On June 16, 2009, in Pietrylo v. Hillstone Restaurant Group, USDC D.N.J. Case No. 2:06-cv-5754-FSH-PS, a New Jersey federal jury found that the Houston’s restaurant chain violated the Stored Communications Act (SCA) and the New Jersey Wiretapping and Electronic Surveillance Control Act (NJWESCA) by allegedly requiring an employee to surrender to Houston’s managers login information that would allow access to an employee MySpace gripe group called “Spec-Tator.” Spec-Tator’s creators, Brian Pietrylo and Doreen Marino, were fired for violating Houston’s policies regarding professionalism and positivity. They sued for alleged violations of their common law right to privacy, freedom of speech, the SCA and the NJWESCA, and for wrongful termination.
Liability hinged on whether access to Spec-Tator was unauthorized. When Pietrylo and Marino created the group, they invited a select group of Houston’s employees, but no managers. The SCA and the NJWESCA extend liability to parties that exceed authorization to access electronic communications. Thus, the jury form asked: “Did Houston’s knowingly or intentionally or purposefully access the Spectator without authorization from Karen St. Jean?” The jury answered in the affirmative and awarded to plaintiffs $17,000 in compensatory and punitive damages.
The Hillstone verdict, as well as the court’s refusal to dismiss the SCA and NJWESCA claims on summary judgment, indicate that employers may be liable if they exceed their authorization in their employee policies by accessing protected sites not intended for them to see. However, there is extensive grey area yet to be explored. For example, the outcome of the case might have been different had a Spec-Tator user logged in using a work computer and failed to log herself out, or if Spec-Tator had dropped a cookie onto her computer permitting persistent login.