United States 
Canada (EN) 
MĂ©xico 
France 
Deutschland 
United Kingdom 
Quick Hits
- Customs officials can search the content on electronic devices, but Transportation Security Administration (TSA) agents cannot.
- Companies can revise their employee handbooks to include detailed policies about how to secure electronic devices while traveling.
Recently, there have been increasing concerns about potential data breaches or disclosure of sensitive information stored on employees’ laptops, phones, and tablets as they travel for work or personal reasons.
In some cases, employees’ devices contain troves of data that must be kept private for legal or business reasons. For example, attorneys may have private information about clients, and executives may have proprietary information about a company’s products, processes, or customer lists.
The Fourth Amendment of the U.S. Constitution prohibits unreasonable searches by the government, but courts have maintained that border searches, including of digital devices, do not require a warrant. As people enter the country, U.S. Customs and Border Patrol (CBP) can access or download photos, emails, texts, and social media activity. Putting a device on airplane mode can prevent CBP from accessing data hosted on cloud services.
CBP can retain devices for an undetermined amount of time. CBP searches aim to prevent terrorist activity, child pornography, drug smuggling, human trafficking, export control violations, intellectual property rights violations, visa fraud, and other violations.
Unlike CBP, TSA agents cannot legally search the content on a person’s devices without a warrant. They can swab devices for evidence of explosives.
The border policies and searches in other countries vary widely. For example, European privacy laws generally limit when and how border officials can search electronic devices without a warrant or reasonable suspicion.
Depending on the person’s immigration status and other factors, refusing to cooperate with a CBP search or provide passwords could result in denied entry, device seizure, or further detention. This could be disruptive to an employer’s operations or work-related events, such as a planned speech or business meeting. Having a device stolen while traveling could be equally disruptive and/or have data privacy implications for employers.
Updating and communicating written policies with workers may help to minimize the impact of border searches and theft of devices.
Next Steps
Employers with employees who travel frequently for work may wish to consider drafting new policies to protect confidential or proprietary information. This could include:
- encouraging workers to not carry their laptops or other company devices across international borders unless it is absolutely necessary for work;
- encouraging workers to bring a device without sensitive information on it if they travel internationally;
- instructing employees to allow for extra time for customs searches;
- informing workers that they can tell customs officials about their concerns regarding confidential or proprietary information;
- instructing employees on what they should and should not do if their device is searched by customs officials or stolen;
- requiring employees to contact internal counsel and/or the information security department if their device is confiscated or stolen;
- encouraging workers to use strong passwords, implement two-factor authentication, and be mindful of what is available in their cloud storage; and
- requiring workers to turn on device encryption, if possible, and turn off the device or put it on airplane mode before entering another country.
Ogletree Deakins will continue to monitor developments and will provide updates on the Cybersecurity and Privacy and Technology blogs as new information becomes available.
Dee Anna D. Hays is a shareholder in Ogletree Deakins’ Tampa office.
This article was co-authored by Leah J. Shepherd, who is a writer in Ogletree Deakins’ Washington, D.C., office.
Follow and Subscribe
LinkedIn | Instagram | Webinars | Podcasts
