An Illinois court recently held that an employer violated the Electronic Communications Privacy Act when it intercepted the employee’s work and personal email accounts. The employer installed software on the employee’s computer that sent all of the employee’s work emails to a dummy account, which was monitored by the employer. The court found that this constituted an “interception” of the emails under the meaning of the law, even though the full emails were not actually delivered to the accounts, which received only a “pointer,” or link to view the email stored on the server. The court found that because the email links were acquired by the employer at the same time they were sent to the employee, it did not matter that the email system used pointers and did not send full emails. The employer also installed spyware on the employee’s computer, which sent screenshots of the employee’s personal email to the employer. The court found that this was also an interception as defined by the Act, as the personal emails constituted electronic communications under the statute and the employer captured them as they were being transmitted. However, the court found that the employer did not violate the ECPA when it synced the employee’s Blackberry to the employer’s server, accessing all text messages stored on the Blackberry. The court noted that the sync occurred at random times and was not contemporaneous with the transmission of a text message. Because the syncing was not automatically triggered by the transmission or reception of a text message, the court found that the syncing was not an interception.
Tip: Employers should clearly state when and if they will be monitoring employee emails and Internet access. Employers should seek the advice of counsel before implementing such monitoring, as it may violate the Electronic Communications Privacy Act, the Stored Communications Act or other federal and state laws.