The Electronic Communications Privacy Act, 18 U.S.C. § 2510, et seq., and its subsection, the Stored Communications Act (“SCA”), 18 U.S.C. § 2701, et seq., prohibit individuals from accessing, without authorization, stored electronic communications, and provide criminal and civil penalties for unauthorized access to electronic communications and data.
“The purpose of the SCA was, in part to protect privacy interests in personal and proprietary information and to address the growing problem of unauthorized persons deliberately gaining access to, and sometimes tampering with, electronic or wire communications that are not intended to be available to the public.” Penrose Computer Marketgroup, Inc. v. Camin.
A person violates the SCA if she accesses an electronic communication service, or obtains an electronic communication while it is still in electronic storage, without authorization. Pure Power Boot Camp v. Warrior Fitness Boot Camp. Thus, employers that own their employees’ cell phones, pay the bills and are parties to the cellular service contracts may still violate the SCA where they access employees’ personal text messages via the wireless provider, without authorization from the employee.
Wireless providers also risk violating the SCA where they disclose employees’ text message content to employers. See Quon v. Arch Wireless Operating Co. (wireless provider violated SCA by disclosing to employer transcripts of employee’s text messages sent to and from employer-issued device).
For violations of the SCA, employees may obtain an award of actual damages and, even without proof of actual damages, statutory damages, attorneys’ fees and costs, and punitive damages where the violation was intentional. See Pure Power Boot Camp, Inc. v. Warrior Fitness Boot Camp. (employees were entitled to statutory damages of $1,000 per SCA violation whether or not they suffered actual damages); Pietrylo v. Hillstone Rest. Group. (district court upheld jury’s award of back pay and punitive damages based on the jury’s finding that defendants’ SCA violations were malicious).