Recently in Electronic Monitoring Category

Your Employees Are (Still) Stealing Your Data

Posted by Molly DiBiancaOn October 29, 2013In: Electronic Monitoring, Policies, Privacy In the Workplace

Email This Post | Print this Post

The Wall Street Journal recently reported some eye-opening results of a survey regarding information theft by employees.  Here are some of the most disturbing (though not surprising) findings from the survey:

  • 50 percent of employees kept confidential information post-separation;
  • 40 percent plan to use confidential information in their future employment; and
  • 60 percent say a co-worker has offered documents from a former employer

So what do these statistics say? In short, they say that your employees are stealing your intellectual propertyEmployee IP Theft

And here are two more interesting findings:

  • 52 percent of employees don’t believe that it’s a crime to use a competitor’s confidential business information; and
  • 68 percent of employees say their organization doesn’t take preventative measures to ensure employees don’t use competitive information.

So what do these statistics say? Well, they say that neither your former employees nor their new employers think there’s anything wrong with stealing and using your intellectual property.

These statistics don’t surprise me at all. Theft of confidential information by departing employees is an epidemic. In my experience, it is one of the biggest challenges faced by employers today. Perhaps the single biggest.

And making matters worse is the fact that most employers don’t know that it’s happening. But it doesn’t have to be this way. Here are some things every employer can do to limit the impact of this epidemic:

Have a policy. Employers should have a confidentiality policy that all employees are required to sign—separate from the employee manual is preferable.

Educate employees. Once is not enough. Employees should be required to re-sign the policy each year. Yes, really. This is a very serious problem and there is no such thing as being too proactive to prevent it.

Use technology. Employees walk away with your data in any number of ways but almost always in a way that involves technology, so put technology to work for you. For example, consider utilizing software that alerts IT any time an employee sends a large number of attachments via email. Limit access to Dropbox and similar cloud-storage sites from work devices.

Ask the tough questions. Even if you’ve done nothing to limit electronic theft beforehand, there’s no time like the present. Ask every departing employee to confirm in writing that he is not in possession of any company property (including in electronic form) and promise that, should he later discover that he does have your property, that he will return it immediately.

See also  Your Employees Are Stealing Your Data

UD Employees’ Confidential Info Hacked

What to Do If Your Employees’ Confidential Data Is Stolen

Computer Fraud and Abuse Act: Government to the Rescue of Employers?

Putting the Computer Fraud and Abuse Act to Work for Employers

Your Employees Are Stealing Your Data

Posted by Molly DiBiancaOn March 25, 2013In: Electronic Monitoring, Policies, Privacy In the Workplace

Email This Post | Print this Post

Employee resigns. But before her last day of work, Employee copies thousands of emails and documents from Employer’s computer.  Off goes Employee into the sunset.

How often is this scenario?  I bet most employers think this never happens in their workplace. I’d be willing to bet that it happens in almost every workplace.  It happens with such regularity, yet most employers are absolutely stunned to discover that it’s happened to them. 3d thief cracks safe

If you think it doesn’t happen pretty much all of the time, check out this post at the uber-popular website, Lifehacker.com, titled, How Can I Save All My Work Emails for a Personal Backup?  A reader submitted the following question:

I'm leaving my job and want to take my work emails with me. I've been burned at jobs before, and it became very useful to have an email paper trail behind me. How can I save all the emails so I can access them in the future, just in case I need them?

The author of the piece responds back, providing detailed, step-by-step instructions for how to do exactly that—take with you each and every email you sent and/or received during the course of your employment.

Putting aside how terrible of an idea this is on Lifehacker’s part (can you say, “promoting or endorsing illegal activity?), let’s focus just on the reality—which is, clearly, that your employees are taking your stuff!

What remedies are available to the employer?  Well, most immediately, there’s the demand that the items be returned.  Lawyers have a particular flair when it comes to a well-crafted cease-and-desist letter, so consider having your employment counsel get involved from the outset.

But if the employee refuses to return the documents or ignores your demand, then what? One option is to sue.  A variety of claims may be applicable, depending on the precise nature of the documents and information and on what the employee has done with them since her departure.  For example, the employer may have claims like conversion (civil theft, generally speaking), misappropriation of trade secrets, tortious interference, etc. 

And, depending on where the employee worked, there also may be a claim under the state and/or federal computer-misuse statutes.  In Delaware, for example, we have computer-misuse statutes that provide for recovery of an award of treble damages and attorney’s fees.  And, because Delaware is in the Third Circuit, we have the Computer Fraud and Abuse Act. 

This statute has limited application in other states—including those within in the Fourth and Ninth Circuits, where the Courts of Appeals have rejected the application of the CFAA in the employee-traitor context.  Instead, in those states, the statute is construed as applying only to the true computer hacker. 

The CFAA is a fascinating statute with complex provisions.  The Florida Bar Journal has an excellent analysis of the law—and of the different interpretations of the various Courts of Appeals—for those who may be interested.

For the rest of you, though, now is the time to implement a confidentiality agreement if you don’t already have one in place and to consider just how certain you are about what employees can and cannot take at the end of employment.

See also

Judge's Porn Habit Results In Suspension

Computer Fraud and Abuse Act: Government to the Rescue of Employers?

Putting the Computer Fraud and Abuse Act to Work for Employers

Putting the CFAA to Use, TV Style

Michigan Enacts Social-Media Privacy Law

Posted by Molly DiBiancaOn December 30, 2012In: Electronic Monitoring, Privacy In the Workplace, Privacy Rights of Employees, Social Media in the Workplace

Email This Post | Print this Post

Michigan is the latest State to pass a "Facebook-privacy" law. The law, called the Internet Privacy Protection Act, was signed by Gov. Rick Snyder last Friday. The law prohibits employers and educational institutions from asking applicants, employees, and students for information about the individual's social-media accounts, reports The Detroit News.

The Michigan law contains four important exceptions. Specifically, the law does not apply when:

1. An employee "transfers" (i.e., steals) the employer's "proprietary or confidential information or financial data" to the employee's personal Internet account;

2. The employer is conducting a workplace investigation, provided that the employer has "specific information about activity on the employee's personal internet account;"

3. The employer pays for the device (i.e., computer, smartphone, or tablet), in whole or in part; or

4. The employer is "monitoring, reviewing, or accessing electronic data" traveling through its network.

The enactment of Michigan's Social Network Account Privacy Act makes Michigan the fifth State this year to enact legislation that prohibits employers from requiring or requesting an employee or applicant to disclose a username or password to a personal social-media account. Maryland, Illinois, California, and New Jersey were the first four. California and Delaware passed similar legislation applicable to educational institutions. Notably, new legislation was introduced in California on December 3, which would extend that State's law to public employers.

I continue to believe that these laws are unnecessary and do nothing more than expose employers to legal risk with no real benefit to the citizenry. However, of all of the states to have passed such "internet-password-protection" laws, Michigan's is the first to contain these critically important exceptions. Without them, the laws have the potential to paralyze employers from conducting internal investigations that are necessary to protect both the organization as a whole and individual employees.

Problems With Delaware's Proposed Social-Media Law

Lawfulness of Employers' Demands for Facebook Passwords

Should Employer Cyberscreening Be Legislated?

Employers Who Demand Facebook Passwords from Employees. Oy Vey.

Judge's Porn Habit Results In Suspension

Posted by Molly DiBiancaOn October 23, 2012In: Electronic Monitoring

Email This Post | Print this Post

Under the Computer Fraud and Abuse Act (CFAA), an individual who wrongfully accesses information stored on a computer can be held civilly and/or criminally liable. Employers have attempted to use the CFAA to prosecute employees who steal the company's confidential information. Different jurisdictions have come down differently on the question of whether the CFAA can be used in the employment context.

What many employers do not know, though, is that almost every State, including Delaware, has a statute similar to the federal CFAA. And some such laws, including Delaware's, have provisions with even more severe penalties than their federal counterpart. Here's an unusual example of a State statute similar to the CFAA applied in the employment context.

State ex rel Oklahoma Bar Ass'n v. Olmstead, is a case of lawyer discipline. The lawyer was an elected judge in Harper County, Oklahoma, when he downloaded a "tremendous" volume of adult pornography on his State-issued computer. When the conduct was discovered, the judge resigned and was charged with 19 felony counts under Oklahoma's Computer Crimes Act, which would have required a prison sentence of between 30 days and 10 years for each count. The lawyer pleaded no contest to a single violation of the statute and was given a one-year deferred sentence.

