The new reality is that most employees use company cells, tablets and laptops to conduct both their personal and their company business.

The Stored Communications Act of 1986 (SCA) was created to protect telephone records, not email. But now, all Internet Services Providers like Google, Microsoft, and AOL rely on the SCA to limit access to email depending where the emails are stored. The complicated business reality today is that most employees use their company cell phones, tablets and laptops (BYOD) to conduct both their personal and company business.

Taylor White, attorney in the L&E Group and Peter Vogel, chair of the Internet, E-Commerce and Technology Group and Co-Chair of the Cybersecurity and Privacy Legal Services Group, Gardere Wynne Sewell LLP, recently sat down with Inside Counsel to discuss how courts view the SCA and who exactly owns our emails.

According to White and Vogel, in the employment context, the answer largely depends on who owns the technology and equipment involved and on what policies the employer has implemented and communicated to its employees.

“If an employee uses a company laptop to access his or her company email account, then the company may monitor the emails, including, potentially, the employee's personal emails sent on the company email account, provided the employer has an appropriately worded policy in place,” they explained. “Change some of those facts slightly though, and you might end up with a different result.”

For example, if the employee uses a company laptop to access the employee's personal email account on a third-party server, then the employee owns those emails – even if the employer has a broad email usage policy and even if the employee accidentally leaves the personal email account logged in when returning the laptop to the company.

The Stored Communications Act of 1986 (SCA) was originally created to address access to stored communications, whether wire or electronic, and transactional records, such as telephone records, when such communications and records were configured to be private, per White and Vogel.

“In 1986, the legislature noted that 'telephone companies and electronic mail companies' were usually the providers of electronic communications and sought to address gaps in the existing statutes in light of that burgeoning technological revolution,” they explained. “Some legislative history notes that Congress sought to strike a balance between individual privacy rights, society's interest in increasing technology, and the needs of law enforcement.”

However, the language in the SCA, well intentioned as it may have been at its enactment, was written at a time before the World Wide Web was even created. Unfortunately, the language Congress originally chose to include in the statute has essentially remained static over the decades. Courts now grapple with that language to apply its original purposes to modern technologies because in the Internet age, telephone records from 1986 are an odd basis to manage the privacy of email.

“In the age of smartphones, the equipment the employee uses to conduct personal business does not change the SCA analysis because a smartphone acts as a conduit, like a laptop or desktop computer, to another electronic storage facility,” they said. “For example, some case law suggests that an employer may still violate the SCA if it uses an employee's company-owned smartphone to access the employee's personal email account without the employee's knowledge or consent.”

There are many legal implications of employees using BYOD to conduct both their personal and their company business. According to White and Vogel, this practice is common and not necessarily problematic from a legal perspective. Problems under the SCA may arise, however, when an employee forgets to log-out of a personal email account when returning his or her company-owned equipment upon separation from employment.

“Problems under the constitutional or common law invasion of privacy analyses may arise when a company neglects to have an appropriately worded policy governing usage of company equipment and email accounts, but seeks to monitor or assert ownership over an employee's personal communications and information contained on company equipment,” they said.

From an employee's perspective, White and Vogel advise employees to limit personal usage of the company equipment, remember to log out of personal accounts when returning company-owned equipment to the company, and be sure to understand the employment policies communicated by the employer pertaining to appropriate use of company equipment. From an employer's perspective, the employer should ensure it implements employment policies governing usage of company equipment and email systems, and communicates those policies to employees annually to address any changes or advances in technology.

Further reading: