but to accept your termination and find another job.
The lesson here is to keep your work and personal devices separate. A best practice is to not use your work device(s) for any personal business at all; however, if you must, be judicious and wise in your use, and make sure that your employer permits some degree of personal use on your work device. As an adult, you should know what will and will not get you in trouble at work.