ELECTRONIC COMMUNICATIONS MONITORING

Modern technology has revolutionized the way we do business. But this technology poses dangers. Employees have greater access to sensitive company information. They can manipulate it, or simply take it for their own purposes. They also have easy access to outside information that does not belong in the workplace. Employees can communicate instantly between themselves and with others through technology, and they often act without apparent forethought. These realities prompt many employers to try to control employee conduct and monitor technology use. These efforts often run contrary to employee notions of personal privacy, giving rise to legal conflict.

1. Arguments For and Against Monitoring

Widespread electronic monitoring in the workplace is evidence of its apparent usefulness to employers. Employers often justify monitoring, and even tout its advantages, based on increased productivity, improved customer service, protection of property and information, and legal compliance. Employees, labor organizations and academic critics object strongly to monitoring. Arguments tend to be personal in nature and, in most jurisdictions, legally weak. They focus on the potential for employer abuse and general privacy concerns. The substantial increase in monitoring in recent years suggests that these arguments have been unpersuasive.

2. Privacy Restrictions On Monitoring

Privacy restrictions on employer monitoring are imposed generally in two ways: constitutional and statutory restrictions. Contrary to popular belief, the United States Constitution does not afford the right to privacy in the private workplace. The right is limited to unwarranted searches by the government. The majority of state constitutions do not guarantee privacy rights in the workplace. For those that do, the right often is outweighed by the employer's need to know. There are various statutory restrictions, but they have important exceptions. In short, a careful employer can monitor as necessary.

1. United States Constitution
   
   The Fourth Amendment to the United States Constitution provides the “right of people to be secure in their persons, houses, papers, and effects against unreasonable searches and seizures by the federal government.” From this restriction, courts have implied a right to privacy.
   
   Private Sector: This right does not apply in the private sector. See, e.g., United States v. Jacobsen, 466 U.S. 109 (1984).
   
   Public Sector: The Constitution provides limited protection for government employees. The courts will balance the employees' “legitimate expectations of privacy” against the government employer's need to supervise the workplace and conduct efficient operations. See O'Connor v. Ortega, 480 U.S. 709 (1987). Otherwise reasonable expectations of privacy may be deemed unreasonable where the employer warns employees in advance of the employer’s monitoring. The key is whether “any workplace practices, procedures or regulations” diminish the employee’s belief of privacy. See United States v. Simons, 206 F.3d 392 (4th Cir. 2000). For example, an agency’s internet policy advising of periodic electronic audits of computer use “placed employees on notice that they could not reasonably expect that their internet activity would be private.” Id. The government employer's intentional monitoring must be based on a reasonable suspicion that its investigation will uncover work-related misconduct. See O'Connor, 480 U.S. at 726. Otherwise, the “search” must be non-investigatory in nature (i.e., the inadvertent retrieval of information).
2. State Constitutions
   
   Virginia: The Virginia constitution does not articulate a specific privacy right. Indeed, Virginia's “search and seizure” prohibition is weaker than that in the federal constitution. It provides in Article 1, Section 10:
   
   That general warrants, whereby an officer or messenger may be commanded to search suspected places without evidence of a fact committed, or to seize any person or persons not named, or whose offense is not particularly described and supported by evidence, are grievous and oppressive, and ought not to be granted.
   
   This state constitutional provision has never been interpreted to provide a right of privacy in the private sector. See, e.g., Town of Madison v. Ford, 255 Va. 429 (1998).
   
   Other States: Ten states expressly grant their citizens a constitutional privacy right. Those are: Alaska, Arizona, California, Florida, Hawaii, Illinois, Louisiana, Montana, South Carolina, and Washington.
   
   Reasonable Expectation: Ultimately, any claim under a state constitution would require an employee to show initially a reasonable expectation of privacy under the workplace circumstances. Therein, lies the key for employers who wish to monitor. The employer must provide a workplace in which the employee cannot assert a reasonable expectation of privacy. For example, in Bohach v. City of Reno, 932 F. Supp. 1232 (D. Nev. 1996), the court upheld the public employer's right to monitor and disclose employee e-mails. The court held that since the messages were sent using the employer's system, the employees could not reasonably expect them to remain private. The employer's published policies to that effect were important to the court's decision.
   