After undergoing a mental-health evaluation, the trial panel recommended that the lawyer be subject to public censure for his violations of the disciplinary rules. The State Bar Association, though, argued that public censure was insufficient and urged the Oklahoma Supreme Court to issue a suspension under the State's rules of professional conduct.

The State's Supreme Court agreed, finding that the former judge's conduct "brought such disrepute upon the legal profession and the judiciary that significant is warranted." The Court went on to explain that "The act of downloading adult sexually suggestive materials in tremendous volume on a State owned computer is a very serious offense which should not be minimized."

You Can Leave the Light On . . . But Be Sure to Log Out

Posted by Molly DiBiancaOn July 25, 2012In: Electronic Monitoring, Privacy In the Workplace, Privacy Rights of Employees

Email This Post | Print this Post

You can, according to Joe Cocker, leave a light on. But, if you want a second opinion, I'd suggest that you be sure you log out before you leave the computer room. The case of discussion in today's post, Marcus v. Rogers, was brought by a group of New Jersey public-school teachers. The District made computers with Internet access available for teachers to use during breaks. One of the teachers was in the "computer lab" (my phrase) to check his email when he bumped the mouse connected to the computer next to the one he was using, turning off the screensaver. On the screen, the teacher saw the Yahoo! inbox of a colleague, who had, apparently, failed to log out of her email account before she left.

The teacher recognized his own name in the subject lines of several of the emails. Too curious to resist the temptation, he opened, read, and printed the emails that made reference to him planning to use them at an upcoming staff meeting.

When his colleague learned that her emails had been discovered, she filed suit. The case was tried before a jury, who found in favor of the nosy teacher-defendant. The colleague-plaintiff appealed the decision. On appeal, the question before the court was whether the defendant was acting "without authorization" or whether his access of the emails had "exceeded [his] authorization."

On the first question, the court held that the defendant was not "without authorization" when he accessed the emails because the emails in the inbox were available for anyone to see, since the colleague had failed to log out of her account.

The court upheld the jury's decision on the second question, as well. Specifically, the court found that the defendant had not exceed his authorization because his colleague had "tacitly" authorized the access when she failed to log out.

This is an interesting case that provides some good news for employers. Some good news--but not much. The question of whether an employer can access an employee's personal email account that the employee accessed through the employer's equipment is far from settled. The answer is very fact specific. For example, the answer may be different where, like here, the employee fails to log out when she leaves the computer, versus where the employer uses software to discover the employee's password and then uses the password to access the account.

The answer also can change depending on the jurisdiction. New Jersey has been an outlier in several of the employee-email cases and employers in other states should be cautious about relying on this decision for much more than its interesting set of facts.

[H/T Evan Brown, Internet Cases, which I first heard him discuss on a recent edition of This Week In Law]

Marcus v. Rogers, 2012 WL 2428046 (N.J.Super.A.D. June 28, 2012).

Separating Personal and Professional: There's an App for That

Posted by Molly DiBiancaOn July 22, 2012In: Electronic Monitoring, Policies, Privacy In the Workplace

Email This Post | Print this Post

BYOD (short for "bring your own device"), is all the rage these days. Well, at least you'd think so based on all of the on-line talk about it. See, e.g., this post on the WSJ Blog, CIO Report. The basic idea is that employees are using their own electronic devices, such as smartphones and laptops, for work-related purposes. The causes of the BYOD movement are not entirely clear but one explanation is that employees are dissatisfied with the technology provided by their employer, so they just "bring their own" technology with them.

In any event, the reality is that, even in workplaces where no one brings their own device to work, many of us bring our employer-provided devices home with us. For example, it's not uncommon for an employee to have just one smartphone, through which he access both his personal and work email accounts. If the employer pays for or subsidizes the cost of the device and/or the monthly charges, there is an argument to be made that the employer may have some rights to access all data stored on the phone. Divid App.jpg

So what's an employee to do? Heaven forbid we had to carry around two phones everywhere we went. (This would particularly disastrous for airheads like me, who can barely remember to bring one cellphone with us when we leave the house). Well, according to the tech blog, Chip Chick, there is now, officially, an app for that. At least for Android users, anyway.

