Employer Gets Punished for Accessing Employee’s Personal E-Mails

What if your employer goes into your personal e-mails and tries to use them against you?  According to the Fourth Circuit Court of Appeals case of Van Alstyne v. Electronic Scriptorium, Ltd. your employer could get involved in a big legal nightmare it never imagined.

As very well put by Frank Steinberg at the New Jersey Emplyment Law Blog  I doubt whether ESL’s president thought that he was letting himself in for this kind of trouble when he decided to peruse the private e-mails of the object of his office affections.

Here’s what happened in the case.  Bonnie Van Alstyne worked for Electronic Scriptorium Limited (“ESL”)  a small data conversion company owned and operated by a man named Edward Leonard and his wife Brett. Van Alstyne was a friend of the family and was hired to be the  Vice-President of Marketing.

According to Van Alstyne, during the time she worked at ESL Leonard sexually propositioned her. She rejected his advances. Five months later she was terminated.

Van Alstyne  filed a sexual harassment charge with the Equal Employment Opportunity Commission. She also filed several other claims for benefits and unpaid commissions in Virginia state court.

In what appears to be a purely vindictive move, ESL sued Van Alstyne in a separate case in Virginia state court.  During the depositions in the case, ESL’s counsel started asking Van Alstyne questions about various e-mails which were marked as exhibits.

It turns out that these e-mails were from Van Alstyne’s personal e-mail account that Leonard had improperly accessed.

By way of background, Van Alstyne had a company e-mail account during the time she worked at ESL.  Like many employees, Van Alstyne also had a private password-protected e-mail account which she used to handle personal matters from time to time as needed (hers was with AOL).

When Leonard got caught, he first said that he only had a few of  Van Alstyne’s personal e-mails. That statement turned out to be “not entirely true” according to the Court:

Leonard ultimately admitted to accessing Van Alstyne’s AOL account at all hours of the day, from home and internet cafes, and from locales as diverse as London, Paris, and Hong Kong. During discovery, Leonard produced copies of 258 different emails he had taken from Van Alstyne’s AOL account.

The problem for Leonard was that his conduct violated an obscure federal law called the Stored Communications Act (“SCA”)  18 U.S.C. § 2701 (part of the Electronics Communications Privacy Act) Under the SCA an offense is committed by anyone who:

  1. “intentionally accesses without authorization a facility through which an electronic communication service is provided;” or
  2. “intentionally exceeds an authorization to access that facility; and thereby obtains…[an] electronic communication while it is in electronic storage in such system.”

Van Alstyne filed a case against  Leonard and ESL under the SCA in Federal Court in Virginia and won:

  • $175,000 in compensatory damages
  • $100,000 in punitive damages
  • $124,763.38 in attorney’s fees and
  • $10,960.18 in costs

ESL appealed. In it’s recent decision, the Fourth Circuit Court of Appeals held that:

  1. there can be no award of statutory damages without proof of actual damages .
  2. the award of punitive damages does not require proof of actual damages — all that is needed is an intentional violation of the act
  3. an award of attorney’s fees and costs is allowed without proof of actual damages

The awards were vacated and the case was sent back to the district court for a reconsideration of the appropriate amount to be awarded in light of it’s decision. In other words, Van Alstyne won, but not as much money as was originally awarded.

For those who litigate in the future under the SCA,  the affirmance of a punitive damage award, as well as attorney’s fees, without proof of “actual damages” is particularly significant.

What can we learn from this case? Several simple points can be made:

  • As another managment law firm warned, companies should carefully consider when and whether to access, use, or disclose stored communications or customer information and make sure their conduct comports with SCA-authorized activities to avoid the now higher risk of litigation.
  • Companies should not access employees‘ (without authorization) personal e-mails in violation of the SCA because doing so can easily expose them to  punitive damage awards as set forth by the precedent in this case.  It’s also, potentially, an invasion of privacy and just plain wrong.

There are not very many reported decisions dealing with privacy issues in the workplace.  There are also very few cases interpreting the SCA in a workplace setting.  For both of those reasons, this case is both interesting and important.

Image: www.pc1news.com/

Leave a Reply

Your email address will not be published. Required fields are marked *