   Consent: Consent is a defense to privacy claims. There is no expectation of privacy where consent is given. Some jurisdictions will require the consent of all parties to a communication. Others require only the consent of one party.
3. Federal Statutes
   
   The Wiretap Act
   
   The Omnibus Crime Control and Safe Streets Act of 1968, as amended by Title I of the Electronic Communications Privacy Act of 1986, (together the “Wiretap Act”) is the primary federal statute governing communications monitoring. See 18 U.S.C. §§ 2510 et seq. The Wiretap Act prohibits the intentional interception, use or disclosure of any oral, wire or electronic communication. However, the law has three major exceptions, two of which are important to employers needing to monitor computer (particularly e-mail) and telephone use.
   
   Definitions: The Wiretap Act’s definitions are broad:
   
   Oral Communications includes any oral communication “uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation.” 18 U.S.C. § 2510(2).
   
   Electronic Communication means “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic photoelectronic or photooptical system that affects interstate or foreign commerce . . . .” 18 U.S.C. § 2510(12). This would include communications made via the Internet, computer, voice mail, and e-mail.
   
   Wire Communication means “any aural transfer made in whole or in part through the use of facilities for the transmission of communications by the aid of wire, cable, or other like connection between the point of origin and the point of reception . . . .” 18 U.S.C. § 2510(1).
   
   Intercept means “the aural or other acquisition of the content of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device.” 18 U.S.C. § 2510(4).
   
   Content Monitoring: The Wiretap Act applies to “content” monitoring, not “transactional” monitoring. This means, for instance, that an employer can monitor the number of telephone calls made without involving the Wiretap Act. Monitoring what was said in those calls would be governed by the Wiretap Act.
   
   Example: A manager using a computer to intercept an employee's e-mail has intentionally intercepted via an electronic device a covered electronic communication. Unless the act qualifies under one of the exceptions below, it violates the Wiretap Act. If the manager discusses the e-mail with other managers and they decide to terminate the employee because of it, the managers have committed two additional violations – use and disclosure of the unlawfully intercepted communication.
   
   Penalties: A successful claimant under the Wiretap Act is entitled to injunctive relief, actual damages, punitive damages and attorneys' fees and litigation costs. In lieu of actual damages, a claimant can collect the greater of $100 per day for each day a violation occurred or $10,000. See 18 U.S.C. § 2520(b), (c). There is some conflict of authority on whether multiple violations on a single day entitle a claimant to increased damages. See Desilets v. Wal-Mart Stores, Inc., 171 F.3d 711, 714 (1st Cir. 1999) (rejecting stacked damages for multiple violations, but noting the disparate results of other decisions on the issue). The criminal penalty is up to five years' imprisonment and/or a corporate fine of up to $500,000 or individual fine of up to $250,000. See 18 U.S.C. § 2511(4)(a).
   
   Service-Provider Exception: The Wiretap Act exempts providers of wire or electronic communications services if a service employee intercepts, uses or discloses protected communications “in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights and property of the [service] provider. . . .” 18 U.S.C. § 2511(2)(a)(i). This is the “telephone company” exception. It is unclear whether this exception would apply to an employer that has established its own internal, e-mail or voice-mail systems.
   
   Business Extension Exemption: An interception does not violate the Wiretap Act where it uses an electronic or mechanical device furnished to the employer by a service provider in the ordinary course of the provider's business and the device is used by the employer in the normal course of its business. See 18 U.S.C. § 2510(5)(a). This allows an employer to monitor an employee's telephone calls through the use of a standard telephone extension, including “cordless” telephones. See Fischer v. Mount Olive Lutheran Church, Inc., 207 F. Supp. 2d 914 (W.D. Wis. 2002). The employer must have a good faith reason for monitoring the telephone call from another extension unless the employee has consented. Curiosity or prurient interests are insufficient. The exception permits listening only to the business portion of an employee's telephone call. Once the manager determines that the call is personal, he or she must cease listening. See Watkins v. L.M. Berry & Co., 704 F.2d 577 (11th Cir. 1983).
   
