Short answer: the Supreme Court’s decision in City of Ontario v. Quon gives software and SaaS companies three durable employee-privacy lessons. First, write a clear technology usage policy. Second, make sure any search of employee data has a legitimate reason. Third, keep managers from rewriting the policy on the fly. Quon was a narrow Fourth Amendment case about a government employer. So it does not bind private companies directly. Still, its practical takeaways travel well.
The Supreme Court decision in City of Ontario v. Quon was an employee-privacy-expectation case. The Court intentionally avoided a lot of specific guidance. Even so, there are clear takeaways for employers.
1. Your Technology Usage Policy Matters.
The Court stressed that the computer policy here was clear and well communicated. The same was true of the changes to it. So create the policy, and communicate any material changes to all employees.
2. The Reason for the Search Matters.
The employer ran its search for a narrow reason. It wanted to check for excessive use of an employer-owned device, because the employee paid part of the bill. The Court liked that the intent was about allocating expenses. In other words, why you search matters. So make sure the right people decide when and how to search any employee data.
3. Managers Should Not Rewrite Company Policy.
Most written policies already say this. Yet it became a huge issue in the case. So remind HR of one simple rule. If there is a question about a written policy, managers contact HR. They do not interpret the policy themselves. One manager improvising an exception can undo the protection the policy was meant to give you.
Together, these three takeaways cover the basics of the Supreme Court’s view of employee privacy.
What Quon Means for Employee Monitoring Today.
Keep one thing straight. Quon was decided under the Fourth Amendment, which constrains government employers. So if you are a private software or SaaS company, the Fourth Amendment does not govern how you monitor your own staff. Instead, your limits come from three places. First, federal wiretap and stored-communications law, namely the Electronic Communications Privacy Act and the Stored Communications Act. Second, a growing set of state monitoring-notice laws. Third, the policies and consents you put in place yourself.
That last category is where Quon’s lessons bite. Since 2010, several states have passed monitoring-notice laws, including New York, Connecticut, and Delaware. These laws make employers warn staff before monitoring email, internet use, or other electronic activity. Remote work and BYOD (“bring your own device”) have made this messier. After all, the line between company data and a personal device is blurry. So a clear policy is still your best protection. Apply it for a legitimate reason, and enforce it consistently. That is exactly what Quon suggested.
For a SaaS vendor, the practical move is simple. Keep your internal monitoring policy and your customer-facing privacy promises aligned. The same device-and-identifier issues drive consumer privacy law too. For more on how privacy law now reaches devices, not just names, see our note on the NAI and SaaS privacy. And for the basics every product team should know, see privacy issues for app developers.
Frequently Asked Questions.
Does Quon apply to my private company? Not directly. Quon binds government employers under the Fourth Amendment. Private employers answer to ECPA, the Stored Communications Act, state notice laws, and their own policies. Still, Quon’s practical lessons apply.
Can I monitor employees on their own devices (BYOD)? Carefully. The personal-versus-company line is blurry. So you need a clear written policy, employee consent, and a legitimate reason. You also need to follow any state monitoring-notice law.
What is the single best protection? A clear, well-communicated usage policy. Apply it for a legitimate reason, and enforce it consistently. That is the throughline from Quon.
For the framework regulators expect SaaS and software vendors to bake into product design from day one, see Privacy by Design: A Framework for SaaS and Software Vendors. I hope this helps.
Disclaimer:
This post is for informational and educational purposes only, and is not legal advice. You should hire an attorney if you need legal advice, which should be provided only after review of all relevant facts and applicable law.
Discover more from Aber Law Firm
Subscribe to get the latest posts sent to your email.