The Fourth Circuit Court of Appeals recently decided a case demonstrating the substantial damages available under the federal Stored Communications Act (“SCA”) for improperly accessing an employee’s private, personal e-mail account. The underlying lawsuit was brought by a former employee of the defendant company and was based on allegations that the employer improperly gained access to and read e-mail from the employee’s private e-mail account without her permission.
The employee initiated an employment discrimination lawsuit against the employer, along with a claim for unemployment benefits and unpaid commissions. Meanwhile, the employer instituted an action against the employee for several business torts. During a deposition in the employer’s lawsuit, the employer used several e-mails that were obtained from the employee’s personal e-mail account. Significantly, the employer company provided the employee a company e-mail account, but the employee also used her personal e-mail account for business purposes.
The employee sued the employer company and its president under the SCA. The SCA provides, in substance, that it is unlawful for anyone to intentionally and without authorization access a facility through which an electronic communication service is provided. The SCA provides statutory penalties for each violation of the Act. The amount of the judgment that was initially entered against the employer company and its president individually is noteworthy. The jury awarded the employee $150,000 in statutory damages and $75,000 in punitive damages against the president of the company, and an additional $25,000 in statutory damages and $25,000 in punitive damages against the company. The court also awarded the employee $135,723.56 in attorneys' fees and costs. The Fourth Circuit Court of Appeals eventually struck the statutory damages award because the employee did not prove she suffered actual damages, but allowed the punitive damages and attorney fee award to stand.
Although this case primarily dealt with the proper measure of damages under the SCA, it does serve as a reminder that there may be a statutory cause of action for damages when employers improperly gain access to and read e-mail from an employee’s personal e-mail account without his or her permission. The case also should cause employers to examine their electronic information policies.
The SCA contains exceptions that permit an employer to access and monitor employee e-mail on e-mail systems and other “electronic communication systems” that are owned or provided by the company, or whenever employees consent to such monitoring. Many employers have policies that put employees on notice that any e-mail systems, voicemail systems, and other electronic data storage systems owned or provided by the company are the property of the company and that employees have no expectation of privacy in the e-mail and other data stored or transmitted on those systems. Properly drafted, these policies permit monitoring of employee e-mail on company-owned or company-provided systems and other forms of company-facilitated communication, without exposing an employer to liability for privacy-based civil claims.
To obtain employee consent, the policy should be included in the employee handbook given to all employees, and employees should be required to sign an acknowledgement and consent form indicating that the employee consents to the terms of the policy and to the company's monitoring of e-mail and internet use and any other electronic information systems covered by the policy.
Having a comprehensive electronic information policy in place can help an employer that monitors employee e-mail avoid difficulty if a claim is brought by an employee based on invasion of privacy.
IMPORTANT REMINDER TO ALL EMPLOYERS: All U.S. employers are required to complete and retain a Form I-9 for each individual hired for employment in the United States. The United States Citizenship and Immigration Services (USCIS) recently published a rule that amends Form I-9. The revised Form I-9 reflects changes to the list of documents that are acceptable for establishing identity and employment authorization. Additionally, the revised form reflects the new rule’s requirement that all documents provided during the verification process must be unexpired. The effective date for the new Form I-9 was April 3, 2009. The new form must be used from that date forward. Employers may obtain copies of the new form from the USCIS website.