   Consent: The Wiretap Act permits otherwise prohibited electronic monitoring where one party to the communication consents. 18 U.S.C. § 2511(2)(d). Consent may be implied where acquiescence is clear. See Griggs-Ryan v. Smith, 904 F.2d 112 (1st Cir. 1990) (a party who continues his conversation despite prior warning that calls are monitored has given implied consent). Implied consent does not include constructive consent – i.e., where the party knows that the employer has the capability to monitor, that monitoring may occur, or where the party otherwise should have known from the general circumstances that monitoring was a possibility.
   
   Interception Issue: For years litigants and the courts wrestled with the question of whether the Wiretap Act prohibited unauthorized access to stored electronic communications such as e-mail and voice mail or only the interception of electronic communications in transmission. Some argued that the prohibition must apply to stored electronic communications because storage is a necessary incident to their transmission. They are stored in various junctures between their creation and reception. The transmission of electronic communications typically is very short since most travel at the speed of light. Thus, it was argued that the Wiretap Act would have no protective effect in today’s world unless the prohibitions extend to stored electronic communications. See Jarrod J. White, E-mail @ Work.com: Employer Monitoring of Employee E-mail, 48 Ala. L. Rev. 1079 (1997); see also United States v. Smith, 155 F.3d 1051 (9th Cir. 1998). These arguments were bolstered by the initial inclusion of the phrase “any electronic storage of a communication” in the definition of a wire communication, even though no similar reference was ever included in the definition of electronic communication. The issue has been resolved somewhat. The USA PATRIOT Act, Pub. L. No. 107-56 (Oct. 26, 2001) removed the confusing reference to “electronic storage” in the definition of wire communication. The Wiretap Act now generally is accepted to apply to interceptions of protected communications in transmission. See Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2002). For employers seeking to avoid issues, however, the debate often has been rendered academic by other protections for stored communications.
   
   (ii) Stored Communications Act
   
   The Stored Wire and Electronic Communications and Transactional Records Access Act (which is Title II of the Electronic Communications Privacy Act) is the other major amendment to the Omnibus Crime Control Act. The Stored Communications Act, as it is generally known, prohibits “intentionally accessing without authorization a facility through which an electronic communication service is provided,” thereby gaining access to stored information. 18 U.S.C. §§ 2701(a)(1). The law is aimed at protecting stored e-mail, voice-mail and other stored wire and electronic communications. It also prohibits the disclosure of stored communications. 18 U.S.C. § 2702(a).
   
   Definitions: The Stored Communications Act uses the same definitions as the Wiretap Act .
   
   Damages: Like the Wiretap Act, the Stored Communications Act provides for injunctive relief, actual damages, and attorneys' fees and litigation costs. 18 U.S.C. § 2707(b). However, the minimum damage award is $1,000, much lower than that under the Wiretap Act. Punitive damages are available under the Stored Communications Act if the violation is “willful or intentional.” Id. at § 2707(c).
   
   Employer-Owned System Exception: The Stored Communications Act provides an exemption for access to information “by the person or entity providing a wire or electronic communications service.” 18 U.S.C. § 2701(c)(1). This exception arguably is different from the “telephone company” exemption under the Wiretap Act because employers often provide the computer systems on which electronic communications are stored. This led some early commentators to conclude that employers may access and disclose employee communications stored only on employer-owned, internal systems. See, e.g., Hernandez, ECPA and Online Computer Privacy, 41 Fed. Comm. L.J. 17 (1988). This interpretation would be of little value to employers since most systems now connect to the internet and, therefore, are no longer completely internal. More recent court decisions, however, have held that this “provider” exception applies to internet based communications systems. See, e.g., Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107 (3rd Cir. 2003).
   
