Jul 6, 2008

Privacy depends on where you put the information

The judges upheld the verdict in Quon v. Arch Wireless, which determined that if an employer contracts with an outside provider for messaging -- as most do -- it does not have the right to ask the service provider for transcripts of the text messages employees send out. The same concept can be applied to e-mail communications if the employer outsources that service instead of maintaining it on an internal server.

When I heard this recent ruling I was struck by how it contradicts most US corporate attitudes, especially regarding e-mail. In the United States corporations take the position (and policy) that corporate provided e-mail content is property of the enterprise and employees should have no expectation of privacy. I won't get into whether I think this is good idea or not, it's just they way things are in the US (BTW the attitudes are much different in the EU and other parts of the world).

So why then should users expect privacy when texting? The primary difference is where the information is managed and stored. According to the ruling, if information is hosted by an outside provider and not the employer, then privacy can be assumed. If it's hosted on servers owned by the employer, then privacy should not be expected. This covers any information including e-mail, texting, chat logs, documents and files. Given that model, then one can expect that SaaS-based information management includes privacy and on-premises applications do not imply privacy. Regardless of who's paying for it.

This may throw a spanner in the works of cloud computing for some organizations. Smaller organizations may have no choice and need to figure out other ways to keep tabs on information in the cloud (e.g., journaling and archiving on corporate servers). Larger organizations may select specific users that will not be allowed to work in the cloud. Compliance audits and e-discovery will likely be tested by legal teams citing the ruling as a reason for not providing information.

But here's the real mind-spinning contradiction: the recent US FISA Amendments Act not only paves the way for the US Government to perform un-warranted search and surveillance of hosted information sources but also grants immunity to providers who have already violated customers privacy.

E-Commerce News: Privacy: Workplace Text-Messaging Ruling Wows Privacy Advocates

No comments: