The California Supreme Court issued its decision in Hernandez v. Hillsides, Inc., No. S147552, on Aug. 3, 2009. This case addresses the question of whether an employer can be held liable to two employees for invasion of privacy by intrusion, based on the employer’s installation of video equipment to monitor the employees’ office in an attempt to determine who was accessing pornographic Web sites from a computer in the office late at night. It was undisputed that the employees were not actually videotaped or monitored.
The plaintiffs sought damages for their alleged emotional distress upon learning that the video monitoring equipment had been installed and suspecting that they had been captured in a private situation. The Court held that while the employees held a reasonable expectation of privacy in their office space, under the circumstances, the alleged intrusion could not be deemed sufficiently offensive to constitute a privacy violation. In doing so, the Court distilled the two elements for privacy claims based on the common law and the state Constitution.
The Facts of The Case
Defendants Hillsides, Inc., and Hillsides Children’s Center, Inc., operate a residential facility for neglected and abused children, some of whom were victims of sexual abuse. Plaintiffs Abigail Hernandez and Maria-Jose Lopez were employed by the defendants and shared an office space, where they performed daytime clerical work.
When Hillsides learned that someone was using a computer in the plaintiffs’ office to access pornographic Web sites, it installed a hidden camera in the office. The camera could be operated from a remote location during the day or night, but it was undisputed that it was never operated during business hours. The plaintiffs were not suspected, and they were not viewed via the camera or captured on videotape. Nonetheless, when the plaintiffs learned about the hidden camera in their office they sued, alleging invasion of privacy.
The trial court granted the defendants’ summary judgment motion but the Court of Appeal reversed, finding that the employees had raised triable issues of fact on their claim. The California Supreme Court granted review.
Elements of Common Law and Constitutional Privacy Claims
The Court began its analysis by noting that the plaintiffs’ claims were framed “in terms of both the common law and the state Constitution. These two sources of privacy protection ‘are not unrelated’ under California law.” It identified the elements of a common law privacy claim as: (1) intentional intrusion “into a place, conversation or matter as to which the plaintiff has a reasonable expectation of privacy”; and (2) “in a manner highly offensive to a reasonable person.” For the second element, which is essentially a policy evaluation, “relevant factors include the degree and setting of the intrusion, and the intruder’s motives and objectives.”
The Court noted that the right to privacy under the California Constitution “sets standards similar to the common law tort of intrusion” but with somewhat different requirements. For a constitutional violation to occur, the plaintiff must prove: (1) “a legally protected privacy interest”; (2) a reasonable expectation of privacy; and (3) an intrusion that is “so serious in ‘nature, scope, and actual or potential impact as to constitute an egregious breach of social norms.’” Finally, “no constitutional violation occurs, i.e., a ‘defense’ exists, if the intrusion on privacy is justified by one or more competing interests” and typically “only ‘general balancing tests are employed.’”
The Court assessed the plaintiffs’ claims “under the rubric of both the common law and constitutional tests” which it found were “largely parallel” and required consideration of “(1) the nature of any intrusion upon reasonable expectations of privacy, and (2) the offensiveness or seriousness of the intrusion, including any justification and other relevant interests.”
The Nature of The Intrusion
As to the first element, the Court cited its prior decision in Sanders v. American Broadcasting Cos. (1999) 20 Cal.4th 907, to explain that “while privacy expectations may be significantly diminished in the workplace, they are not lacking altogether.” The Court discussed the factors from Sanders that led to the Court’s conclusion that a privacy claim had been stated there: (1) “the identity of the intruder”; (2) “the nature of the intrusion … meaning, both the extent to which the subject interaction could be ‘seen and overheard’ and the ‘means of intrusion’”; (3) “the physical layout of the area intruded upon, its relationship to the workplace as a whole, and the nature of the activities commonly performed in such places”; and (4) “the ‘means of intrusion.’”
Although the Court discussed each of these elements, it spent particular care analyzing the final element—the “means of intrusion”—given the nature of the alleged intrusion. It addressed the potential civil and criminal liability for the use of cameras and video recorders, as well as case law and statutes that prohibit the use of cameras, video recorders and similar equipment in certain circumstances.
The Court rejected the defendants’ argument that they did not invade the plaintiffs’ privacy because they did not view or record the plaintiffs, or intend to do so. As the Court explained: “While such factors bear on the offensiveness of the challenged conduct … we reject the defense suggestion that they preclude us from finding the requisite intrusion in the first place.” Because the defendants had installed a video camera to monitor the plaintiffs’ office, and a number of people had access to the camera during the time that it was operative, and because the plaintiffs did not have notice of, or consent to, the alleged intrusion, the Court found that the first element favored the plaintiffs.
Is The Intrusion Highly Offensive to a Reasonable Person?
The Court next addressed the second element—whether the alleged invasion was “‘highly offensive’ to a reasonable person ... and ‘sufficiently serious’ and unwarranted as to constitute an ‘egregious breach of the social norms.’” The Court explained:
[T]his court has previously characterized the ‘offensiveness’ element as an indispensable part of the privacy analysis. It reflects the reality that ‘[n]o community could function if every intrusion into the realm of private action’ gave rise to a viable claim. … Hence, no cause of action will lie for accidental, misguided, or excusable acts of overstepping upon legitimate privacy rights. …
The Court considered three criteria in evaluating whether the alleged intrusion was sufficiently offensive to give rise to liability.
The “degree and setting” of the intrusion. The Court found that this factor weighed heavily in the defendants’ favor because they took a measured approach in addressing the problem. They tried other avenues but those were unsuccessful, and when they did set up video equipment in the plaintiffs’ office, it was restricted in the areas that it captured, the time that it was operative and operated, and the duration of the intrusion.
The intruder’s “motives and objectives.” The Court discussed the business advantages for employers in allowing their employees to access the Internet, which necessarily give rise to the potential for abuse, and serious consequences for employers. Under the circumstances—particularly the fact that Hillsides provides a home for neglected and abused children—the Court concluded that Hillsides was required to take reasonable steps to locate the perpetrator.
Could the defendant have minimized the privacy intrusion through other reasonable available, less intrusive means? The Court rejected the plaintiffs’ argument that triable issues exist as to whether defendants could have employed less offensive means for catching the perpetrator. It clarified that “defendants are not required to prove that there were no less intrusive means of accomplishing the legitimate objectives we have identified above in order to defeat the instant privacy claim” (although it did not state what the standard should be). Regardless, the possible alternatives identified by the plaintiffs would not have been as effective in accomplishing the defendants’ goals of both locating the perpetrator—perhaps someone who works closely with the children—and stopping the computer use. Finally, the Court found that the plaintiffs’ “privacy concerns are alleviated because the intrusion was ‘limited’ and no information about plaintiffs was accessed, gathered, or disclosed.”
The Supreme Court took a pragmatic approach to evaluating the plaintiffs’ intrusion claim in this case, and ultimately reached a common-sense conclusion. Although the Court’s prior cases support the holding that employees have a reasonable expectation of privacy in parts of the workplace, the Court made clear that this is not enough to state a claim. Rather, California’s courts must analyze the specific circumstances—including the reasons given by the defendant for its behavior—in deciding whether a claim will lie. Where a defendant has a legitimate reason for its behavior, and where its actions are limited in scope and carefully tailored to address the specific situation at issue, a plaintiff’s claims should be rejected.