Think you have legal access to personal emails former employees leave behind? Know the law before you make a move you could regret.
Last week, InFront talked about how to address the issue of employees taking company information with them when they move on. However, they may leave behind personal data, and that presents a different challenge. It may be tempting to look at the emails in personal accounts they leave on a company device, but think twice; or you could find yourself in legal hot water.
According to the federal Stored Communications Act, it is an offense to “intentionally access…without authorization a facility through which an electronic communication service is provided” and thus open a communication while it is in electronic storage. The penalty for violating this law can be thousands of dollars in fines, damages, attorney’s fees, and court costs if the access to this personal data “was willful or intentional.”
Employers may think that this law doesn’t apply to them when their policies state clearly that there is no expectation of privacy on their equipment and devices. However, many courts have found that the “facility” referenced in the statute applies to the server, not the device. For instance, in one case where an employee left her personal Gmail account open on a company-owned smartphone and her former employer accessed it, the court dismissed the company’s claim that it owned the device and, therefore, was entitled to access the data. Other similar cases have resulted in rulings against the employers as well.
Employers are advised to take some time to train their leadership and managers to exercise caution before accessing a worker’s (or former employee’s) personal communications, even if these are on a company-owned device. It is important to remember that policies stating that employee cannot expect privacy on the company’s computer system/networks may not protect the organization in the event of a lawsuit. If the employer is uncertain about how to handle a situation, seeking legal counsel is advised. In the meantime, reminding departing employees to delete and/or lock personal accounts on company-owned devices can help prevent problems (and temptation).