   Consent: Consent is an exception. The Stored Communications Act prohibits only unauthorized access and disclosure. 18 U.S.C. § 2701(a)(1), (c)(2). Authorization must be given by the “user” of the communications service. Arguably, the user of employer-provided services on employer-provided equipment is the employer.
4. Virginia Statutes
   
   The myriad of different states' statutes forms a spectrum of employee privacy rights. The extent of those rights depends upon the jurisdiction. Virginia law generally affords very limited privacy protections, giving employers the corresponding ability to broadly monitor employee activity.
   
   Interception Act: Virginia's Interception of Wire, Electronic or Oral Communications Act, Va. Code §§19.2-61 et seq., is virtually the same as the federal Wiretap Act. The available remedies under the Virginia law are the same except that the minimum is $1,000. The consent of one party to the communication provides an exemption to the Act's prohibitions. By comparison, Maryland's statute makes it unlawful to intercept protected communications unless (i) the intercepting person is a party to the communication, and (ii) all of the parties to the communication have given prior consent to the interception. See Md. Code, Courts and Jud. Proc. §10-402.
   
   Telephone Monitoring: Virginia Code §18.2-167.1 makes it a Class 4 misdemeanor for any employer to intercept any telephone conversation between an employee and a customer. Interception is permissible, however, if the employer gives the employee notice that monitoring “may occur at any time during the course of such employment.” This is a lower standard than under federal statutes. By comparison, California law requires the consent of all parties to the conversation. See Cal. Penal Code § 632.
   
   Computer Examination: Virginia's Computer Invasion of Privacy Statute, Va. Code §18.2-152.5, makes it a Class 1 misdemeanor for any person to use a computer or network to “intentionally examine without authority any employment, salary, credit or any other financial or personal information related to any other person.” Section 18.2-152.12 grants civil relief for violations of the computer invasion of privacy statute, including recovery of litigation costs. However, an authorized manager can access employment and salary information, and certain personal information, about an employee. e. Protected Concerted Activity
   
   Employees have the federally protected right to engage in concerted activity to promote their collective interest concerning wages and other terms and conditions of employment. See 29 U.S.C. § 157. An employer’s surveillance of employees’ protected concerted activity is illegal where the activity is off-duty or takes place under circumstances outside the employer’s normal watchful eye. See, e.g., NLRB v. Nueva Eng’g, Inc., 761 F.2d 961 (4th Cir. 1985). Use of e-mail by employees for the mutual aid of other employees has been held to be protected concerted activity. See Timekeeping Sys., Inc., 323 NLRB 244, 154 LRRM 1233 (1997). Unannounced electronic monitoring of e-mails and other communications where employees believe their protected concerted activities are secure raises substantial issues of illegal surveillance under the National Labor Relations Act.

1. Formal Policy Provisions
   
   The precise content of an employer's monitoring policy will vary depending on what the employer wants to be able to do. Once the policy is in place, however, the employer must be prepared to stay within its boundaries. Consider the following provisions in the policy:
   
   Personal Use & Responsibility: The system belongs to the company and should be used only for business purposes. The company may choose to permit limited personal use. If so, require a form disclaimer stating that the messages sent and received are not the views of the company. Limit use for hourly workers to non-working time and for exempt employees to moderate instances that do not interfere with work. Make employees personally responsible for the content of the communications that they obtain, retain or distribute.
   
   Dispel Privacy Expectations: Reserve the employee’s right to monitor, access and disclose in its discretion any communications (including personal ones) involving its system. Employees should have no expectation of privacy even where pass words or encryption is used. Include a reminder that communications may continue to exist on the company's system even after they have been “deleted.”
   
   Accessing Information of Others: Notwithstanding the employer’s right to monitor and review communications, prohibit employees from accessing each others’ communications without prior approval from management, except in the performance of their assigned job duties.
   
   Prohibited Communications: Prohibit disruptive, offensive, discriminatory, derogatory, harassing, threatening and defamatory communications on the system.
   
