The U.S. Court Appeals for the Eleventh Circuit has ruled that statutory damages under the Stored Communications Act (SCA) are not available in a case where the plaintiff did not incur any actual damages.

The case, Vista Marketing LLC v. Burkett, originated from an extremely contentious divorce proceeding.  While the majority of the  allegations in that proceeding might make for good television, they are not relevant here.  In short, Terri Burkett filed for divorce from her husband, Franklin, in February 2010.  During the divorce proceeding, the valuation of Vista Marketing became a primary issue.  Terri suspected her estranged husband was lying about the financial status of Vista.  To obtain information to prove her theory, Terri began regularly accessing the Vista web mail account to read Franklin’s emails from October 2011 until May 2012.  Sometimes Terri would review the emails before Franklin had opened them, but most of the time she did not read them until after they had been viewed by Franklin .  The emails Terri obtained were valuable evidence in the divorce proceeding and led to a significant valuation of Vista.

Less than a month after the final judgment of the divorce court, Vista sued Terri, alleging she violated the SCA when she access Vista’s web mail account and Franklin’s Vista email account during the divorce proceedings.  Following a three-day jury trial, the jury found Terri had violated he SCA when she accessed Franklin’s emails.  It further concluded Terri had committed 450 violated of the SCA.  But, the jury determined Vista had sustained no actual damages as a result of Terri’s actions and despite finding Terri’s conduct was “willful, wanton, or malicious,” it awarded no punitive damages to Vista.  The district court then conducted a hearing to determine whether it would award statutory damages to Vista.  Vista argued it was entitled to $450,00 in statutory damages ($1,000 for each violation of the SCA), while Terri contended no damages should be awarded as the jury found Vista had suffered no actual damages.  Ultimately, the district court, in an exercise of discretion, awarded Vista $50,000 in statutory damages.

In analyzing the case, the Circuit Court looked to the SCA’s damages provision which provides: “The court may assess as damages in a civil action under this section the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000. If the violation is willful or intentional, the court may assess punitive damages. In the case of a successful action to enforce liability under this section, the court may assess the costs of the action, together with reasonable attorney fees determined by the court.”

Ultimately, the Circuit Court agreed with Terri that the SCA precluded the district court from awarding Franklin any money in statutory damages because the jury returned a verdict reflecting that Franklin incurred no actual damages as a result of the 450 violations, and statutory damages may be awarded only upon a finding of actual damages. The Circuit Court upheld the judgment but vacated the district court’s award of statutory damages to Franklin.

In reaching its conclusion, the Circuit Court relied on the U.S. Supreme Court’s decision in Doe v. Chao, which construed the phrase “person entitled to recovery” under the Privacy Act to require a finding of actual damages before statutory damages may be awarded.  The Circuit Court also examined the Wiretap Act, which like the SCA were both part of the Electronic Communications Privacy Act (ECPA), and found it would be “inconsistent, to say the least, if Congress treated violations of the SCA more severely than civil violations of the Wiretap Act.”

While the decision provides legal precedent in the Eleventh Circuit that SCA statutory damages are not available absent actual damages, district courts in other jurisdictions, including New York and Illinois, have reached the opposite conclusion.  In those districts, proof of actual damages is not required to seek statutory damages.  As courts throughout the country continue to struggle with analyzing claims under the SCA, it may ultimately fall on the Supreme Court to decide this issue.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jason C. Gavejian Jason C. Gavejian

Jason C. Gavejian is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and co-leader of the firm’s Privacy, Data and Cybersecurity practice group. Jason is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy…

Jason C. Gavejian is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. and co-leader of the firm’s Privacy, Data and Cybersecurity practice group. Jason is also a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

As a Certified Information Privacy Professional (CIPP/US), Jason focuses on the matrix of laws governing privacy, security, and management of data. Jason is co-editor of, and a regular contributor to, the firm’s Workplace Privacy, Data Management & Security Report blog.

Jason’s work in the area of privacy and data security includes counseling international, national, and regional companies on the vast array of privacy and security mandates, preventive measures, policies, procedures, and best practices. This includes, but is not limited to, the privacy and security requirements under state, federal, and international law (e.g., HIPAA/HITECH, GDPR, California Consumer Privacy Act (CCPA), FTC Act, ECPA, SCA, GLBA etc.). Jason helps companies in all industries to assess information risk and security as part of the development and implementation of comprehensive data security safeguards including written information security programs (WISP). Additionally, Jason assists companies in analyzing issues related to: electronic communications, social media, electronic signatures (ESIGN/UETA), monitoring and recording (GPS, video, audio, etc.), biometrics, and bring your own device (BYOD) and company owned personally enabled device (COPE) programs, including policies and procedures to address same. He regularly advises clients on compliance issues under the Telephone Consumer Protection Act (TCPA) and has represented clients in suits, including class actions, brought in various jurisdictions throughout the country under the TCPA.

Jason represents companies with respect to inquiries from the HHS/OCR, state attorneys general, and other agencies alleging wrongful disclosure of personal/protected information. He negotiates vendor agreements and other data privacy and security agreements, including business associate agreements. His work in the area of privacy and data security includes counseling and coaching clients through the process of investigating and responding to breaches of the personally identifiable information (PII) or protected health information (PHI) they maintain about consumers, customers, employees, patients, and others, while also assisting clients in implementing policies, practices, and procedures to prevent future data incidents.

Jason represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination, and wage and hour claims in both federal and state courts. He regularly appears before administrative agencies, including the Equal Employment Opportunity Commission (EEOC), the Office for Civil Rights (OCR), the New Jersey Division of Civil Rights, and the New Jersey Department of Labor. Jason’s practice also focuses on advising/counseling employers regarding daily workplace issues.

Jason’s litigation experience, coupled with his privacy practice, provides him with a unique view of many workplace issues and the impact privacy, data security, and social media may play in actual or threatened lawsuits.

Jason regularly provides training to both executives and employees and regularly speaks on current privacy, data security, monitoring, recording, BYOD/COPE, biometrics (BIPA), social media, TCPA, and information management issues. His views on these topics have been discussed in multiple publications, including the Washington Post, Chicago Tribune, San Francisco Chronicle (SFGATE), National Law Review, Bloomberg BNA, Inc.com, @Law Magazine, Risk and Insurance Magazine, LXBN TV, Business Insurance Magazine, and HR.BLR.com.

Jason is the co-leader of Jackson Lewis’ Hispanic Attorney resource group, a group committed to increasing the firm’s visibility among Hispanic-American and other minority attorneys, as well as mentoring the firm’s attorneys to assist in their training and development. He also previously served on the National Leadership Committee of the Hispanic National Bar Association (HNBA) and regularly volunteers his time for pro bono matters.

Prior to joining Jackson Lewis, Jason served as a judicial law clerk for the Honorable Richard J. Donohue on the Superior Court of New Jersey, Bergen County.