According to Chip Chick, the aptly named app, Device, "allows you to have your personal device and work device all in one." Users can keep the work side of the device encrypted and secure. If you're a really outstanding [read: show-off] employee, you can even limit the apps that will function on the work side to "business-oriented" apps. And, if you lose your phone (which I do no more than twice a year, I swear), Divide allows you to remotely wipe everything on the work side.

Stop Workplace Negativity With Email Surveillance. . . . Huh?

Posted by Molly DiBiancaOn July 15, 2012In: Electronic Monitoring, Privacy In the Workplace

Email This Post | Print this Post

FDA officials developed "a wide-ranging surveillance operation" against a group of its own employees, according to the N.Y. Times. The federal agency is said to have surreptitiously captured "thousands of emails" that disgruntled employee-scientists sent to members of Congress, lawyers, labor officials, and journalists.

The surveillance began as a workplace investigation of a possible leak of confidential information. The investigation was limited to five scientists. But it developed into a far broader-ranging endeavor, eventually culminating in 80,000 pages of documents. The massive surveillance was an effort to curb the "collaboration" of the agency's opponents, according to the report.

This story is interesting on several levels. First, on the most basic level, the idea that an employer the size of the FDA determined that a massive surveillance endeavor was the best way to stop what it perceived to be disparaging or antagonist commentary between employees and outsiders. I don't know what the culture has to be or what the level of negative murmurs has to be to prompt an employer to consider this type of effort in the first instance, nevertheless what it takes to push it to cross that line.

Second, the nature of the communications that were monitored is particularly striking. According to the NY Times report, the emails "were collated without regard to the identify of the individuals with whom the user may have been corresponding. Although the law is not particularly well settled on this issue, there are cases that have upheld significant consequences for employers who monitor, intercept, and/or access emails between an employee and his attorney. Thus, it seems potentially risky for the agency to have disregarded "the individuals with whom the user may have been corresponding."

There are potential consequences beyond the issue of attorney-client privilege, though. We'll have to wait to see what the legal consequences are, if any. I don't suppose we'll ever know what the real impact is on morale, although I can imagine only that it won't be a very positive one.

Jumping the Gun on Employee Internet Activity

Posted by Lauren Moak RussellOn May 2, 2011In: Cases of Note, Electronic Monitoring

Email This Post | Print this Post

A new decision from the Third Circuit Court of Appeals provides public employers with some additional guidance regarding employee internet activity. In the case of Beyer v. Duncannon Borough, police officer Eric Beyer was terminated from his position after he posted anonymous online comments, critical of the Duncannon Borough Council. More specifically, Beyer criticized the Council for its opposition to the purchase of new AR-15 rifles for the police department.security camera

Upon his termination, Beyer filed a lawsuit against the Borough, alleging violation of his  First Amendment rights. Pursuant to the U.S. Supreme Court's decision in Garcetti v. Ceballos, a public employee's speech is only protected by the First Amendment if the employee (1) speaks as a citizen (2) on a matter of public concern. Applying this standard, the District Court dismissed Beyer's claim, holding that he was speaking in his official capacity as a police officer, not in his private capacity as a citizen. Beyer appealed the dismissal to the Third Circuit.

In reviewing Beyer's appeal, the Third Circuit placed significant emphasis on the nature of Beyer's speech--anonymous internet posts. The Court found that anonymous posting supported both prongs of the Garcetti analysis. First, the Court indicated that anonymous online postings are inconsistent with conduct performed in an official capacity. As a result, the Court found that it was more likely that Beyer was speaking as a private citizen. Second, the Court found that the broad dissemination of Beyer's statements over the internet supported the argument that he was speaking on a matter of public concern. Based on the foregoing, the Court reversed the District Court's dismissal.

So, what's a public employer to do? The Third Circuit's decision does not prohibit monitoring of employee internet activity pursuant to a reasonable policy. It does, however, limit a public employer's ability to discipline its employees for anonymous online activity critical of the employer. Going forward, public employers should be particularly careful of any disciplinary action taken in response to such conduct, and when in doubt consult an attorney.

Employer Liability for Accessing Employee’s E-Mails

Posted by Molly DiBiancaOn March 2, 2011In: Electronic Monitoring, Privacy In the Workplace

Email This Post | Print this Post

When a former employee sues his former employer, an immediate issue of concern is how to preserve all electronically stored information (ESI) that may be relevant to the claim. Failure to do so may result in a claim of spoliation, sanctions against the employer and its legal counsel, or even an adverse ruling. Good employment counsel understands these consequences and how to avoid them in the first instance.