   Hidden/Bulk Communications: Prohibit communications that conceal the sender’s identity. Also prohibit sending or forwarding bulk communications or those unrelated to company business and to which the recipient may object.
   
   Solicitation: Require that the system not be used to solicit other employees for any purpose, including membership or adherence to any outside organization. (Employers will need to be vigilant in enforcing this policy or it may have little effect when needed.)
   
   Encryption: Sensitive information should be sent by e-mail only after proper encryption and approval by a designated manager. All passwords must be registered with the employer’s network administrator or other designated person. Not only does this facilitate monitoring, but it also helps counter any expectation of privacy for password protected information.
   
   Illegal Downloading/Use: Prohibit use of company resources to download, distribute or use software or other information in violation of any intellectual property or other proprietary rights. This is important for protection against legal claims, viruses, and waste of resources.
   
   Confidential Information: Prohibit the disclosure, intentional or otherwise of confidential or proprietary information belonging to the Company.
   
   Consent: Provide that use of the system under these policies will be deemed consent to them.
   
   Company Property?
   
   Company ownership of the systems and software licenses may seem obvious, but stating this in the policy establishes the employees’ knowledge of this fact. This helps to dispel expectations of privacy and to establish the owner’s right to monitor information on its systems. Many commentators also suggest that the policy should state that all communications created or received on the system are the employer’s property. This may not be a good idea. Does the employer really want to claim ownership of child pornography that an employee downloads from the internet? Undoubtedly not. If the expectation of privacy is dispelled, claiming ownership of the information on the employer-owned system is not necessary.
   
   Distribute & Acknowledge
   
   The policy should be distributed to all current employees and given to all new employees. Each should be required to sign a form acknowledging receipt and understanding of the policy, and agreement to it. The physical act of signing this form will further demonstrate consent. The policy should be included in company handbooks and other places where policies appear. E-mail systems can be programmed so the policy automatically appears on the monitor when an employee logs on to the system.
2. Training
   
   A recent survey by the Society for Human Resources Management concluded that only half of all employers provide formal training on the use of company systems and the policies governing use of those systems. Training that goes beyond the rudiments of system use will help employers deal with privacy issues by re-enforcing knowledge of the policies, providing further evidence of informed use and consent to monitoring.

See ADA Manual (BNA) 70:1103, 1116. On the other hand, the EEOC notes that a test designed to measure only such factors as an applicant’s honesty would not “normally” be considered a medical examination. Id. This “normal” result might change if the applicant’s propensity toward dishonesty was due to some pathology.

Post-Offer Validation: If a pre-employment test is likely to illicit medical information, it may be given under the ADA after the job offer but prior to placement of the applicant. See 42 U.S.C. § 12112(d)(3). However, even then the employer cannot use the test results as a basis to withdraw the offer without showing that the test is job-related and consistent with business necessity. See 42 U.S.C. § 12112(b)(6). The employer must correlate the tested behavior to the performance of essential job functions. State Prohibitions: State statutes, regulations and case law on psychological and personality testing varies widely. Virginia has little law on the subject. Other states prohibit these tests.

Credit Checks and Consumer Reports

The Fair Credit Reporting Act (FRCA), 15 U.S.C. §§ 1681-1681t, regulates the use and disclosure of consumer reports for employment purposes. State law is pre-empted to the extent that it is inconsistent with the FRCA’s scheme. Id. at § 1681t. While the notion of obtaining or using a “consumer report” may seem unrelated to a basic pre-employment background check, thousands of employers request and use them each year, perhaps without knowing it. They can include reports on employment histories, credit, income, driving records, criminal arrests and convictions, and other personal information. Two types of reports are governed by the FRCA: consumer reports and investigative consumer reports.

Consumer Reports: A consumer report is defined as:

any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility for…employment. . . .

