4th Circuit Issues SCA Ruling On Employer's Access Of Employee's Personal Email Account
The SCA imposes criminal liability and a civil cause of action against one who "intentionally accesses without authorization a facility through which an electronic communication service is provided" or "intentionally exceeds an authorization to access that facility," and by doing so "obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system." In yesterday's case, the president of the plaintiff's former employer accessed her personal email account repeatedly while the plaintiff was employed there and for a year after she left the company. Against the president and the company, the jury awarded, in the aggregate, $175k in statutory damages and $100k in punitive damages. She was permitted to recover these damages (and attorney's fees) without proving actual damages.
The Fourth Circuit interpreted the SCA just as the Supreme Court has interpreted the Privacy Act: as requiring proof of actual damages as a prerequisite to recovering statutory damages. See Doe v. Chao, 540 U.S. 614 (2004). This result is contrary to the conclusion reached by several district courts under the SCA.
The Fourth Circuit did hold, however, that a prevailing plaintiff under the SCA need not prove actual damages in order to recover punitive damages. The prevailing rule is that punitive damages aren't recoverable absent proof of actual damages--unless a statute so authorizes. The Court concluded that the SCA does provide such authorization: the SCA says that "[i]f the violation [of the SCA] is willful or intentional, the court may assess punitive damages"; the Court found no limiting language in that phrase that would require proof of actual damages.