It’s an unfortunate truth of the cell phone era that sometimes, employees will abuse their access to these devices. Whether their employer owns the device, or allows “bring your own device” (BYOD) to work, the convenience and ubiquity to an individual’s day-to-day means that sometimes, devices will be used inappropriately.
In the law enforcement arena, several very recent news stories highlight this truth:
- Chicopee (Massachusetts) police officers were investigated after leaking crime-scene images of murder victim Amanda Plasse. The photos were taken with officers’ personal mobile devices and shared with people outside the Chicopee Police Department.
- In Denver (Colorado), an officer was given a desk assignment after allegedly using his department-issued mobile device to sexually harass a woman.
- Connell (Washington)’s chief of police is under investigation for allegedly watching pornography on a city-issued cellphone.
- A Roseville (California) police officer used his cell phone to stalk and harass a woman.
How can you protect yourself and your agency in the event of these types of allegations?
Establish proactive and reactive policies
Whether you issue devices or allow BYOD, have policies that establish acceptable use. In either case, personal communications should not interfere with official duties. Require employees to password-protect their devices, and possibly even encrypt potentially sensitive data, such as text messages between officers and witnesses.
Clearly lay out what behavior will not be tolerated. This can be as obvious as pornography viewing on duty (or even off duty on a government-issued device), or as “gray” as limiting personal communications only to family emergencies.
In Connell as well as in many other communities, employees can use their city-issued phones for some personal use as long as it doesn't add to maintenance costs, and/or if they agree to pick up the tab for additional accrued costs. However, employees also have a limited expectation of privacy in the use of employer-issued devices, as the US Supreme Court ruled in City of Ontario v. Quon in 2010.
BYOD policies are a little different. These should stipulate:
- What devices are permitted. As government employees, everyone in your agency may need to adhere to any policy already in place for your city, county or state. Devices that are allowed can affect any support issues officers may have with connecting to work email or other internal resources, as well as potential security issues.
- What apps are permitted. Especially on Android devices, it’s possible that some apps may not be as secure as you’d like them to be when a device is accessing your network.
A BYOD policy should also include language that allows the agency or government to search the employee’s device. There should be cause to do so, of course, and the policy should state that the scope of a search will be limited to relevant data (not a wholesale scouring of employee personal data, which could leave you liable if you uncover personal health information or other protected data). This part of the policy should also cover what happens when employees leave the department.
Employees should also be compelled to turn over any evidentiary data on their personal devices as soon as possible after obtaining it. It may be, in some situations, that a personal device is the only means of recording a crime scene, a victim’s injuries, a confrontation of some kind, or other evidence. But policy should dictate when this type of use is allowable and what should happen to the evidence following the recording.
Policy should also dictate how to handle mobile devices in certain situations, like officer-involved shootings or other use of force encounters. It may be that the device contains no evidence. Then again, the nature of text messages or other communications can help to establish an officer’s frame of mind leading up to an encounter.
Have a standard search procedure