Friday, June 22, 2012

Privacy, Stored Communications and the “Shared Workplace Computer”


This post examines a civil case that raises interesting legal issues concerning workplace privacy and the federal Stored Communications Act, among other issues.  The case is Doe v. City of San Francisco, 2012 WL 2132398 (U.S. District Court for the Northern District of California 2012) and this, as the opinion notes, is basically what it is about:

Plaintiffs Maura Moylan (formerly referred to as `Jane Doe’; hereinafter `Moylan’) and Anne Raskin (`Raskin’) contend that they were bullied, harassed, and discriminated against on the basis of gender by Defendants while employed by the Department of Emergency Management `“DEM’), and suffered further violations of their right to privacy and of the federal Stored Communications Act when Defendants accessed Moylan's email from a shared workplace computer. 

Doe v. City of San Francisco, supra. 

Moylan and Raskin sued the City and County of San Francisco, Janice Madsen, Kym Dougherty, Audrey Hillman, Heather Grives and “Does 1-10”.  Doe v. City of San Francisco, supra.  Complaint, Doe v. City of San Francisco, et al., 2010 WL 4633993.  Paragraph 6 of the Complaint explains that the City and County of San Francisco

(`CCSF’), is a political subdivision of the State of California. . . . CCSF has created and operates the Department of Emergency Management which oversees the Division of Emergency Communications (`DEMDEC’). Plaintiff is informed and believes DEMDEC is a separate unit or division of Defendant CCSF, organized and existing pursuant to the rules promulgated by the CCSF.

Complaint, Doe v. City of San Francisco, et al., supra.

Paragraphs 7-10 of the Complaint say Madsen, Dougherty, Hillman and Grives (i) are “United States citizen[s] and resident[s] of the State of California” and (ii) were, at “all times relevant” to the claims in the Complaint, “supervisory employee[s] of . . . CCSF,” and acted “within the course and scope of [their] employment with and pursuant to and under color of the authority of Defendant CCSF and/or DEMDEC.”  Complaint, Doe v. City of San Francisco, et al., supra. It also states that each of them is “being sued herein in her individual capacity as well as her capacity as supervisory employee of Defendant CCSF.”  Complaint, Doe v. City of San Francisco, et al., supra.

Paragraph 11 of the Complaint says the plaintiffs included the ten “John Doe” defendants because they did “not know their true names and/or capacities at” when they filed the Complaint.  Complaint, Doe v. City of San Francisco, et al., supra.  It also says that, if and when they ascertain the identities of the Doe Defendants, they will seek the court’s permission to amend the Complaint and add them as defendants under their own names.  Complaint, Doe v. City of San Francisco, et al., supra.

Before we get into the facts and legal claims at issue, I need to note what the court is doing in this opinion.  The Complaint asserts claims under the federal Stored Communications Act and for invasion of privacy, intentional infliction of emotional distress and gender discrimination in violation of California law.  Complaint, Doe v. City of San Francisco, et al., supra at ¶¶ 138-169.  We’re only concerned with the first two. 

A “seven-day jury trial was held” and on April 11, 2012 the jury returned its verdict. Doe v. City of San Francisco, et al., supra.  The jury found for the plaintiffs on all their claims and assessed damages, as I calculate it, of $220,000 for Moylan and $42,000 for Raskin.  Verdict, Doe v. City of San Francisco, et al., 2012 WL 1945186.  “[A]t the close of evidence,” i.e., before the case was given to the jury, the defendants “timely moved for judgment as a matter of law under Federal Rule of Civil Procedure 50.” Doe v. City of San Francisco, et al., supra

As Wikipedia explains a motion for judgment as a matter of law “is a motion made by a party, during trial, claiming the opposing party has insufficient evidence to reasonably support its case.”  As this opinion notes, under Rule 50(a)(1) of the Federal Rules of Civil Procedure,

[i]f a party has been fully heard on an issue during a jury trial and the court finds that a reasonable jury would not have a legally sufficient basis to find for the party on that issue, the court may:

(A) resolve the issue against the party; and (B) grant a motion for judgment as a matter of law against the party on a claim or defense that, under the controlling law, can be maintained or defeated only with a favorable finding on that issue.

