Unauthorized Access To Email

This article discusses the remedies for unauthorized access to email in the State of California. Now, email is an essential part of our lives and has been granted extensive protections in the state and federal spheres. Beyond that, it can occur in a variety of ways such as: (i) leaving an unlocked device on your desk; (ii) lending someone your email password; (iii) getting hacked by someone; or (iv) simply failing to properly update security on your device. Yet, what laws are in place to punish those who would unlawfully access an email account? What are the consequences? How might this help business owners protect their confidential information and intellectual properties?

California Laws

In California, there are statutes for computer crimes, which would prohibit individuals from unlawfully accessing another person’s email accounts.  For example, Penal Code 502 prohibits access without permission of computers, networks, internet websites, electronic mail, and similar things. Although, it should be noted that Penal Code 502 lists other criminal acts, such as knowing misuse of domain names, introductions of contaminants, and deletion of data.

The listed crimes are generally broken down into three elements:

1) An act committed knowingly and without permission;

2) Resulting in;

3) An undesirable effect (e.g., introduction of malware, access to email, deletion of data).

The emphasis is on the first element — the act is “knowingly” done without permissions. Thus, inadvertent access–like the inadvertent acts of a secretary–could be without legal liability. However, the methods hackers may employ would be covered under this statute, as well as any purposeful efforts by former employees or private investigators.

How might this apply to business owners?

In the law, there is a provision adding another means of remedy to computer owners. It allows compensatory damages and injunctive relief in addition to attorney’s fees.  Importantly, this would also cover the costs of determining any loss of data, and that the violation had actually occurred. This means that it could be combined or supplemented with common law torts (e.g., trespass to chattels) as they are applied to computer systems or electronic devices.

For a stereotypical unlawful access, where the unlawful access resulted from malware, there are potential difficulties. Compensatory damages may be impossible to recover (assuming the defendant is unable to pay) and a plaintiff may be limited to seeking some sort of injunctive relief, which may also be relatively ineffective. While it may prevent one hacker, the injunction may not be permanent, and damages would be left unresolved or unrecovered.

A more pertinent remedy for an unlawful access to email may lie elsewhere, such as trade secret protection.  For example, Ann, an employee of Bob, sees Bob’s phone unlocked, and from accessing his email app, writes down a list of potential clients. From there, Ann leaves Bob’s employment, and begins a competing company. Generally, the client lists are protected under trade secret laws, and ripe for revelation from an unlawful access. While Ann would be guilty of a Penal Code 502 violation, Bob could potentially add a claim based on trade secret violations and recover under both.

At our law firm, we assist clients with legal issues related to business, intellectual property, and e-commerce transactions.  You may contact us to set up an initial consultation.