The Electronic Communications Privacy Act is the only federal act that
specifically addresses interception of e-mail. The law makes it a federal crime
to intentionally or willfully intercept, access, disclose or use anothers
wire, oral or electronic communications. E-mail falls into that category.
- Civil damages include actual damages suffered and any profits made by the violator, or statutory damages (the greater of $100 a day for each day of violation or $10,000). It is also possible to get attorney's fees, costs and equitable relief.
- Criminal penalties can be up to five years imprisonment and fines up to $5,000.
- The ECPA forbids intercepting other people's private e-mail, but
it has exceptions. For example, an online provider can look at your e-mail
if it suspects you are trying to harm the system, harm another person,
or commit an illegal act.
- The ECPA does not establish a right to privacy of e-mail communications in
the workplace. Under its Employer Provider Exception, an employer
can justify interceptions made in the ordinary course of business and that
either (1) were necessary to the rendition of the service or (2) were necessary
to protect its rights or property.
So a company can use trade secrets, confidential information, or system maintenance as excuses for the interception. The employer also can argue that monitoring is needed for quality control checks.
ECPA also states that the "provider of electronic communication service or remote computing service may disclose a record or other information pertaining to a subscriber or customer of such service . . . to any person other than a governmental entity." When such information is sought by a governmental entity, the information may only be disclosed if the governmental entity has obtained a warrant, court order or the consent of the subscriber.
Michael A. Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996):
The court held that no reasonable expectation of privacy existed in e-mail voluntarily made to one's supervisor, even though Smyth claimed that the company had stated e-mail was private. Smyth also lost any reasonable expectation of privacy once he sent the "unprofessional comments" to a second person over an e-mail system used by the entire company. The court also said the company's interest in preventing inappropriate or unprofessional comments and even illegal activity over its e-mail outweighed any privacy interest of the employee.
Excerpts from OSU's Policy on Use of Electronic Mail (July 1997):
- "E-mail messages shall be delivered to the addressees and not censored or interfered with in any way by the University.
- "Individually addressed e-mail communications may not be intercepted by any
third party except as noted below. This does not prevent persons who have
legitimately received electronic mail messages from forwarding such messages
on to third parties.
- "Users of the University's e-mail services are required at all times to observe
all laws relating to copyright, trademark, and trade secrets protection.
- "Account holders may not use encrypting programs when engaging in e-mail communications
except as specifically authorized in advance in writing by CIS.
- "Under certain circumstances the OSU Postmaster(s) alternate(s), or the
Assistant Director, Technical Services, CIS, may, in the course of his or
her professional duties, access an individual's e-mail for legitimate management
or maintenance purposes."
The Children's Online Privacy Protection Act prohibits Web sites or online services
from collecting personal information about children without parental consent.
Under the statute, a child's participation in a game, the offering of a prize,
or another activity cannot be conditioned upon the child disclosing more personal
information than is reasonably necessary to participate in such activity.
Return to Media Law Home Page