Id. at § 1681a(d)(1). Importantly the definition excludes any report containing information solely as to transactions or experiences between the consumer and the person making the report. Id. at § 1681a(d)(2)(A)(i). This exclusion has been held to apply to drug tests. See Hodge v. Texaco, Inc., 975 F.2d 1093 (5th Cir. 1993).

Consumer Reporting Agency: The FRCA applies only to reports prepared by consumer reporting agencies. This is “any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in… the practice of assembling and evaluating consumer credit information or other information on consumers for purposes of furnishing consumer reports to third parties. . . .” 15 U.S.C. § 1681a(f).

Conditions on Consumer Reports Use: Before obtaining a consumer report, an employer first must make a “clear and conspicuous disclosure” in writing that a consumer report may be obtained. The employer also must get written authorization from the applicant. A combined disclosure and authorization document is allowed. Before taking any adverse action based on the consumer report, the employer must provide the applicant a copy of the report and a written description of the applicant’s rights as prescribed by the Federal Trade Commission. If adverse action is taken, the employer additionally must provide the name, address and telephone number of the consumer reporting agency, along with a statement that the agency did not take the adverse action and is unable to provide the consumer with specific reasons for the adverse action. Id. at § 1681b.

Investigative Consumer Reports: This is “a consumer report or portion thereof in which information on a consumer’s character, general reputation, personal characteristics, or mode of living is obtained through personal interviews with neighbors, friends, or associates of the consumer reported on or with others with whom he is acquainted or who may have knowledge concerning any such items of information.” Id. at § 1681a(e).

Use and Disclosure Requirements: In addition to the requirements described above, a person may not obtain or cause to be prepared an investigative consumer report unless it is “clearly and accurately” disclosed to the applicant that a report about his or her character, general reputation, personal characteristics and mode of living, whichever are applicable, may be prepared. This disclosure must be made in writing and mailed or delivered within three days after the report is requested. The disclosure also must include a statement that, upon request within a reasonable period of time, the employer will disclose in writing the nature and scope of the investigation requested. Id. at § 1681d.

Off-Duty Conduct

In the absence of discrete state legislation or an applicable public policy, employers generally are free to deny or condition an applicant’s employment based on off-duty conduct. (This of course does not include the consideration of activities that would tend to screen out applicants on the basis of protected status.) Four states, Colorado, California, New York and North Dakota, have statutes that prohibit employers from considering an employee’s legal activities outside of work. Approximately 25 other states have statutes that prohibit discrimination against applicants and employees because of their lawful product use. The majority of these statutes are limited to tobacco use. A few, such as the Nevada statute, protect the lawful use of any product outside the workplace. Virginia’s statute is one of the least restrictive. It protects only applicants for employment with the Commonwealth. See Va. Code § 15.1-29.18. Generally, these statutes include an exemption where the use or non-use of a particular product is a bona fide occupational qualification.

PRIVACY IN DRUG TESTING

Employers test for drug use for a variety of compelling reasons, including: productivity, accident and injury prevention, reducing medical costs, employee theft concerns, workplace morale, corporate image, and, in certain industries, to comply with legally imposed requirements. While drug testing conflicts with notions of personal privacy (such as the right to determine what one does to one’s mind and body), the “right” to engage in illicit and unsafe drug use generally is weighed with skepticism against competing social objectives of controlling such behavior. Thus, drug testing generally is permitted with varying restrictions from state to state.

1. Public Sector

The major question presented by drug testing in the public sector is the limits imposed by the Fourth Amendment’s prohibition of unreasonable government searches. It is a question of balancing the privacy interests of the individual versus the need of the public employer to test. The need must be “substantial.” Chandler v. Miller, 520 U.S. 305 (1997). For example, in National Treasury Employee’s Union v. Von Raab, 489 U.S. 656 (1989), the Supreme Court sustained the permissibility of requiring drug testing of customs service agents. Individual privacy interests in that case were outweighed by the importance that armed law enforcement officers not be impaired. On the other hand, in Chandler, a state statute requiring all candidates for public office to pass a drug screening test was struck down. The need for testing in that case was seen as largely “symbolic” and did not outweigh the expectation of privacy.

