VIOLATION OF PRIVACY? EMPLOYEE’S GMAIL ACCOUNT ACCESSED BY FORMER BOSS
QUESTION: Until recently, I worked at a title company. I frequently replied to personal emails on my personal Gmail account during lunch. When I resigned from the company two weeks ago; I was not allowed to serve out my notice, but was immediately escorted from the premises. I learned later that my boss accessed my personal Gmail account, using a password I had left on a list in a drawer of my desk (the remaining passwords on the list related to work accounts). I learned of the unauthorized invasion when I received a letter from an attorney claiming that some of my personal emails may have violated a confidentiality agreement, an assertion I dispute. I believe my privacy has been violated.
ANSWER: Your privacy may have been violated. Your former boss may also have violated the Stored Communications Act, 18 U.S.C. 2707, which both establishes a criminal offense and allows employees to sue when a person “intentionally accesses without authorization a facility through which an electronic communication service is provided” and “thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system[.]”
Some important questions in determining whether the Stored Communications Act was violated are whether your Gmail account was created at your employer’s request for work purposes, and whether you had authorized your boss and others to use your Gmail password to access your Gmail account. If your employer asked you to set up the Gmail account for work only, and provided you a user name (and maybe a password) for the account, it is unlikely that a court would view your boss’ access of the account as a violation of your privacy or a violation of the statute. Such an arrangement would indicate that your employer’s access of the account was authorized.
For purposes of the Store Communications Act, Google’s Gmail is viewed as an “outside electronic communications service provider”; if your emails were stored in the Gmail system, not on your employer-provided computer or your employer’s server, or not on a web-based account established by your employer, unauthorized access of those emails would potentially violate the statute. Even where a former employee, for example, deleted personal emails from her company cell phone before returning it to her former employer, the company was found to have violated the statute where it later accessed her personal email account without her authorization. Some courts have ruled a claim of privacy or any expectation of privacy is waived where the company policy prohibits the use of company-owned equipment for personal purposes. With respect to the Store Communications Act, however, courts have generally distinguished between personal and employer provided or maintained accounts.
Another question is whether, even though the account was your personal account, you authorized your employer to access it by leaving the password on a list in your desk. Under the facts you describe, it seems likely a Court (or jury) would conclude that the password was intended to be private, which is why it was kept in a desk drawer and not on a post-it note on your work computer.
If your employer violated the Store Communications Act “for purposes of commercial advantage, malicious destruction or damage, or private commercial gain, or in furtherance of any criminal or tortious action” he could face a fine and/or up to 5 years in prison for a first offense, or 10 years for a subsequent offense. However, if your boss was snooping for some other purpose, he could face a fine and/or imprisonment for a year for a first offense and a fine and/or up to 5 years in prison for a second or subsequent offense. 18 U.S.C. 2701(a) and (b).
In addition to criminal penalties, the Store Communications Act allows a person whose rights have been injured by the violation of the law to bring a lawsuit for damages, which include punitive damages and attorney’s fees. Thus, even if the invasion of your email account caused you no monetary harm, you could perhaps still recover punitive damages and recover any fees you might expend for an attorney’s efforts on your behalf.
The Stored Communications Act was enacted in 2012. Because there is likely to be much more development in this area of law, the advice of an attorney is recommended. Since you have already received a letter from an attorney, accusing you – with or without reason – of violating a confidentiality agreement, you would be doubly wise to consult with an attorney of your own.
The lawyers at GWINN LEGAL PLLC are experienced attorneys and are happy to answer your questions. Give us a call for a free initial telephone consultation about your legal needs. For consideration of your questions in our web column, please submit your inquiry on the “Contact Us” page of our website at www.gwinnlegal.com.
Information provided on “Ask the Lawyer” is current as of the date of publication. Laws and their interpretation are subject to change. The material provided through “Ask the Lawyer” is informational only; it should not be considered legal advice. Submitting a question to “Ask the Lawyer” does not create an attorney-client relationship between the person submitting the question and GWINN LEGAL PLLC. To view previous columns, please visit our website.
By: Daniel A. Gwinn, Esq.
Attorney and Counselor at Law
GWINN LEGAL PLLC
901 Wilshire Drive, Suite 550
Troy, MI 48084
(248) 247-3310 facsimile