Based partially upon an interpretation of Florida law, in Global Policy Partners, LLC, et al. v. Yessin, 2009 U.S. Dist. LEXIS 112472 (Nov. 24, 2009), a Virginia district court has ruled that an LLC’s partner does not always have the authority to access a partner’s e-mails simply by virtue of his status in the company.
Katherine and Brent Yessin, husband and wife and business partners, were feuding as part of a messy divorce and business dissolution. Mrs. Yessin, on behalf of herself and the Florida business, brought suit against Mr. Yessin for his alleged illegal access of her personal e-mails, including those containing attorney-client communications in her divorce case, stored on the company’s server in violation of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. §1030(a), and other federal and state statutes. In a motion to dismiss his wife’s complaint, Mr. Yessin argued that under Florida law, as a manager/partner in his business, he had the authority to access all e-mails stored on the business’s computer server regardless of his reason for doing so. The court disagreed.
The court found that even assuming Florida law authorized managers to access e-mail information stored on a company’s computer system, authorization is limited to carrying out the company’s business. Likewise, under the CFAA, authorization to access a computer system may not simply be based on a person’s status within the organization, but whether the person is accessing information in accordance with the “expected norms or intended use” of the computer network. Because the scope of Mr. Yessin’s authority to access his wife’s e-mails depended upon a detailed factual inquiry into his purposes for doing so, Mr. Yessin’s motion to dismiss the CFAA counts of the complaint was denied and Mrs. Yessin was allowed to proceed in her action.
Caution for employers: This decision has implications for employers in how and why managers may access employee e-mails. While an employer generally has the right to review stored e-mails on the employer’s system, regardless of whether the e-mails are an employee’s personal or business communications, the employer or employer’s agent must have a legitimate business purpose for such review, not a nefarious reason. Note, however, that, some courts have limited an employer’s ability to review an employee’s e-mails in other situations, such as when the e-mail is subject to the attorney-client privilege. Employers’ policies and procedures for accessing employee e-mails should be periodically reviewed and revised, where necessary, to ensure that the individuals who access lawfully stored e-mails not only have the appropriate status within the company, but also are doing so for legitimate business purposes.