Chapter 14 - § 14.6 • MISCELLANEOUS PRIVACY PROTECTIONS

• Jurisdiction: Colorado

§ 14.6 • MISCELLANEOUS PRIVACY PROTECTIONS

§ 14.6.1—Generally

Of course, there are numerous federal and state statutes that implicate an employee's privacy interests. They are, however, too varied and numerous to discuss fully in this chapter.¹⁰ A few of the most significant are discussed in this section.

§ 14.6.2—Electronic Communications Privacy Act

Congress initially enacted the Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. §§ 2510-2522, to apply the Federal Wiretap Act to emerging communication technology.¹¹ Title I of the ECPA protects against the "interception," "use," and "disclosure" of "any wire, oral, or electronic communication." 18 U.S.C. §§ 2510-2522. "Interception" is defined as the "acquisition of the contents of any wire, electronic, or oral communication through the use of any electronic, mechanical, or other device." 18 U.S.C. § 2510(4). "'[E]lectronic, mechanical, or other device' means any device or apparatus which can be used to intercept a wire, oral, or electronic communication" other than a telephone or device provided by the company or used by the subscriber to use the communication technology. 18 U.S.C. § 2510(5). Courts have not found a violation of the ECPA if a device is not involved. See, e.g., Wesley Coll. v. Pitts, 974 F. Supp. 375 (D. Del. 1997) (an employee who briefly saw an email did not violate ECPA because he did not use a device).

Title II of the ECPA, known as the Stored Communications Act, will be discussed in the next section.

Title III of the ECPA amended the Omnibus Crime Control and Safe Streets Act of 1968, thereby prohibiting the interception of any "oral communication." An oral communication under the ECPA includes "any oral communication uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation." 18 U.S.C. § 2510(2). See, e.g., Dorris v. Absher, 179 F.3d 420 (6th Cir. 1999) (office employees had reasonable expectation of privacy when office director tape-recorded their conversations unbeknownst to the office employees.). A civil suit for damages may be brought for intercepting, disclosing, or intentionally using an oral communication under Title III. 18 U.S.C. § 2520.

The ECPA also provides three different types of exceptions that allow employers to intercept employee communications. The first exception is the "business extension" exemption, which allows for the interception of communications if the business normally monitors communication with a qualifying device in the normal course of business. 18 U.S.C. § 2510(5)(a). See Arias v. Mutual Central Alarm Service, Inc., 202 F.3d 553 (2d Cir. 2000) (where the company monitored incoming and outgoing calls 24 hours a day, the interception of employees' telephone calls was not a violation of the ECPA); compare with United States v. Murdoch, 63 F.3d 1391 (6th Cir. 1995) (where former wife recorded phone calls by defendant to check on funeral business and his possible marital infidelities, such conduct was not within the "normal course of business"). The second exception is the "consent" exemption, where the employer is allowed to monitor if at least one party consents to the interception. 18 U.S.C. § 2511(2)(d). The third exception is the "service provider" exemption, which allows providers of the communication service, including employers, to retrieve information stored on the system. 18 U.S.C. § 2701. This exemption is more within the realm of the Stored Communications Act (SCA). Also, it is unclear how these exemptions would apply to social networking and mobile devices. Therefore, this is an area of law that may either become more important in light of the information-sharing age or, on the flip side, fall to obscurity because it is based on technology prevalent in the late 1980s and not current with today's technology.

Of note, in Cloudpath Networks, Inc. v. SecureW2 B.V., 157 F. Supp. 3d 961, 985-87 (D. Colo. 2016), the plaintiff attempted to shoehorn garden variety trade secret allegations into claims for violation of the ECPA and SCA. The claim was based on allegations that the defendants, who were former employees of the plaintiff, Cloudpath, redirected potential Cloudpath customers to one of the defendant's new companies, deleted all of his emails from his Cloudpath account, and destroyed information regarding potential Cloudpath leads. Not surprisingly, the court held that neither statute was violated by these acts because the defendants had authorization to access the emails that they destroyed.

§ 14.6.3—Stored Communications Act

The Stored Communications Act (SCA), 18 U.S.C. § 2701(a) (also known as Title II of ECPA), provides that "whoever - (1) intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally...