Lawyers often say that bad facts lead to bad law. Cases with outrageous fact patterns can drive a judge or jury to stretch the law and make outcome-based decisions in order to provide relief to a sympathetic party. Lawyers hate these types of decisions, because they can negatively skew the developing law based on one bad situation without enough consideration being paid to the legal implications for other, future cases.
I recently read one of those decisions. In my frustration over the avoidable bad facts of the case, I had to draft this post. The decision, Lazette v. Kulmatycki, was issued by a federal district court in Ohio in June. The plaintiff, Sandi Lazette, is a former Verizon employee who had been given a company-issued blackberry phone while employed. When Ms. Lazette left Verizon, she returned the blackberry to Verizon and thought that she had deleted her personal email account from the phone. About eighteen months later, however, Ms. Lazette learned that she had not deleted her personal email account from the phone and that her former supervisor had been accessing her personal emails and sharing information from the emails with others. Not surprisingly, Ms. Lazette was upset, and she sued the supervisor and Verizon, arguing that Verizon was liable for the supervisors conduct. Ms. Lazette alleged invasion of privacy, infliction of emotional distress, and a violation of a number of federal and state electronic communication laws, including the Store Communications Act and Title III of the Omnibus Crime Control and Safe Streets Act of 1968. Verizon unsuccessfully attempted to get the case dismissed, but the federal court denied the motion and the courts ruling indicates a real possibility that Verizon and Ms. Lazettes supervisor could be found liable on at least some of Ms. Lazettes claims.
The federal courts ruling is full of intricacies about electronic communication laws, but I believe the primary take-away from the case is that company managers need to exercise better judgment and avoid creating the type of bad facts that lead to bad law. When I discussed the Lazette ruling with one of my partners who specializes in privacy issues, he noted: Tell people not to do stupid things. With that in mind, heres a list of some smart things that companies can do in connection with technology to try to avoid legal risks:
1. Be thoughtful about whether you want to provide employees with a company purchased device or let employees use their own personal devices for work.
2. If you provide a company-owned device, be thoughtful about whether you want to let employees use the device for any personal communications.
3. Whatever devices you let employee use, think ahead of time about what data may be contained on the device, how you will obtain business data back if an employee leaves employment, and how you might segregate any personal employee data that may be on a device from business data.
4. Have carefully drafted written policies or user agreements in place with employees to protect company data, to ensure that company data is returned when employees leave employment, and to address when and how any arguably private data of your employees on a device may be accessed.
5. The legal landscape related to technology in the workplace is unsettled and evolving. Many of the laws being applied by courts were written long before the technology at issue was developed. As such, it is smart to tread carefully and to check with legal counsel before accessing any personal emails or other arguably private data of an employee to ensure you have legal grounds to access the data and that you access the data in a lawful way.
6. Train your managers on the company’s policies and practices related to technology. Make sure that managers know that they must consult with upper management (and possibly the company’s attorney) before accessing data on an employees computer or other technology devices and before sharing any accessed information with others.
Following these tips and exercising good sense can go a long way in reducing legal disputes and legal risks related to workplace technology.