In addition to California’s precautions against unauthorized email access, there are additional Federal measures to protect privacy. Compared to state measures, this gives another way for an individual to seek legal remedies in a federal court. This is broken up into three different statutes, as part of the Electronic Communications Privacy Act, first regarding wiretapping, unlawful access, and pen registers. Yet, to a business only the first two have real consequence, with the final one applying in a narrower scope. So, what is the difference between anti-wiretapping and unlawful access laws? Why might someone choose to sue under the wiretapping statute, but not unlawful access? Can either provision provide an individual the ability to recover for lost or misappropriated sensitive information from electronic mail?
Federal wiretapping laws are outlined in 18 U.S.C. 2511, which focuses on prohibiting the intentional interceptions of electronic communication unless it is for valid government purposes. Yet, while it is called a wiretapping statute, it’s far more expansive. An unlawful interception would result in a fine and, at most, five years of imprisonment. However, the civil remedies for a violation come from Section 2520, which allows equitable relief (e.g., injunction), punitive damages, and attorney’s fees. The computation of damages is limited to the greater between the actual damages or statutory damages of $100/day for each day of violation or $10,000.
To a business entity, this does allow for some form of recovery, though the amount would vary on the facts of the case. The computation of damages presents some difficulty in measuring the effect. In trade secret, or with other confidential or privileged information, the interception of emails may yield immense damages in short or long terms. Yet, it would be almost impossible to calculate if it is for long term.
In addition to the laws on unlawful interception, there is still a provision for unlawful access: 18 U.S.C. 2701 which prohibits an intentional access that results in a person obtaining, altering, or preventing authorized access to communication while it is in storage. Essentially, this would make any individual who managed to break into an email server criminally liable. The individual accessing the stored content without permission could be fined or imprisoned for up to five years.
What are the alternative measures?
As with the California statutes, trade secret is a likely substitute for some claims under these provisions. They would enable a more certain route for civil recovery, although other aspects, like Non-disclosure agreements, and other contractual creatures could assist to reach the goals.
However, approaching a scenario where there is a larger-scale hacking, the situation is far more complex. It is possible, if not likely, that the hackers may not be found, or it may be difficult to sue the hackers in state or federal courts. Ultimately, it may be probable that only a few cases can be pursued, and while these are general protections, they come with special limitations regarding the federal government which permits legitimate surveillance methods.
At our law firm, we assist clients with legal issues related to business, intellectual property, and e-commerce transactions. Please contact us to set up an initial consultation.