The U.S. Congress has enacted several statutes addressing unauthorized access to computer systems, commonly known as “hacking.” These statutes include both civil and criminal components. The Stored Communications Act (SCA), 18 U.S.C. § 2701 et seq., deals with digital information stored by third parties, usually internet service providers (ISPs). It comes into play when someone accesses another person’s email or other stored communications data without authorization. The statute allows civil claims in certain cases. 18 U.S.C. § 2707. When an employer accesses an employee’s online information without permission, it could be liable to the employee for damages under the SCA.
Third-party ISPs include companies that provide internet access, email servers, and social media services. The use of a third-party ISP involves voluntarily entrusting personal information to someone else’s care. The SCA seeks to protect people’s privacy rights with regard to this information against both the government and private individuals and entities. The Fourth Amendment to the U.S. Constitution guarantees people’s right to “be secure in their…papers and effects,” but voluntarily turning materials over to a third party can negate the Fourth Amendment’s protection. The SCA extends Fourth Amendment-like protections against government access to stored communications. Since non-government actors are not constrained by the Fourth Amendment, the SCA also prohibits unauthorized access by private actors.
The same principle that excludes voluntarily disclosed information from Fourth Amendment protection also applies to the SCA. The “authorized user exception” states that SCA protection does not apply to “conduct authorized…by a user of that service with respect to a communication of or intended for that user.” 18 U.S.C. § 2701(c).
A hypothetical claim by an employee under the SCA might involve an employer that accesses their private email or social media accounts without the employee’s permission. “Private” information generally means anything that is protected by a password or that an employee has otherwise designated as hidden from public view. It also means information that is stored separately from an employer. The SCA applies when an employer accesses information stored by a third party, such as AT&T. See Owen v. Cigna, No. 1:15-cv-09880, mem. op. (N.D. Ill., May 25, 2016). It does not apply if the employer accesses communications stored on its own servers. Courts have held that an employee has “no reasonable expectation of privacy in his work emails.” Williams v. Rosenblatt Securities, 136 F.Supp.3d 593, 607 (S.D.N.Y. 2015).
A New Jersey federal court considered the SCA’s applicability to Facebook posts in Ehling v. Monmouth-Ocean Hosp. Service Corp., 961 F.Supp.2d 659 (D.N.J. 2013). The court held that “non-public” Facebook posts, meaning those that are only accessible to one’s Facebook “friends,” are covered by the SCA. Id. at 668. However, the “authorized user exception” may also apply and therefore prevent recovery by a plaintiff. In Ehling, an employer penalized the plaintiff based on information in a Facebook post that was only accessible to the plaintiff’s “friends.” The court found that one of these friends saw the post and voluntarily turned it over to the employer. Since the friend was authorized to access the post as the plaintiff’s friend, the court found that the authorized user exception applied.
At the Resnick Law Group, our skilled and experienced civil rights attorneys can assist you with your employment matter in New Jersey or New York. To speak with a member of our team, contact us today online, at 973-781-1204, or at (646) 867-7997.
More Blog Posts:
Federal Judge Addresses Injury-in-Fact in New Jersey Employment Class Action, The New Jersey Employment Law Firm Blog, February 2, 2017
New EEOC Rules on Employer Wellness Programs Lead to Lawsuit, The New Jersey Employment Law Firm Blog, November 18, 2016
New Jersey Lawsuit Accuses Employer of Failing to Make Disclosures Related to Credit Checks, as Required by Federal Law, The New Jersey Employment Law Firm Blog, August 18, 2016