Federal laws enacted to deter and punish computer hacking have been used (mostly unsuccessfully) by employers to sue employees accused of misappropriating company information. In a twist on this theme, last month the Fifth Circuit Court of Appeals rejected a claim under the Stored Communications Act brought by an employee who was terminated after her employer reviewed text messages and data on her personal cell phone.
Garcia v. City of Laredo involved a police officer who accused the wife of a fellow officer of taking her cell phone from her locker, and using this information as the basis for complaints to her superiors about violations of department policy. The department downloaded videos and text from the phone, and terminated the plaintiff based on these accusations. The plaintiff claimed that the employer violated the SCA by accessing this electronic information without her consent.
The Fifth Circuit disagreed, affirming summary judgment for the city. The court concluded that the SCA does not apply to ordinary text messages and data stored on a cell phone. The statute only applies to unauthorized access to communications "facilities," and individual computers, laptops and mobile devices are beyond the scope of this definition. Only facilities operated by electronic communications services are protected under the SCA.
Although the employer prevailed in this claim, its review of the employee's personal cell phone raises legal questions beyond the SCA. Many states have passed or are considering laws that prevent employers from accessing employee Facebook or similar online databases without their consent. In most states, such access presents possible claims for breach of privacy under statutory or common law requirements. Employers reasonably assume that such information will assist in their internal investigations, but should consult with legal counsel before reviewing employee's personal computers or mobile devices.