You can, according to Joe Cocker, leave a light on. But, if you want a second opinion, I’d suggest that you be sure you log out before you leave the computer room. The case of discussion in today’s post, Marcus v. Rogers, was brought by a group of New Jersey public-school teachers. The District made computers with Internet access available for teachers to use during breaks. One of the teachers was in the “computer lab” (my phrase) to check his email when he bumped the mouse connected to the computer next to the one he was using, turning off the screensaver. On the screen, the teacher saw the Yahoo! inbox of a colleague, who had, apparently, failed to log out of her email account before she left.
The teacher recognized his own name in the subject lines of several of the emails. Too curious to resist the temptation, he opened, read, and printed the emails that made reference to him planning to use them at an upcoming staff meeting.
When his colleague learned that her emails had been discovered, she filed suit. The case was tried before a jury, who found in favor of the nosy teacher-defendant. The colleague-plaintiff appealed the decision. On appeal, the question before the court was whether the defendant was acting “without authorization” or whether his access of the emails had “exceeded [his] authorization.”
On the first question, the court held that the defendant was not “without authorization” when he accessed the emails because the emails in the inbox were available for anyone to see, since the colleague had failed to log out of her account.
The court upheld the jury’s decision on the second question, as well. Specifically, the court found that the defendant had not exceed his authorization because his colleague had “tacitly” authorized the access when she failed to log out.
This is an interesting case that provides some good news for employers. Some good news–but not much. The question of whether an employer can access an employee’s personal email account that the employee accessed through the employer’s equipment is far from settled. The answer is very fact specific. For example, the answer may be different where, like here, the employee fails to log out when she leaves the computer, versus where the employer uses software to discover the employee’s password and then uses the password to access the account.
The answer also can change depending on the jurisdiction. New Jersey has been an outlier in several of the employee-email cases and employers in other states should be cautious about relying on this decision for much more than its interesting set of facts.
Marcus v. Rogers, 2012 WL 2428046 (N.J.Super.A.D. June 28, 2012).