That’s the question at the center of this court fight:

Two women in California are suing their employer after discovering a hidden camera in an office they shared. They claim the company invaded their privacy.

The employer’s explanation:

The company discovered that someone had been viewing pornography after hours on the women’s computers, so it installed a camera in the office.

The women weren’t suspected of wrong-doing, but they also weren’t told about the camera. The company claimed it was only turned on at night and never captured the women on film. In addition, the employer argued the employees had no reason to expect privacy while at work.

A California court agreed the women’s privacy was never compromised because they were never actually filmed. But that decision was overturned on appeal when a judge ruled the possibility that the woman could be watched was enough to let the case move forward.

Now, the state Supreme Court has agreed to hear the suit. We’ll keep you posted.

Cite: Hernandez v. Hillsides, Inc.

In one recent case, a sales manager sued his former employer for accessing files on his personal computer.

The sales manager used his own laptop at work. His boss suspected he was stealing company secrets with the intention to start his own competing company.

So the supervisor removed the computer’s hard drive to see what was being stored. It turned out the employee had been inappropriately tracking the company’s sales data and product information. He was fired.

But the employee sued, alleging an invasion of privacy. He claimed the boss had no right to break into his computer in the first place. It was his personal laptop, and it also contained his own personal financial data.

The case went before a jury, and the employee was awarded $17.5 million from the company.

The company has also filed a countersuit against the employee for taking the data (as it turned out, he did start a competing business). But that case has yet to be decided.

Cite: Trealoff, et al. v. Forest River, Inc., et al.

In one recent case, an employee’s manager suspected he was sleeping at his desk while he was supposed to be working.

To make sure it was true, the company’s IT department  installed a security camera that gave the boss a view inside his cubicle. When the video showed him napping during work hours, he was fired.

The employee sued the company, claiming an invasion of his privacy.

His case was tossed by a judge. Why?

The employee had no “reasonable expectation” of privacy at work. His cubicle was open, and the inside could be seen at all times by those around him. The surveillance and the resulting termination were upheld by the court.

In most cases, employees can’t claim they have a right to privacy. Companies should be extremely cautious, though, about monitoring employees in “non-public” areas (for example, restrooms).

Cite: Smith v. Methodist Hospitals of Dallas

Three problems companies have heard complaints about:

1. Harassment

In some cases, employees have been caught snapping pictures of female co-workers and distributing them around the office. That’s an obvious harassment issue that must be dealt with swiftly if complaints are made, or the conduct is discovered by manager.

Lawyers also warn about services that deliver pornography straight to a user’s cell phone. Courts have ruled that the presence of porn in the workplace can be enough to constitute a hostile work environment in violation of the law.

2. Privacy

Recently, two employees at a New Mexico hospital were fired after they snapped pictures of patients on their camera phones and posted them on the Internet.

Similar situations have been reported at other hospitals, as well as other types of businesses.

3. Data security

One way rogue employees and other hackers steal confidential data about companies, employees and customers is to steal the electronic files.

But when security controls make that impossible, another method is to just snap a picture of the desired information. Make sure confidential papers are locked up and electronic files are password-protected.

One objection some employees have against their employer’s computer policies: It’s an invasion of privacy. But do workers really have a right to privacy when they’re on company computers?

One recent court case addressed that question.

An employee who’d worked in the company’s accounts payable department for five years started stealing from his employer.

He transferred money out of the company’s bank accounts into his own. Also, he hacked into the payroll system and gave himself a big pay raise — changing his yearly salary from $40,000 to $125,000.

The company’s owner quickly found out about the salary increase and the missing money. He confronted the employee, who admitted to stealing $8,000 and offered to cut the company a check for that amount. The owner fired him and called the police.

With the company’s consent, the police searched the man’s office and his work computer. It turned out the total amount he’d taken was more than $600,000.

Was the search legit?

After he was arrested, the employee tried to have the case against him thrown out. Why? He claimed the police had no right to search the computer. The inspection violated his right to privacy, he said, because the computer was located in his office and password-protected so he was the only one who could use it.

The judge didn’t buy the argument. As several other courts have ruled in similar cases, the employee had no “reasonable expectation of privacy” — so his rights weren’t violated, the court said.

The fact that the computer was inside an office — and password-protected so only one employee could use it — didn’t change the fact that it was the company’s computer. And, in general, companies have a right to search their own property.

Have a good policy

One way for companies to avoid problems related to computer searches and monitoring: Have all employees sign your policy and acknowledge that the company has the right to monitor how its computers are used.

