Companies are relying on technology more than ever to turn a profit. Often, that means issuing electronic devices to employees. The primary function of these items is work related, but employers recognize the value in allowing employees to sync this technology to personal email accounts.
This permission allows the employee to be able to check both personal and business emails from the same device, but what happens when the employee is no longer working for the company? Typically, the device is returned to the business, ideally with the employee’s personal information effectively wiped from the memory.
The dangers associated with not completely deleting personal information were highlighted in a recent civil lawsuit. Verizon employee Sandi Lazette received a Blackberry for work related use. She received permission to sync her personal gmail account with the device. Upon deciding to leave Verizon, Lazette attempted to delete her personal email account from the Blackberry. Believing she had succeeded in deleting the account, Lazette returned it to Verizon.
However, Lazette’s attempt to delete her email account had not worked, a fact which was quickly discovered by her former supervisor. In the complaint, Lazette alleged that her former supervisor accessed and read 48,000 of her personal emails over the next year and a half. The emails contained sensitive personal information about Lazette’s health, finances and private family matters.
When Lazette discovered the breach, she sued both Verizon and her supervisor. She claimed invasion of privacy and repeated violations of the Stored Communications Act. The court ultimately found in favor of the plaintiff, denying Verizon’s claims that Lazette’s failure to delete the email account from the Blackberry essentially provided her supervisor with tacit permission to review her emails. Most importantly, the court found that Lazette had never intentially given Verizon or her supervisor access to her emails.
This litigation, and similar cases, highlight how important it is for employees to protect their personal information and for employers to have policies that stipulate a thorough review of all electronic devices and deletion of personal accounts before redistributing devices to other employees.