The Cassation: the employer who knows passwords by virtue of company rules is not punishable
ROME – The employer can read the company e-mails of employees, without risking a criminal conviction, on one condition only: that the company has required the communication of the PC and email password to the hierarchical superior. This is what the Court of Cassation established which, with the sentence 47096, rejected the appeal presented by the Turin Public Prosecutor's Office against the acquittal pronounced by the Piedmontese Court against an employer who had read the company e-mails of an employee, who was later fired due to the contents.
THE MOTIVATIONS – In the appeal to the Supreme Court, the public prosecution complained of the assumption on which the acquittal was based, namely the relevance of the corporate ownership of the infringed means of communication. The Supreme Court did not share this thesis because in the company employees were required to «communicate the password to their immediate superior, albeit in a sealed envelope. In fact, the explanatory statement reads, article 616 of the penal code punishes "the conduct of anyone who gains knowledge of the content of a closed correspondence not addressed to him". Therefore, the College further explains, «when there is no subtraction or distraction, the conduct of someone who merely gains knowledge is punishable only if it concerns closed correspondence. Having said that, the judges of the Fifth Criminal Section further clarify, "the extension of protection also to IT or telematic correspondence is undisputed, however it must be considered that this correspondence can be qualified as closed only with respect to subjects who are not entitled to access computer systems". In short, what causes penal responsibility to fall is the legitimacy to use the computer or telematic system which can depend «not only on the ownership, but on the rules that regulate the use of the systems. And when, in particular, the telematic system is protected by a password, it must be considered that the correspondence stored therein can lawfully be known by all those who legitimately have the computer access key». And this is precisely the case: the passwords placed to protect the computers and correspondence of each employee «had to be aware of the corporate organization as well, as it was prescribed that they should be communicated, albeit in a sealed envelope, to the hierarchical superior, entitled to use it to access the computer even for the mere absence of the employee".
Corriere della Sera 19 December 2007
