Eleventh Circuit Upholds Company Claims Against Former Executive For Unlawful Access to Email
Thursday, March 9, 2017
Privacy, Laptop

Related Practices & Jurisdictions
Print Mail Download i

A terminated executive who accessed co-worker emails in the process of reporting possible company wrongdoing lost his appeal on several grounds. In Brown Jordan Intl, Inc. v. Carmicle, the Eleventh Circuit found that the employee violated both the Stored Communications Act (SCA) and the Computer Fraud and Abuse Act (CFAA).

Carmicle reported to the company concerns about the preparation of a second set of financial projections to the detriment of shareholder value. Carmicle acknowledged that he obtained much of the information by secretly accessing co-worker emails. He did so by using a universal password issued as part of an email conversion after employees failed to create their own personal password. Carmicle subsequently was terminated after an investigator found his allegations of impropriety were without merit (among other reasons).

The appellate court upheld the ruling that Carmicle violated the CFAA despite his argument that Brown Jordan suffered no “loss” as required by the law. Carmicle argued that there was no damage because the company did not experience an “interruption of service” and there was no damage to the computers.   However, the company maintained it suffered a loss by, among other things, engaging an outside consultant to assess how Carmicle accessed the emails. Based on this expense, the appellate court found the company sustained a “loss” under CFAA. The court held that “loss” can include the reasonable costs incurred in connection with responding to a violation, assessing the damage done, and restoring the affected data to the condition prior to the violation.

Finally, the court rejected Carmicle’s argument that his access was authorized under the SCA based on a company policy stating that employees have no expectation of privacy and that the company has the right to monitor email communication. The Eleventh Circuit found that it would be “unreasonable” to permit someone to exploit a generic password to access emails without prior authorization and without any suspicion of wrongdoing.

Notwithstanding the outcome in this case, companies are reminded to take steps to ensure privacy protocols are in place and up-to-date. In this day and age, it is reasonable to assume that someone – whether from outside the company or within – may seek access to your network.

Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

SDNY Denies Leave to Amend ERISA Complaint with “Substantively the Same Defects” as Dismissed Complaint
by: Alex E. Hotard , Phillip C. Thompson
Should We Submit Missing Participant Data to the DOL with the Plan’s Form 5500?
by: Suzanne G. Odom
USCIS Updates Form N-400 Application for Naturalization
by: Michael H. Neifach , Porter S. Young
Federal Trade Commission’s Sweeping Final Rule to Ban Non-Competes: What You Need to Know
by: Clifford R. Atlas , Erik J. Winton
USCIS Removes Validity Period on Immigration Medical Exam Form I-693
by: Manda Brefo
DOL Releases Final White-Collar Exemption Rule, Sets Minimum Salary to Increase in Phases Beginning July 1, 2024
by: Jeff Barnes , Jeffrey W. Brecher
New HIPAA Final Rule Imposes Added Protections for Reproductive Health Care Privacy
by: Joseph J. Lazzarotti
Special Report: PWFA Final Regulations
by: Joseph J. Lynett , Katharine C. Weber
EEOC Issues Final Regulations to Implement the Pregnant Workers Fairness Act
by: Jenifer M. Bologna , Katharine C. Weber
Department of Education Releases Final Rule Amending Title IX Regulations
by: Susan D. Friedfel , Monica H. Khetarpal

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins