Blog | Faruki PLL

Split of Authorities Continues to Develop Regarding Protection of Electronically Stored Information

Written by Jeff DeBeer | December 5, 2012

The South Carolina Supreme Court recently handed down a decision involving access to emails that are in "electronic storage."  Jennings v. Jennings, 2012 S.C. LEXIS 204 (S.C. 2012).  In Jennings, the plaintiff sued his daughter-in-law after she hacked into his private email account.  The plaintiff claimed that his daughter-in-law's actions violated, among other laws, the Federal Stored Communications Act ("SCA"), 18 U.S.C. §§ 2701-12 (2006).

The SCA punishes those who intentionally access, without authorization, "a facility through which an electronic service is provided," and thereby obtain "access to a wire or electronic communication while it is in electronic storage . . . ."  The SCA defines "electronic storage" as "any temporary, intermediate storage" and as any storage used "for purposes of backup protection."  In other words, the SCA punishes those who hack into and access another's email that is being stored (1) temporarily and intermediately or (2) for backup protection.  (Note, however, that a minority of courts require that the electronic communication be stored temporarily, intermediately, and for purposes of backup protection.  Courts refer to this as the "traditional interpretation" of § 2510(17).)

The South Carolina Supreme Court held that under the plain language of the SCA, the plaintiff was not storing the hacked emails for purposes of backup protection.  The Court held that the word "backup" necessitates that there be multiple copies of the email in question, and one copy must exist to serve as a backup for the other.  In Jennings, however, the plaintiff left single copies of his email on a Yahoo! server.  He did not download the hacked emails or save copies in a separate location.

To the extent other jurisdictions follow the Jennings court's lead, the decision may mean that businesses and their employees could lose valuable protection over their electronic data.  Further, the Court's decision creates confusion because it conflicts with caselaw from other jurisdictions.  Some courts hold that if a person receives, reads, and then leaves an email on a server instead of deleting the email, then it is stored for backup purposes under the SCA.  Theofel v. Farey-Jones, 359 F.3d 1066 (9th Cir. 2004); United States v. Weaver, 636 F. Supp. 2D 769 (C.D. Ill. 2009) (limiting Theofel's scope).

In Theofel, a case from the Ninth Circuit, a business litigant subpoenaed its opponent's internet service provider for all emails the opponent, and its employees, had ever written.  The internet service provider complied with the subpoena as best it could.  Upon discovering the subpoena, several of the opponent's employees sued the business litigant, claiming that it had violated the SCA.  The Theofel court held that emails the employees had received, read, and then left on the server were stored for purposes of backup protection under the SCA.

In Weaver, a federal court in Illinois considered whether the government's subpoena of a defendant's Hotmail emails violated the SCA.  In its decision, the Weaver court limited Theofel's holding to email systems that download messages from an internet service provider onto a computer.  Further, Weaver held that emails stored in the service provider's cloud are not electronically stored for backup purposes under the SCA.

Given the disparate views on the correct interpretation of the SCA, businesses must carefully review their data retention policies to ensure sufficient safeguards are in place to prevent unauthorized access to electronic data and, if such access occurs, to maintain protections afforded by the SCA.  This may include utilizing email systems such as Microsoft Outlook, which downloads copies of messages onto personal computers.  Jennings, 2012 S.C. LEXIS at *14 (Toal, C.J., concurring).  If, however, businesses leave their opened and read emails only in a service provider’s cloud, jurisdictions adopting Jennings will find that these emails are not being stored for backup protection and, therefore, are not protected by the SCA.