• LinkedIn
  • YouTube
  • Twitter
  • Facebook
  • Google+

Confidentiality depends on good e-mail policy

by on
in HR Management,Human Resources

Employers that don’t enforce reasonable e-mail and computer-access policies—consider yourselves warned.

Without such policies and practices, you won’t be able to use the federal Computer Fraud and Abuse Act (CFAA) to punish employees who send information through your system to other persons or computers.

Recent case:
Christopher Brekka worked in marketing for a residential treatment facility. He also ran two separate businesses on the side that competed with his employer.

While working for the facility, Brekka e-mailed some files to his personal e-mail account and also to his wife. He then downloaded the attached files to his personal computer and eventually used the information to further his own business.

After he left the company, the IT staff discovered that the files Brekka had e-mailed to himself and his wife contained confidential company information. The company then sued Brekka for accessing company computers without authority, which is illegal under the CFAA.

But the company didn’t have a confidentiality rule or rules covering e-mail, so the court said Brekka hadn’t broken the law. The court said that sending the e-mails wasn’t unauthorized since employees weren’t restricted in how they used the e-mail system, and Brekka had permission to access the files. It didn’t matter that he might have used the information he sent to himself and his wife to further his competing business. (LVR Holdings v. Brekka, No. 07-17116, 9th Cir., 2009)

Final note: A good e-mail and computer access policy should specify that any information accessed is confidential and must only be used to further the employer’s business or goals. Warn employees not to send information to their personal e-mail accounts or others without a valid business reason.

Leave a Comment