Olivia is the CEO for “Freedom Enterprises,” a financial services conglomerate with over 10 billion in assets. Among Freedom’s primary businesses are banking, health insurance and property and casualty insurance. Olivia comes to your office seeking counsel relative to certain events that have transpired over the past few months at Freedom.
Freedom recently fired an employee over an email that was intercepted by Freedom’s Information Security Team. Freedom has a written policy that states that it does not monitor employee email or internet usage. Although all employees are provided with a company email address, the email in question was sent through the employee’s personal Yahoo account to an unidentified third party. The employee accessed his personal email through a company issued laptop via the company’s internet service provider.
The email stated the following:
To: “Mr. X” MrX147852@xmail.com
From: “Alex Young” email@example.com
Hey X, nice meeting with you yesterday. To follow up on our conversation, I have managed to find the information you were requesting:
1. I attached a file listing all policyholders living in New Tudor. The document lists all policyholders by first initial and last name, address, policy number and phone number.
2. I attached a second file, which lists 30,000 Social Security Numbers. As we discussed, we will split the money after you sell them. What did he agree to? $1 per SSN? I can also confirm that on 5/1/2018, Freedom disclosed the attached 30,000 SSNs to “System F Industries.” Our regulators are sniffing around this a bit but I wouldn’t worry about it because our Board of Directors ran it though our outside counsel before signing off on it.
3. Stop worrying! Our Human Resources and Information Security Team is a pretty incompetent group. There is no way they read any emails that employees send. They don’t check to see if we wear our badges. They don’t even have a written information security policy! I have done deals like this many times so don’t be worried, I have everything under control. In fact, many of our employees have a little “side business” going on with all the data we keep. It is obviously very profitable. We need it with the lousy salaries we get here anyway.
4. I was told by Freedom’s Senior Vice President to hack into the IRS’s database and uncover their algorithm for determining which businesses to audit. I just cracked it yesterday and I am sending it to you first. I am sure this will be very valuable on the market. As discussed, we will split the profits once it is sold.
Senior Regulatory Analyst
Olivia is obviously concerned with what liability or sanctions may be imposed on Freedom. Your supervising attorney asks you to prepare a memo discussing all potential privacy-related issues in Freedom’s case. Please advise your supervising attorney on the likely outcome of each issue, and cite appropriate authorities.