Doe v. City of San Francisco, et al., supra (quoting Rule 50(a)(1)).

Under Rule 50(b) of the Federal Rules of Civil Procedure, if the judge does not grant the motion for judgment as a matter of law, “the court is considered to have submitted the action to the jury subject to the court's later deciding the legal questions raised by the motion.”  Doe v. City of San Francisco, et al., supra (quoting Rule 50(b)).  “No later than 28 days after” judgment is entered on the jury’s verdict, the party who filed the Rule 50 motion can “file a renewed motion for judgment as a matter of law”, which is clearly what happened here.  Doe v. City of San Francisco, et al., supra (quoting Rule 50(b)). We are only concerned with the Stored Communications Act and invasion of privacy claims.

Both apparently arose from a single incident.  The Complaint says that on November 26. 2009, Moylan was told she was the subject of “an internal investigation” and on November 27, she met with a “union representative, Ron Davis and Terry Daniels from DHR to discuss the investigation.  Complaint, Doe v. City of San Francisco, et al., ¶¶ 97-98.  Davis told Moylan that Madsen

sat down at one of the community computer in a supervisor's office and `happened to find’ eight (8) or nine (9) emails up on the screen in full view for her to see. Daniels [said] this happened on October 18, 2009. Purportedly, these emails all came from [Moylan’s] personal Yahoo!™ account. Daniels [said her] Yahoo!™ account had a box that was checked that kept her logged on, and [she] allegedly `forgot’ to hit the `sign off’ button. 

Thus, when Madsen went to use the computer, it showed [Moylan] as still logged on, so `she decided to snoop.’ . . . [T]he emails were dated from September 2008 to July 2009. According to Daniels, Madsen, `only’ printed-out nine (9) or (10) emails but DEC was only `concerned’ about two (2) of the emails. Daniels showed [them] to [Moylan] and Davis. [Moylan] expressed extremely confidential, personal and private matters in these emails.

Complaint, Doe v. City of San Francisco, et al., ¶ 99.  Later, the Complaint says Madsen and Dougherty accessed Doe’s email account without her permission and “reviewed, printed, and republished private and confidential emails between” Moylan and Raskin. Complaint, Doe v. City of San Francisco, et al., ¶ 129.  The Stored Communications Act (SCA) and invasion of privacy claims arise from the accessing of the email account(s). 

The judge noted that the SCA “provides a cause of action against anyone who `intentionally accesses without authorization a facility through which an electronic communication service is provided . . . and thereby obtains . . . access to [an]. . .  electronic communication while it is in electronic storage.’” Doe v. City of San Francisco, et al., supra (quoting 18 U.S. Code §§ 2701(a)(1) and 2707(a)).  He noted that the U.S. Court of Appeals for the Ninth Circuit has compared the Stored Communications Act to trespass, so it protects stored communications just as the law of trespass protects items stored in a rented commercial storage facility. Doe v. City of San Francisco, et al., supra. 

The defendants in this case argued that Moylan’s and Raskin emails were

open at the time they were accessed by Defendants -- in other words, that all 28 emails had been opened in separate windows on the computer screen, and then minimized in such a way as to cause each to appear in succession when one was closed, and so as to make closing these windows without viewing the contents impossible. 

The technical mechanism or software which would cause this phenomenon remains unexplained, but, nevertheless, Defendants contend this was the means through which the emails were discovered, and that, therefore, any access by Defendants of Plaintiffs' email did not violate the Act.

Doe v. City of San Francisco, et al., supra. 