Two states (Delaware and Connecticut) require companies to get consent before they do any monitoring. But for all employers, it can be a good way to remind employees not to expect any privacy when they’re using the company’s equipment.

Cite: State v. M.A.

Data security, according to a study by compliance consulting firm LRN.

When surveyed by LRN, 52% of executives said electronic data protection was the top risk they were worried about. Almost as many (47%) said “data privacy.”

Those two were higher than sexual harassment, executive corruption, safety and other issues.

Why are companies so worried about data? The answer is two-fold, says LRN: The amount of electronic information companies have is growing, and it’s coming into greater focus because of new “electronic discovery” rules that dictate what info companies need to keep in case of a court visit.

The firm’s advice for staying compliant:

• Develop privacy and data security policies
• Periodically audit information storage practices, and
• Educate employees on the impact of lost or stolen data.

The facts:

An employee was involved in a class action suit against the company involving a pay discrimination claim. The attorney representing the plaintiffs asked the employee to send any and all documents related to the case so they could be submitted as evidence. For some unexplained reason, the docs the employee sent included confidential information about the company’s customers. When the company found out, it fired her for violating its privacy policy. She sued for retaliation, claiming she was fired because of her involvement in the equal pay suit.

The employer said:

The termination wasn’t retaliatory. The documents she turned over had nothing to do with the lawsuit, and by releasing them, she posed a threat to the customers’ privacy.

Who won the case?

Answer: The employer.

Why: The court ruled that just because she was participating in a lawsuit while she turned over the documents didn’t mean she was protected from discipline when breaking the company’s privacy policy.

Since releasing them was completely unnecessary and unrelated to the lawsuit, firing her for doing it couldn’t have been considered illegal retaliation,

Cite: Niswander v. Cincinnati Insurance Co.

The facts:

Someone in the company discovered that all the shipping addresses for its suppliers had been changed, as was the password to get into the database. The company had a good hunch who was to blame — the day before, the only employee who knew the password left the office angrily after a dispute with her boss.

The employer said:

The IT department captured the IP address of the user who made the changes and contacted the Internet Service Provider (ISP) to verify the employee did it. But the ISP said it couldn’t give out that information. The company took the ISP to court.

Who won the case?

Answer: The ISP.

Why: The case reached the New Jersey Supreme Court, which ruled the state constitution gives Internet users a “reasonable expectation of privacy” regarding the information they give to ISPs. Therefore the ISP was correct in withholding the info. (In cases with a criminal charge, the court said, the answer would be different.)

It’s not clear if courts in other states will start following the same privacy standards, but it could signal a new trend that means bad news for employers.

Cite: State of New Jersey v. Reid

It’s been the legal standard for awhile: Employers have the right to monitor employees’ e-mail and other electronic communication. But a recent court ruling sheds some doubt on that standard.

Here’s what happened:

An employer gave cell phones to a group of employees so they could communicate via text messages. The contract with the wireless provider said the company would be charged an overage fee if any phone sent more than a certain number of words in a given month. Employees had to reimburse the company for those charges.

After one employee went over his limit four times, the company obtained copies of his text messages from the wireless provider. The transcripts revealed the employee was sending a lot of personal messages — in fact, many of them were sexually explicit.

The employee sued, claiming his privacy was violated when the vendor provided — and the company read — his personal messages.

Stored Communications Act

The court’s decision: By releasing the messages, the wireless vendor violated the Stored Communications Act (SCA). The SCA makes it illegal for “electronic communications service providers” to release data without the sender’s consent.

The judge ruled that even though the company owned the phones, it didn’t have the right to access the messages, because they were handled and owned by a third-party provider.

What HR needs to know

What’s it mean for employers that monitor employee e-mail and technology use? That depends on how a company handles its electronic communications.

Companies often handle e-mail and other communication in-house and store the data on company-owned servers. But many employers outsource those operations to service providers. For those companies, rulings like this might limit their ability to monitor employees.

The court’s decision points out what companies may be able to do to maintain that ability. Here are some ways to keep an eye on employees while avoiding liability:

• Get consent. The lawsuit may have been avoided if the company had gotten written consent from all employees allowing their text messages to be monitored.
• Have a policy. The company had a policy saying e-mail and Internet use would be monitored, but never mentioned the cell phones. Therefore, the court ruled, employees had a “reasonable expectation of privacy” when it came to text messages.
• Enforce it. Even if the general computer policy covered text messaging, the employee paid the overage fee four times before the company looked at his messages — that fact alone could have been enough to establish an expectation of privacy.

Cite: Quon v. Arch Wireless Operating Co.