A couple of years ago, I blogged (here) about a company that installed spyware to monitor an employee’s Facebook Messenger activity, discovered a nefarious plot to secure client information and intellectual property, and obtained an injunction to stop the employee from starting a competing business.
But there are legal limits to
employer sh*tbaggery surreptitiously monitoring employee communications.
For example, last night, I read a federal court decision involving an administrative assistant at a realty company who alleged that coworkers approached her in December 2021 about leaving with them to start their own company. So, the plaintiff sent an email about the potential job from her personal email account on her personal laptop on December 20, 2021.
According to the plaintiff, her supervisor logged on to the plaintiff’s work computer while the plaintiff was OOO and viewed the plaintiff’s personal email account and emails on her work computer. Then, the defendant’s CEO and COO supposedly called the plaintiff’s potential employer and said, “So we hear that you are starting your brokerage and taking [Plaintiff] with you.”
The potential employer allegedly told the plaintiff about the call, after which she checked her email account and search history and discovered someone had logged on to her work computer while out of the office. According to the plaintiff, the defendant fired her two weeks later, citing her conversation with the potential employer.
So the plaintiff sued for violation of the Stored Communications Act,
The Stored Communications Act.
The SCA prohibits someone from gaining intentional unauthorized access to a “facility through which an electronic communication service is provided,” thereby obtaining access to an electronic communication while in electronic storage. Courts have construed this to forbid employers from accessing Gmail and other password-protected personal email accounts — even those accessible through work computers.
You may be thinking, how did any employer legally monitor an employee’s Facebook Messenger activity without violating the SCA? Good question. In that case, the employee never asserted an SCA claim.
Ordinarily, an SCA claim requires some measure of actual damages. However, violations of the SCA can result in the award of punitive damages if the defendant’s action is willful or intentional. And some courts, like the one that wrote the opinion I read last night, concluded that no allegation of actual damages is necessary to receive an award of punitive damages. Plus, a prevailing plaintiff can recover attorney’s fees. So, these cases can become expensive to litigate.
Generally, employers should not attempt to access employees’ personal email accounts. So ensure that your overly zealous managers and supervisors know this.
If you are going to monitor (or at least reserve the right to monitor) emails sent and received on a company email account, you should notify employees in writing. Some states may require this.
Also, be very careful if you come across emails between an employee and their attorney. Some states, like New Jersey, place limits on accessing them.