Boss Hacks Personal Email Account of Employee. Emotional Distress Follows.

Posted by Molly DiBiancaOn October 8, 2013In: Privacy In the Workplace, Privacy Rights of Employees, Social Media in the Workplace

Email This Post | Print this Post

Another case involving employer access to an employee’s personal email account.  And the bad things that follow.

The plaintiff was an administrative assistant to the Athletic Director of a public school district in Tulsa, Oklahoma.  In her complaint, she alleged that she had reported that the Director and two Assistant Directors had “endangered the health and safety of students” and had “misappropriated funds.”  In other words, she was a whistleblower.  email hacked

Shortly after she made these reports, the Director suspended her and recommended that she be terminated.  She grieved the recommendation. 

Apparently during the grievance process, the plaintiff was contacted by the cyber-crimes division of the Tulsa Police Department, who informed her that her private email account had been hacked. 

She filed suit, alleging that the Director and two Assistant Directors intentionally obtained access to her private emails and used the information that they unlawfully obtained in order to pursue the recommendation to terminate her employment.  She brought several claims, including constitutional claims under the 1st and 4th Amendments, statutory claims under the federal and state wiretapping laws, and state tort claims.  The defendants moved to dismiss.

The opinion addresses several arguments on each claim but there are certain holdings that bear mention here. 

First, the plaintiff’s Fourth Amendment claim survived dismissal.  The court found that she had adequately pleaded that she had a reasonable expectation of privacy in her personal email account and that the hacking constituted an unlawful search and seizure of her account and/or emails in the account.

Second,  her privacy claim survived for the same reasons.  Basically, the court found that having your private email hacked and then the contents used against you in proceedings to have you terminated from your employment would be a “highly offensive” intrusion to a reasonable person.  This was further supported by the fact that the Tulsa Police Department considered her to be a victim of cyber-crime.

Third, the claim for intentional infliction of emotional distress survived, again, largely for the same reason.  The court concluded that the conduct could be plausibly deemed outrageous in nature.

I think many of us would agree that this motion to dismiss did not stand much of a chance.  (Although, the opinion is not very detailed in its description of the alleged events and did leave me with some unanswered questions about the actual allegations contained in the complaint.)  If an individual’s personal email account is intentionally targeted for hacking by anyone, it’s going to be a serious source of distress.  If the hacking is done by your direct supervisors for the purpose of making sure you lose your job because you (allegedly) blew the whistle about what you believed to be improper conduct, you are likely to be very close to “extreme” distress.  Wouldn’t you think?  The Northern District of Oklahoma did.

Murphy v. Spring, No. 13-cv-96-TCK-PJC (N.D. Okla. Sept. 12, 2013).

Leave a comment