Earlier this month, I posted an
article on how employers could face
liability under the federal Stored Communications Act (“SCA”) if they solicited
Facebook “friends” to access an employee’s social media postings.
According to a U.S. District
Court in Ohio, employers also could face SCA liability for viewing an employee’s
e-mails on a company-issued phone.
In Lazette v.
Kulmatycki and Cellico Partnership d/b/a Verizon Wireless, 3:12-cv-2416 (JGC) (N.D. Ohio June 5, 2013), Sandi
Lazette received a company-issued Blackberry from her employer, Verizon
Wireless. Lazette would send and receive
business related e-mails on the device. She was told that she also could use the
company-issued phone for personal e-mail so she linked the device to her
personal G-mail account.
When she left the company in September 2010,
she returned the company-issued phone to her supervisor, Chris Kulmatycki. She understood
that Verizon would “recycle” the phone for use by another employee. However, when Lazette returned the
phone, she neglected to delete the access to her personal Gmail account.
Over the next 18 months, without Lazette’s knowledge or
authorization, Kulmatycki accessed her
G-mail and accessed approximately 48,000 of her e-mails, which included
communications about her family, career, financials, health, and other personal
matters. Lazette subsequently filed suit
against Verizon and her former supervisor under the SCA.
The company sought
to have the case dismissed on a number of grounds, including its argument that
the supervisor’s access was “not” unauthorized because: (1) he used a
company-owned Blackberry; (2) he did not access a “facility,” as the statute
uses that term; and that (3) Lazette authorized Kulmatycki’s access because she
had not expressly told him not to read her e-mails and that she implicitly
consented to his access by not deleting her G-mail account. Not surprisingly,
the District Court rejected Verizon’s argument:
Turning to the
substance of defendants’ contentions, defendants, in effect, contend that plaintiff’s negligence left her e-mail door
open for Kulmatycki to enter and roam around in for as long and as much as he
desired . . . Whether viewed through the lens of negligence or even of implied
consent, there is no merit to defendants’ attempt to shift the focus from
Kulmatycki’s actions to plaintiff’s passive and ignorant failure to make
certain that the blackberry could not access her future e-mail.
After the District Court denied
Verizon and Kulmatycki’s motion to
dismiss, the case settled in August 2013 before it went to trial.
In this particular case, it’s obvious that the supervisor’s actions
were not authorized by Verizon and his stalker-like review of the plaintiff’s
personal e-mails were not for any legitimate business purpose.
Aside from the inherent creepiness and “ick factor” of the plaintiff’s
former supervisor, this case highlights the need for employers to have very
clear policies as to what level of privacy an employee can expect in their use
of a company’s devices or when an employee uses a personal mobile device or
computer on behalf of their employer.
In years past, such policies would simply inform employees that they
should have no expectation of privacy, and that the company device is the
property of the employer and may be subject to monitoring. However, with companies allowing more
personal use of company devices or moving to the practice of “BYOD” or “bring
Your Own Device” for use at work, the lines have gotten blurred. As such, employers need to regularly review
and update their handbook policies to address how technology is actually being
utilized by employees.
In light of this case, a good internal practice would be for a
company’s IT department to review all returned devices and ensure they are
scrubbed of any personal information before being recycled to another employee.
Mark Fijman is a labor and employment
attorney with Phelps Dunbar, LLP, which has offices in Louisiana, Mississippi, Florida, Texas, Alabama,
North Carolina and London. To view his firm bio, click here. He can be reached at (601) 360-9716 and by
e-mail at fijmanm@phelps.com.
