A U.S. District Court in Indiana has ruled that a company’s use of keylogger software to access an employee’s personal e-mail account may have violated the Stored Communications Act (“SCA”).
Keylogging or keystroke logging is the tracking of the keys struck on a keyboard, typically in a covert manner. 
In Rene v. G.F. Fishers, Inc.,the company utilized keylogger software and was sued by one of its employees for violations of the SCA, the Indiana Wiretap Act (“IWA”), and the Federal Wiretap Act. The company generally prohibited personal use of its computers, however, it permitted the employee to access her personal checking account and personal e-mail account from the company computer. The employee was later notified that the company had installed keylogger software on the computer. Utilizing the keylogger software, the company accessed the employee’s personal e-mail account and personal checking account (acquiring the passwords utilizing the keylogger software), and reviewed and discussed the messages and contents.
The employee was fired for “poor performance” after complaining about the access. She sued her former employer, alleging the company violated the SCA, IWA, and the Federal Wiretap Act. While the court did not address certain factual issues under the SCA (e.g., whether the company accessed the employee’s e-mail messages before the employee opened them), it held that by alleging that the employer accessed her e-mail messages the employee had satisfied the burden of asserting a violation of the SCA. The court also denied the company’s motion to dismiss the former employee’s IWA claim, but it did dismiss the Federal Wiretap Act claim.
As we have previously discussed, jurisdictions are at odds over the use of keylogger software in the employment context. Employers should carefully consider their use of keylogger or monitoring technology and consult counsel as to best practices for the jurisdiction in which you are located.