One of the most common steps is to have the employee’s computer forensically imaged by an expert. The expert will also preserve the employee’s company e-mail account. But this does not address the possibility that the employee may have sent e-mails from his work computer via a web-based e-mail service, such as Yahoo or G-mail. The law is not clear on this point and the defensibility of this practice can vary depending on the content of the e-mails—which, of course, the employer will not know until it looks.

There are several laws that employers risk violating by accessing an employee’s “personal” or web-based e-mail account. The federal Stored Communications Act is one such law and is the one that seems to result in more liability than others. A decision from late last year provides a recent example.

In Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, two employees prepared to open a competing fitness center with their then-employer. One of the employees quit and the other was fired. After the second employee was terminated, the employer accessed and printed emails from his web-based e-mail accounts. Although it was a disputed issue, the employer claimed that the employee had saved his username and password to the employer’s computer system.

The employer filed suit in New York state court to enforce a non-compete agreement and prevent the employees from opening their competing business. The court denied the request for an injunction and the employees removed the case to federal court, where they brought a counter-claim against the employer based on the allegedly improper access of the e-mails. At the request of the employees, the court ordered the employer to return all e-mails and prohibited their use in the case.

The court’s decision was based on its finding that the employer’s access of the employee’s emails violated the Stored Communications Act (SCA), which prohibits unauthorized access of e-mail correspondence that has been saved or stored once sent (among other things). The employees were awarded damages in the relatively small amount of $4,000 but I’m sure this felt like anything but a victory for the employer. The employer contended that it had done nothing wrong even if it had accessed the e-mails—they were, after all, stored on the employer’s computers, along with the username and password to access them. Worse yet, the e-mails supported the employer’s claim that the employees had been preparing to compete during their employment and had gone on to open a competing business.

The lesson from this case and the others like it is to be extremely cautious when deciding whether you may lawfully access an employee’s personal e-mails. Additionally, employers should revisit their computer-usage policies to make sure that the language is crystal clear that employees should not expect that their use of company computers will be considered private—including all Internet activity and, specifically, web-based e-mail accounts to the extent they are accessed via the employer’s computer.

Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp, LLC, No. No. 08 Civ. 4810 (THK) (S.D.N.Y. Dec. 22, 2010).

[Thanks to Venkat and his post on the Technology and Marketing Law Blog for bringing this case to my attention.]

Work Email and the Attorney-Client Privilege Do Not Mix

Posted by Lauren Moak RussellOn January 23, 2011In: Electronic Monitoring, Privacy In the Workplace, Privacy Rights of Employees

Email This Post | Print this Post

An appeals court in California recently decided that emails sent by an employee from her work email address to her attorney are not protected by the attorney-client privilege. In the case of Holmes v. Petrovich Development Company, LLC, an employee sued her employer for wrongful termination. Prior to filing her lawsuit, she had exchanged emails with her attorney, using her office email account. The employer used the emails in its defense, and the employee objected, claiming that they were protected by attorney-client privilege.

The Court disagreed and found that the emails were not protected by the privilege.  The court relied on the fact that the employer’s handbook expressly stated that an employee’s emails might be monitored. Such a warning, the Court concluded, made the employee’s emails akin a conversation held in the company’s conference room, with the door open, speaking in a loud voice. The California Court’s decision is in keeping with the Supreme Court’s 2010 decision in City of Ontario v. Quon, in which the Court held that an employee did not have an expectation of privacy in his text messages, sent using an employer-provided pager. This case, however, takes Quon to its logical conclusion, holding that in the absence of a reasonable expectation of privacy, the attorney-client privilege cannot attach.

As Delaware employers should know, they are required by statute to inform employees prior to monitoring an employee’s telephone, email, or internet use. 19 Del. C. § 705. Thus, under the California Court’s logic, any Delaware employee who has received notice of email monitoring under Delaware law has waived the attorney-client privilege as to any emails exchanged with the employee’s attorney, using his or her work email account. It is important to remember that the Delaware courts have not ruled on the issue of attorney-client privilege for work emails. However, this case is a valuable reminder that electronic communications are rarely as private as they appear, and we should all conduct ourselves accordingly.

