In an unpublished opinion, a federal district court in New Jersey has upheld a jury verdict in which a company was found liable for violating the federal Stored Communications Act (SCA). The violation occurred when the company’s managers intentionally accessed a “chat group” on an employee’s MySpace account without having received authorization from the MySpace member to join the group. Further, the court upheld the jury’s finding of malicious conduct, which supported an award of punitive damages. Pietrylo v. Hillstone Restaurant Group d/b/a Houston’s, D.N.J., No. 06-5754, unpublished, Sept. 25, 2009.
Brian Pietrylo and Doreen Marino filed suit against their employer, Houston’s Restaurant, after two of the restaurant’s managers accessed a MySpace chat group maintained by Pietrylo during his non-work hours. The chat group, called the “Spec-Tator,” was accessed via an electronic invitation from Pietrylo. If the user accepted that invitation, he or she could access the site only by using a personal password. The site included language that indicated that the group was private, and that it was a place in which Hillstone employees could talk about the “crap/drama/and gossip” related to their workplace. No Hillstone upper manager was invited to join the group, and members accessed the site only during non-work hours and on non-company computers.
One employee/chat group member, Karen St. Jean, made a Houston’s manager aware of the site. St. Jean later provided her password to another manager, Robert Anton, who shared the information with a regional manager, Robert Marano. In spite of the privacy warning on the page, Anton and Marano accessed the site on multiple separate occasions. After determining that the content of the postings in the chat group were “offensive,” Anton and Marano fired Pietrylo and Marino.
Pietrylo and Marino then sued Houston’s, alleging, in part, that the company violated the SCA and a parallel New Jersey statute, the New Jersey Wiretapping and Electronic Surveillance Control Act. A jury found in favor of the employees, awarding modest compensatory damages, but adding punitive damages after finding that the company acted maliciously. Houston’s challenged the verdict in a motion for judgment, and requested a new trial. Both motions were denied by the district court, which found that the verdict and the damages were supported by the evidence.
Under the SCA, the plaintiffs had to prove that Houston’s managers accessed the chat group “knowingly, intentionally, or purposefully,” and without authorization. Although Houston’s argued that St. Jean willingly volunteered her password to Anton, St. Jean’s trial testimony included the fact that she would not have provided that information to Anton if he had not been a manager. Interestingly, the court’s decision turned partly on the fact that there was no documentary evidence concerning the authorization, and so the jury had to rely on the testimony and demeanor of the witnesses. The court held that the jury could infer from St. Jean’s testimony – specifically her statement that she felt that she “would have gotten in trouble” if she hadn’t provided her password – that the purported authorization was coerced. In addition, the court cited that particular testimony, in conjunction with the fact that the restaurant’s managers viewed the site on several different occasions, even though the site specifically contained warnings that it was “private” and accessible to “members only,” to support its decision to deny Houston’s motions.
While this decision is a district court case and therefore open to appeal, the decision is one of which employers should be aware. The lack of documentation regarding how the company obtained the password, the use of a self-designated “private” chat room by individuals without an actual invitation, and the continued use of the site with specific knowledge of its invitation-only status all provided a basis for the court to support the jury’s findings against the company. While employers have certain rights and obligations with respect to company-related computer equipment and electronic sites, this case points out the pitfalls of an attempt to extend that authority to non-work-related equipment and sites. This area of the law is developing quickly, and employers should be attuned to the ways in which courts are addressing the issues that arise in that area.