We have written before about cases involving disputes between employers and employees over work-related social media accounts, but a new case out of Arizona federal court raises issues that appear to be unlike those we have addressed previously.
In Castle Megastore Group, Inc. v. Wilson, plaintiff Castle Megastore Group (CMG), a retailer of novelty and adult-themed merchandise, brought suit against three former employees for various causes of action related to the employees’ alleged misuse of CMG’s confidential information. Among its allegations, CMG claimed that one of the defendants, Michael Flynn, uploaded a video of a confidential CMG managers’ meeting to Flynn’s private Vimeo account and shared access to this video with the other two defendants (who had both been fired from CMG prior to the sharing of the video). CMG also alleged that Flynn, after having been fired, changed the username and password of the Facebook page he created for CMG while employed as CMG’s Social Media Specialist.
CMG appears to have brought its social media-related claims solely under the Stored Communications Act (SCA), a federal statute that provides for a cause of action against anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided; or intentionally exceeds an authorization to access that facility, and thereby obtains . . . access to a wire or electronic communication while it is in electronic storage in such system.”
The SCA protects individuals’ privacy in their electronic communications by making it criminally punishable for hackers and other unauthorized individuals to obtain, alter or destroy such communications. The statute, however, also provides relief to aggrieved parties in civil causes of action. The SCA has, for instance, been invoked by employees whose employers have improperly accessed, and read messages from, the employees’ private email accounts.
CMG alleged that Flynn violated the SCA when he posted the managers’ meeting on his Vimeo account and when he shared access to the site with the other two defendants. CMG also alleged that the other two defendants violated the SCA when they accessed the posted video.
In its ruling on the defendants’ motions to dismiss, however, the court found that, while Vimeo might be an “electronic communication service” within the meaning of the SCA, CMG failed to allege that Flynn lacked authority to authorize others to view his Vimeo account, a required element for SCA liability. Accordingly, CMG failed to state a claim that the two former employees with whom Flynn shared access to the video violated the SCA. Further, while CMG alleged that Flynn was not authorized to have or to share the video, it did not allege that Flynn obtained the video through unauthorized access of an electronic communication service—also necessary to state a claim under the SCA. The court therefore dismissed CMG’s SCA claims related to the uploading and accessing of the managers’ meeting video.
Regarding Flynn’s alleged changing of the Facebook account password, the court held that CMG failed to allege facts about the company’s use of the Facebook page from which the court could conclude that the page was an electronic communication service under the SCA. The court therefore dismissed the claim, finding that “[t]he threadbare statement that Flynn changed the Facebook password . . . does not state a claim under the SCA.”
With the dismissal of the plaintiff’s SCA claims (the only federal law claims brought in the action), the court declined to exercise supplemental jurisdiction over the remaining state law claims, and granted the defendants’ motions to dismiss the action. In dismissing the case, however, the court granted CMG leave to file an amended complaint. Will CMG be able to re-state its SCA claims so as to address the court’s concerns? Stay tuned.