Employer Isn’t Liable When Former Employee Linked His Apple Accounts To Its Devices–Sunbelt v. Victor
Victor worked at Sunbelt as a sales rep but left to join a competitor. His former employer is suing him for trade secret misappropriation.
Victor asserted privacy-based counterclaims. Sunbelt assigned him an iPhone and an iPad. He created an Apple account linked to both devices. He returned the devices upon termination. He received an iPhone and iPad from his new employer, but when he went to link the iPad to his Apple account, he discovered that the previous phone was still linked to his account. As a result, his text messages were transmitted to the iPhone he returned to Sunbelt. He sued for violations of the Wiretap Act, Stored Communications Act and Section 502 of the California Penal Code.
His Wiretap Act claim fails because Victor could not allege that Sunbelt “intentionally” intercepted any messages. The court questions whether an “interception” occurred at all. Moreover, Victor’s actions (connecting the device to his account and later not un-linking the device) caused any interception that occurred.
His Stored Communications Act claims also fail. There’s no allegation that Sunbelt accessed any of the messages. The court also questions whether texts on a phone are in “electronic storage” for purposes of the SCA.
Victor’s statutory state law claims fail for similar reasons. As to his invasion of privacy tort claim, the court flatly rejects Victor’s contention that he had a reasonable expectation of privacy in the communications generally. While it’s possible that specific messages may carry a greater expectation of confidentiality, Victor did not make any supporting allegations about this. Even if he had some expectation of privacy, the court says he’s out of luck:
The facts alleged demonstrate that he failed to comport himself in a manner consistent with objectively reasonable expectation of privacy. By his own admission, Victor personally caused the transmission of his text messages to the Sunbelt iPhone by syncing his new devices to his Apple account without first unlinking his Sunbelt iphone. As such, even if he subjectively harbored an expectation of privacy in his text messages, such expectation cannot be characterized as objectively reasonable, since it was Victor’s conduct that directly caused the transmission of his text messages to Sunbelt in the first instance.
For good measure, the court also says that even assuming an intrusion occurred, it falls short of anything that is highly offensive to the reasonable person.
This is an oddball factual scenario, but it’s probably more common than one would expect. Employer investigations that delve into employee communications always seem somewhat risky (perhaps unavoidable). Although the claims here largely failed because Victor was the one who caused his texts to be forwarded, the variety of claims asserted highlight what legal tools are available to the terminated employee who asserts a privacy claim. (See Pure Power; Ehling.)
The case is somewhat analogous to the Zaratzian case in that privacy cases can turn on settings that determine who receives access or is forwarded messages. Both situations also involve life transitions (divorce, job change) and highlight the importance of reviewing automated settings during such transitions. It’s important for the party who “owns” the account, but perhaps equally important for the party who receives forwarded messages as well.
Ultimately, a clear waiver by the employee would probably neutralize most of the claims. The waiver issue does not come up in this case, but I wonder how consent in this context would compare with consent in the email scanning cases.
Bonus question that also did not come up: would employee social media laws have any effect on this scenario? Unlikely, but the influence of the Apple account did bring this to mind. Given the ambiguous status of accounts, it would have been trivially easy for the employer to violate this law. Would Sunbelt have violated the law by requesting that Victor take certain action with respect to the Apple account, to reveal details regarding what devices it was linked to, or perhaps have him de-link their device from account during the exit interview? We haven’t seen much litigation of the social media password privacy statutes yet, but the voluminous number of drafting ambiguities in those statutes mean there is a high likelihood of disputes under those heading towards a litigation quagmire. (See Eric’s post: “The Spectacular Failure of Employee Social Media Privacy Laws“.)
Case Citation: Sunbelt Rentals v. Victor, No. 13-4240-SBA (N.D. Cal. Aug. 28, 2014)