2. Federal Statutes

Omnibus Transportation Employee Testing Act: This federal statute is aimed at the use of alcohol and use of illegal drugs in the safety sensitive industries of aviation, railroading and trucking. See 49 U.S.C. § 1834 (aviation); 45 U.S.C. § 431 (railroading); and 49 U.S.C. § 277 (trucking). Extensive regulations promulgated by the Secretary of Transportation require regulated employers in these industries to conduct testing in each of four situations: pre-employment, reasonable suspicion, random and post-accident. The regulations prescribe comprehensive standards for testing. These regulations withstood constitutional challenge in Skinner v. Railway Labor Exec. Ass’n, 489 U.S. 602 (1989).

Drug Free Workplace Act: This statute governs federal contractors and grantees. See 41 U.S.C. §§ 5151-5160. Under the Act, subject employers must (i) prohibit the use or possession in the workplace of any “controlled substance” as that term is defined, (ii) post public notices of these prohibitions and the sanctions for noncompliance, and (iii) establish a “drug-free awareness program.” Employees also are required to inform their employer of any conviction for a violation of a drug statute occurring in the workplace. The Act does not require employers to perform drug testing or preclude them from doing so.

ADA: While the ADA restricts pre-employment medical inquiries, an employer may conduct a drug test for current illegal drug use. 42 U.S.C. § 12114(b). Indeed, a person currently engaged in illegal drug use is excluded from the definition of a protected individual with a disability. Id. at § 12114(a). On the other hand, an employer may not seek information at the pre-offer stage about current or prior lawful drug use. Such information could reveal the existence, nature or severity of a protected impairment. See ADA Manual (BNA) 70:1103. If an employer conducts a test solely for unlawful drug use, but receives test results indicating lawful drug use – such as where the test is initially positive and the applicant confirms lawful drug use to explain the results – the employer has not violated the ADA. Id. In such case, the test still qualifies under the exception to the medical examination prohibition.

3. Virginia

Virginia has no constitutional, statutory or common law privacy restrictions on workplace drug testing.

Other States’ Restrictions

Ten states’ constitutions expressly guarantee the right to privacy, see part A

above, but only the California constitution has been held to apply to drug testing by private entities. See Landon v. Northwest Airlines, 72 F.3d 620 (8th Cir. 1995) (citing Hill v. NCAA, 865 P.2d 633 (Cal. 1994) (requiring a balancing of the expectation of privacy versus the need for the invasion)). Additionally, 23 states have statutes restricting the circumstances in which drug testing is permitted, the testing procedures that may be used, or both. These are: Alabama, Alaska, Arizona, Arkansas, Connecticut, Florida, Hawaii, Idaho, Iowa, Kansas, Louisiana, Maine, Maryland, Minnesota, Montana, Nebraska, North Carolina, Oklahoma, Oregon, Rhode Island, Utah, Vermont and Washington. The protections afforded under these statutes vary dramatically. Compare Vt. Stat. Tit. 21, § 513 (restricting employee testing to probable cause situations and disciplinary measures if the employee participates in an “assistance” program) with Md. Code, Health-General § 17-214.1 (prescribing testing procedures only).

Adulteration

Most laboratories follow the Department of Transportation guidelines for testing as the “gold standard”. These guidelines do not require specimen testing for adulteration, and often laboratories will not perform such tests unless specifically requested. There is nothing under Virginia or federal law prohibiting employer requests for adulteration testing. Indeed, Virginia Code § 18.2-251.4 makes it a Class 1 misdemeanor to adulterate any bodily fluid sample with the intent to defraud a drug test. Eight other states have similar statutes. They are: Louisiana, Nebraska, New Jersey, North Carolina, Oregon, Pennsylvania, South Carolina and Texas.

About the author: Thamer E. "Chip" Temple III is a Principal of the Firm practicing primarily in the area of labor and employment law, representing management and executives in all areas of employer rights.

Back to Articles