Why Don't Employers Care About Employees' Internet Usage?

Posted by Molly DiBiancaOn December 30, 2008In: Electronic Monitoring

Email This Post | Print this Post

Employers don't care that their employees browse the internet all day long.  They don't care that employees do their holiday shopping online from the comfort of their offices.  Employers don't care that employees' internet usage exposes their companies to substantial security risks.  I'm convinced--they just don't care. 

Most employers do not have any rules about online shopping during working time.  And, of those employers who do have some sort of web policy that limits employee use, just a few have a program in place to monitor online activities. 

Millennials are the most likely group of employees to put their companies at risk over the holiday season.  An estimated 4 out of 10 U.S. workers aged 18-24 will spend up to five hours shopping online--on their work computers--this holiday season, according to the Shopping On the Job surveyMy Computer

That's more than half a working day!  

Not only are Gen Y employees the most likely to browse the web for that hard-to-find gift but they are also the least worried about the vulnerability of their work computers.  Millennials tend to be less concerned about safe web browsing when compared to their older colleagues. 

Despite the many voices of concern that online activity will have a negative impact on productivity and will expose the company's internal network to serious security risk, there doesn't seem to be much to prevent it. 

Is this because employers really don't understand the amount of potential loss?  Or do they not realize that, without a proactive procedure in place to deal with this risk, employees are not likely to change their habits?  Or maybe employers don't know what types of procedures to implement as a way to combat the potential losses associated with employees' online use during the holiday season. 

Other Posts on Electronic Monitoring in the Workplace:

Survey Says:  Employers' Policies on Technology in the Workplace

Is It Time to Update Your Electronic Communications Policy? If you’re the Mayor of Detroit, the answer is “Yes”

Blogs In the Workplace

Somebody's Watching You:  New Data on Electronic Monitoring by Employers

Spy vs. Spy: New Tools Offer New Ways to Obtain Employees' "Private" Data

Posted by Molly DiBiancaOn December 29, 2008In: Electronic Monitoring

Email This Post | Print this Post

An employer's right to monitor employees' electronic communications is a very popular topic.  There are numerous questions in this area of the law that remain unanswered.  For example, can an employer can lawfully retrieve an ex-employee's personal e-mails sent and received from the company's computers?  The 9th Circuit took a shot at another big question earlier this year in Quon v. Archer, when it held that an employee's text messages were personal and could not be viewed by the employer--even though the pager used to send and receive the text messages was the employer's property.  Employees' text messages can result in significant consequences for their employment--just ask the former mayor of Detroit. 

What seems to get many employees into trouble is their misconceptions about the security of their electronic data.  It seems that many workers don't believe that their employers could access electronic mail and messages, even if the employer was inclined to do so.  Well, that is just plain wrong.  Electronic data can be retrieved.  And it's a lot easier than you may think.  A new product on the market, Sim Card Spy Elite by Brickhouse Security, is a compelling example of this fact. image

The Sim Card Spy Elite is a recovery device that can retrieve "deleted" data from a SIM card.**  Just pop the SIM card out of a cell phone and insert it into the Spy Elite.  Then insert the Spy Elite into your computer and, Voila!  All of the data that you thought had been deleted from the cellphone is instantly restored.  Names, text messages, and last-dialed numbers are given new life.  The data can be viewed, printed, and even edited--all for the low price of $199.95.   

As technology continues to improve, powerful tools like this are going to become easier and easier for the masses to obtain.  No longer are these items accessible only to security insiders.  Not only should employees be wary of the potential use of these tools by their employers but, as the Larry Mendte saga made evident, employers must also be cognizant of the possible use of spy devices by employees as tools for coworker sabotage and espionage.  It's not as fictional as it may sound.  Just ask Alycia Lane.

**A SIM card is a tiny circuit board for cell phones that contains the user's account information. SIM cards are interchangeable between phones, allowing users to program a new phone by just switching the SIM card.

