An Ohio Federal District Court recently ruled that Verizon Wireless could be sued for reading a former employee’s personal emails on a company-issued device.
During her employment, Verizon issued Sandi Lazetle a Blackberry which she used for company email. According to Sandi, she was told that she also could use the Blackberry for personal email, which she did through a Gmail account. When she left Verizon, Sandi turned in the Blackberry believing she had deleted her personal email account. She hadn’t, and apparently her former supervisor figured that out. Sandi alleged that over the next 18 months her former supervisor used the Blackberry to read 48,000 of her personal emails, including opening some emails before she had read them. Once Sandi discovered this, she changed her personal email password, and then sued Verizon and the supervisor, alleging violation of the federal Stored Communications Act (“SCA”) and Ohio state laws. Verizon moved to dismiss her entire lawsuit, but the Court disagreed.
Under the SCA, an individual may pursue a civil action for damages and other relief against whomever “intentionally accesses without authorization a facility through which an electronic communication is provided; or . . . intentionally exceeds an authorization to access that facility; and thereby obtains . . . access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a)(1)-(2).
In this case, the Court held that the SCA prohibited the reading of Sandi’s unopened emails (i.e., the emails she had not opened or read) because the reading was done without authorization from Sandi. The Court also held that Sandi could pursue her SCA claim against the supervisor who read the unopened emails as well as against Verizon because the supervisor was acting within the scope of his employment.
As to her state law claims, the Court held that Sandi could move forward with her claim for invasion of privacy for the reading of all her emails (opened or not) as they “were highly personal and private” because they contained communications about her family, career, financial status, health, and other matters. The Court reasoned that a jury could find the supervisor’s behavior (and that of Verizon by extension) as “highly offensive.”
Shortly after the Court issued its order, the parties settled on undisclosed terms.
The lesson for employers: Reading emails in an employee’s personal email account is a potential legal landmine, even if the account is maintained on a company-issued device. Employers should prohibit employees from maintaining a personal email account on a company-issued device and advise employees that maintaining a personal email account on a company-issued device (in violation of the policy) provides authorization for the company to review those emails.
For more information on workplace monitoring issues, please attend our breakfast seminar: Snoops – Cybervetting and Monitoring Employees’ Activities Electronically From Hiring Through Termination on November 12, 2013 (Miami), November 13, 2013 (Boca Raton), or November 14, 2013 (Fort Lauderdale).