Header graphic for print
Password Protected Data Privacy & Security News and Trends

Former Employee Need Not Allege Emails Were Unopened to Assert Claim of Unauthorized Access Under Stored Communications Act

Posted in Data retention, Privacy

Earlier this month, a federal court denied an employer’s motion to dismiss a claim that it violated the Stored Communications Act (SCA) by accessing a former employee’s personal emails, concluding that the plaintiff need not allege the emails were unopened at the time of the alleged unauthorized access. Levin v. ImpactOffice LLC, No. TDC-16-2790 (D. Md. July 10, 2017).

Defendant ImpactOffice LLC (Impact), which supplies office products and services, collected the plaintiff’s company-issued cell phone after she resigned. Id. at *1.  She had previously deleted all emails stored on the phone, including personal emails from her Gmail account. Id. The plaintiff later filed suit in the District of Maryland, seeking a declaratory judgment that the restrictive covenants in her employment agreement are unenforceable and asserting a claim for unauthorized access of her personal emails under the SCA. Id. at *1-2.

According to the complaint, Impact accessed—and forwarded to its own attorney—a number of these personal emails, which were still stored on Google servers, including emails sent and received after the plaintiff resigned and emails between the plaintiff and her attorney. Id. at *1.

The SCA is violated when a person “intentionally accesses without authorization a facility through which an electronic communication service is provided . . . and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a).  The SCA defines “electronic storage” as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” Id. § 2711(1) (incorporating definitions in 18 U.S.C. § 2510).

In its motion to dismiss, Impact asserted that because the plaintiff did not allege that the emails were unopened at the time of its alleged access, she had not sufficiently alleged that the emails were in “electronic storage” under the SCA. Levin, No. TDC-16-2790 (D. Md. July 10, 2017), at *2.

The court first agreed with Impact’s interpretation of “temporary, intermediate storage” under Part (A) of the definition, citing First, Third, Fourth, and Ninth Circuit precedent, observing that Part (A) is “generally understood to cover email messages that are stored on a server before they have been delivered to, or retrieved by, the recipient.” Id. at *3.

However, the court ultimately concluded that, at this stage, the plaintiff need not “specifically allege that the emails at issue were unopened at the time” of Impact’s alleged unauthorized access due in part to the “fact-intensive” nature of the question. Id. at *4.  Because the complaint was silent on whether the emails were previously opened, the court concluded that it had “no basis upon which to presume” that all of the emails at issue were opened before Impact’s alleged access and that it could “reasonably infer that at least some of the emails were unopened at the time.” Id.

In the alternative, the court concluded that the plaintiff had sufficiently alleged that the emails met the SCA’s “electronic storage” definition under Part (B), covering “storage . . . for purposes of backup protection.” Id. at *5.  The court relied on Ninth Circuit precedent holding that emails “remaining” on an Internet Service Provider’s (ISP) server after delivery were in “electronic storage” for backup protection purposes. Id. The court rejected Impact’s argument that Part (B) also required emails be unopened at the time of access, stating that “prior access is irrelevant” under (B). Id. at *6.

In closing, the court did point out that, to prevail on her SCA claim, the plaintiff would have to prove that the emails were unopened at the time or actually stored for purposes of backup protection. Id. at *7.  Regarding proof of the latter, the court noted a distinction between an email system in which a message is downloaded to a phone and a copy retained on an ISP’s server—which may meet the definition under (B)—and an email system where the ISP’s server is the only place a message is retained—which would not. Id. at *5.

The court recognized that applying the definition of “electronic storage” under the SCA “is a difficult endeavor because the technology relating to emails . . . has changed” since the SCA’s enactment in 1986. Id. This difficulty will no doubt grow with advances in email and electronic communication delivery and storage, potentially resulting in more claims proceeding past the pleading stage.  Considering the court’s interpretation of “electronic storage” under the SCA, companies that issue mobile devices to employees for work and personal use should carefully consider the extent and manner to which they access those devices collected from separated employees.