Supreme Court, Employees, Email Hosting, and Smartphone data ownership

Ben Thoele · September 26, 2011, 11:09:41 AM

Last week at TENCON there were a few references made to Supreme Court and other court decisions referenced in a few IT clases. If you referenced one of those cases or know of an article you read would you please post it here? The cases I'm most interested in are having to do with hosted email and employees and if a wire tap or warrant is needed for "Cloud" computing, and third any article about about who owns data on an employees owned device such as a smartphone.

Jim Jensen · September 26, 2011, 12:52:42 PM

Interesting concepts. I'd be interested to hear myself.

Ben Thoele · September 26, 2011, 02:23:11 PM

Looking through my notes I found the following.

-The EEOC- Employees own data on their phones. Something to that effect...
-Infoweek had something about hosted email and employee relations.

I didn't have any luck with either of these with some Google searches.

I anyone else has read these please post URLs to their articles.

Lance Bateman · September 26, 2011, 02:34:27 PM

One thing you must consider - if there is info regarding a customer or processing, it's subject to any requirement for "disclosure" in case of suit. Look into "e-discovery". All emails, voice mail, systems records, etc. are subject.

Todd Arnold · October 06, 2011, 07:51:12 PM

I would very much like to get more info on the case name or number for this. I didn't think that any cases specific to cloud computing have made it that far yet. And the cases from 2010 that did make it to the supreme court dealt with government employees, not private ones. Since the employers were governmental entities, it brought into play 4th amendment protections that are not applicable for non-governmental employers. And the City prevaled in that case against the plantiff employee anyway.

Jeff Golas · October 07, 2011, 02:10:35 PM

FINALLY I was looking for this thread...came across this looking for something else, and its kinda along the lines of what's being requested here...

http://luxsci.com/blog/gmail-not-hipaa-compliant-email.html

Lance Bateman · October 07, 2011, 03:05:01 PM

Thanks Jeff - good reminder regarding HIPAA, besides the fact that even if not dealing much with HIPAA, you still have privacy issues on information regarding your personal lines clients by law.

Interesting addition on HIPAA, which caught me a bit by surprise. Yes, certain P/C lines such as WC and Personal Auto are excluded. HOWEVER, there is an exception to the exclusion that many aren't handling - on WC.

If sending a loss run on WC losses to carriers other than the one currently writing it, it apparently falls into the marketing exception to the exclusion - and you have to either use a scrubbed version of the loss run, black out certain identifying info, or get "opt ins" from anyone that may be on the list. Things you can't include of course are names, employee numbers, claim numbers, etc - but also have to remove month and date of the injury, though you can leave the year.

One good thing - suits on this are civil, not criminal, and I've not heard of any coming up yet. Bad thing - the amount anyone that feels you have violated the law can sue for, not only your company but you personally.

Jan Regnier · October 07, 2011, 03:58:34 PM

Quote from: Lance Bateman on October 07, 2011, 03:05:01 PM
Bad thing - the amount anyone that feels you have violated the law can sue for, not only your company but you personally.

Yep...everyone feels entitled to winning the "lottery"....

Ben Thoele · October 19, 2011, 04:50:53 PM

Found it.
Read page 4 and 5.

http://www.infoworld.com/d/mobilize/who-should-own-your-smartphones-173?page=0,0

Hans Manhave · October 19, 2011, 08:34:03 PM

Very thought provoking article. Many things mentioned while there are still many more things and what-ifs to consider. A real headache.

Just where an employee might live or travel would also affect the carrier choice and thereby the unit that is used.

Jim Jensen · October 20, 2011, 08:54:34 AM

Yes, very interesting - thanks Ben. This seems to support my theory of expanding computer-use agreements to include phones, regardless of who owns them.

Jeff Zylstra · October 20, 2011, 09:30:34 AM

+1. Great post on the article, Ben. It's really eye opening for us Americans to see some of the laws of other countries. Especially the EU. It was eye opening to see the 1995 Data Directive law from the EU about requiring websites to allow people to change online information about themselves. I also wonder how RIM being in Canada affects data access and privacy rights. I'm sure that some lawyer somewhere is just waiting for the right case to test it out.

Quote
International issues also pop up, Vogel notes: "Generally in the U.S. emails are private to employers, while in the E.U., Canada, and Japan emails are private to employees. Furthermore, in the E.U. there are data privacy laws for individuals called the 1995 Data Directive that permits citizens of the E.U. to access any computer that contains data about them and change that data. The U.S. has nothing like this at all, and when there is communications between the E.U. and U.S., determining which law applies gets very complicated."

brinkerdana · October 20, 2011, 05:55:20 PM

"Furthermore, in the E.U. there are data privacy laws for individuals called the 1995 Data Directive that permits citizens of the E.U. to access any computer that contains data about them and change that data. The U.S. has nothing like this at all,"

I just spent some time trying to get my personal data removed from various websites. Many require snail-mail requests on their forms, other just respond via email. It's a real PITA!