The digital revolution has hit the American workplace. Relying on electronic technology for efficiency, companies typically provide cell phones, computers–including Internet access and e-mail–voice mail and PDAs, such as BlackBerries or pagers. This technology, however, poses risks. Apart from “cyberloafing” productivity loss, outside cyberattacks, easy internal theft (e.g., thumb-drive downloads of proprietary information) and e-harassment, perhaps the biggest problem is the most obvious: widespread use of company equipment for personal use. A company’s electronic systems contain vast amounts of nonwork-related data. Who may legally access that information? Under what circumstances? What about privacy concerns? Naturally, the law has not kept pace with technology.

Even in companies that have workplace policies prohibiting misuse of technology, restricting personal use, or allowing company monitoring and access, such policies are not necessarily dispositive. In City of Ontario v. Quon–involving text messages on city-owned pagers–the Supreme Court found that although company policies are a factor in shaping reasonable privacy expectations, “operational realities” remain the touchstone. Courts may ignore even the best-worded policy if facts show it was not well communicated or actually enforced. In Quon, the city contradicted its written policies by on-the-ground practices and oral modifications that led employees to believe they had a reasonable expectation of privacy despite “official” policy. Scrupulously following policy is essential: Don’t say one thing and do another.