Employer Yells Yahoo! for Employee's E-Mail

Posted by Maribeth L. MinellaOn September 11, 2008In: Electronic Monitoring

Email This Post | Print this Post

The extent to which an employer may access an employee's personal e-mail account is an unsettled issue.   Many employers have policies in place that either prohibit or significantly limit an employee from accessing personal e-mail during work hours.  Most employers have (or, if not, should have) a right-to-monitor policy, which notifies employees that the employer may actually monitor access to personal e-mail accounts if the employee is using company equipment.  A recent decision from a federal court in Florida supports the employer's position that it can compel an  employee to turn over e-mail from a personal account.     email

In

(pdf), a breach of employment agreement and misappropriation of trade secrets case, an employer moved to compel production from the employee's personal Yahoo! e-mail account.  Although the employee claimed he could not produce any e-mails because he presumed they had been destroyed by Yahoo!, the only support for his position was a generic letter from Yahoo! which indicated the account at issue had been deactivated. 

Not surprisingly, the court found the employee's explanation dubious--even more so after the court learned that the employee untimely identified his personal account because, in his opinion, production of e-mails would be "impossible."  According to the employer, the employee used this specific personal account to engage in the activities upon which the entire lawsuit was based. 

Thus, given the potentially high evidentiary value of the e-mails, the court sanctioned the employee (although any potential fine is dependent upon how successful the employee is in his court-ordered attempt to obtain the e-mail from Yahoo!).  The court further cautioned that if it turns out the employee's failure to identify his personal e-mail account and obtain messages from his account results in the spoliation of evidence, the court will consider serious penalties. 

The Mendte-Lane Saga Concludes With a Guilty Plea and a Lawsuit

Posted by Molly DiBiancaOn August 25, 2008In: Electronic Monitoring, Off-Duty Conduct

Email This Post | Print this Post

According to the AP, Larry Mendte has admitted that he hacked into Alycia Lane's e-mail and leaked her private information to a reporter from the Philadelphia Daily News.  This admission comes just two months after Mendte's home was raided by the FBI and his computers from home and work were seized.  Although not likely, Mendte could be sentenced to up to five years in prison when he is sentenced in November.

mendte%20%26%20lane%20in%20happier%20times.jpg

Mendte admitted that he viewed hundreds of e-mails after installing a keystroke-tracking software on her computer at work.  Lane maintains that she complained about the possibility that her e-mails were being leaked but her employer, KYW-TV, "treated her as if she was paranoid."  Lane claims that her career has been ruined as a result of Mendte's behavior.

TV News Anchors' Soap Opera Has the Makings of a Made-for-TV Drama

Posted by Molly DiBiancaOn July 23, 2008In: Electronic Monitoring, Newsworthy, Off-Duty Conduct, Privacy Rights of Employees

Email This Post | Print this Post

Employee-privacy rights.  Compensation-based jealousy.  Bitter co-workers.  Electronic monitoring.  Gender discrimination.  Clash of the Gen X and Baby-Boomers, even?  The continuing saga involving former news anchors Larry Mendte and Alycia Lane has all of the makings of an employment-law thriller. 

Larry Mendte and Alycia Lane

Last we checked in with the two former news anchors, KYW-TV announced its decision to terminate long-time host, Larry Mendte, following a federal investigation and raid of Mendte's home and office.  On Monday, July 21, the U.S. Attorney's office filed a federal criminal information charging Mendte with a single felony count of intentionally accessing a protected computer without authorization.  See the full Information here: 

The allegations, as detailed in meticulous fashion in the Information, are based on the government's claim that Mendte hacked into Layne's personal e-mail accounts and released the info he stole to the press and others.  The hacking is said to have gone on for a period of two years but, last quarter alone, is alleged to have tapped into her accounts approximately 537 times.  Lane's lawyer is reported so say that Mendte was jealous of his younger co-host, who garnered lots of attention and who made $100,000 more than him a year. 

That alleged jealousy could land Mendte with a jail sentence of up to six months.

The Acting U.S. Attorney Laurie Magid, explained the government's interest in the case.  "We live in an age in which many people exchange and share personal, sensitive information by e-mail every day."

This is a great lesson for employers.  Privacy rights are on the minds of employees everywhere.  It's an already-serious issue when employers monitor their employees' e-mail and internet use.  But add to that a potential threat from co-workers and privacy paranoia seems like a very realistic possibility.

For earlier episodes in the soap opera:

More Drama at the News Desk: Co-Anchor Suspected of Snooping Through E-Mails

Pardon Me? Anchorwoman’s Cursing Caught on Live TV

What do News Anchors, Sports Figures, and Corporate Executives Have in Common? Employment Agreements and Risk-Avoidance Clauses.