The judge did not agree:  He noted, first, that the defendants’ argument that viewing open windows – “or windows popping up onto a screen, after a web mail inbox has been left open” – relied on cases that were not applicable and that arose in federal district courts “not governed by the Ninth Circuit’s analytical framework,” which, as noted above, approaches the issue as a type of trespass.  Doe v. City of San Francisco, et al., supra. 

He also found that even if one accepted the premise of the defendants’ argument, it relied “entirely” on their version of the facts, which the plaintiffs “hotly” disputed and

against which there was substantial evidence presented. . . . Defendant[s] . . . contend, [they] did not open the emails . . . but were confronted by those emails, open on the screen, and could therefore not avoid viewing the contents. The testimony given by various witnesses at trial, however, did not clearly support -- and in some instances, strongly disputed -- this version of events. Moylan testified she had not left her emails open on the screen. . . . 

Dougherty provided testimony which seemed in many ways to contradict itself, first testifying that the emails were open on the screen, then testifying that clicking the `x’ in the corner of a window -- to close the email window -- somehow caused more email windows to open spontaneously. . . . Madsen . . . gave . . . a confusing account of how the emails came to be open, which contradicted her deposition testimony.

Doe v. City of San Francisco, et al., supra. 

He found this testimony “supported a version of the facts not acknowledged by Defendants”, i.e., that they “affirmatively opened” the emails and “sifted through” Moylan’s inbox.   Doe v. City of San Francisco, et al., supra.  So he denied their motion for judgment as a matter of law on this claim.  Doe v. City of San Francisco, et al., supra. 

He then addressed the invasion of privacy claim, noting that, under California law, the elements of such a claim are “(1) conduct invading privacy interests, (2) a reasonable expectation of privacy as to the interests invaded, (3) seriousness of the invasion and (4) a resultant injury, damage, loss or harm.”  Doe v. City of San Francisco, et al., supra.  In their motion for judgment as a matter of law, the defendants argued that there was no

reasonable expectation of privacy on the shared work computer, that, even if there was such an expectation, it was forfeited by leaving emails open on the screen, and, furthermore, that even if there was an invasion of privacy, it was not sufficiently serious to merit relief.

Doe v. City of San Francisco, et al., supra. 

They also argued that because the computer “was a workplace machine, the expectation of privacy is reduced”.  Doe v. City of San Francisco, et al., supra.  The judge  was not persuaded, noting that evidence was presented showing that the computer at issue was

shared, but designated specifically for personal use by employees. . . . [T]here was testimony that employees routinely used this terminal for private, personal activities such as accessing their personal web-based email, social networking websites, and even printing their pay stubs. . . . 

When a user would inadvertently leave their inbox open on the screen, it was routinely closed by the next user. . . . [I]t was understood . . .  to be a terminal on which employees were able to privately access their personal internet utilities and communications, without expectation of employer intrusion.

Doe v. City of San Francisco, et al., supra. 

He also rejected their argument that Moylan forfeited any privacy interest she may have had in the computer when she left her emails “open” on it, noting that the argument was “undermined by the evidence presented at trial that she did not, in fact, leave her email open on the computer.”  Doe v. City of San Francisco, et al., supra.  He denied the defendants’ motion for judgment on this claim because he found that, based on the evidence presented, a reasonable juror could find that Moylan “did, in fact, have an unforfeited privacy interest” in the computer.  Doe v. City of San Francisco, et al., supra. 

Finally, he rejected the defendants’ argument that “any invasion” of Moylan’s privacy “was not sufficiently serious so as to constitute an invasion of privacy.”  Doe v. City of San Francisco, et al., supra.  He found that evidence presented at trial which showed that “these communications consisted of an employee's complaints to a union steward regarding workplace conditions” and that “her email inbox was deliberately searched” was enough to justify a reasonable juror in finding that Moylan’s right to privacy had been violated.   Doe v. City of San Francisco, et al., supra.   

The judge therefore denied the defendants’ motion as to this claim, and as to the remaining claims.  Doe v. City of San Francisco, et al., supra.  

No comments: