news  |  Ruling on Employee's Personal E-Mails

NEW JERSEY SUPREME COURT RULES AGAINST EMPLOYER FOR SNOOPING EMPLOYEE'S PERSONAL E-MAILS ON COMPANY COMPUTER

One of the biggest sources of tension for today's employers is balancing employee privacy rights against the legitimate rights and obligations of the employer to control its electronic workplace, including its equipment, servers and data.  Employers as a necessity must control the information that passes through servers and is maintained on databases.  Employers likewise must protect against external security threats such as viruses or hacking and identity theft.  Employers must safeguard confidential and proprietary information against competitive theft or improper use or disclosure.  And they are responsible for ensuring that employees do not violate internal policies by using the electronic systems to engage in harassment, discrimination or violate the law.  To manage their burdens and responsibilities, employers often enact electronic use policies notifying their employees that the company's e-mail systems and computers are for business use only and to notify them not to expect privacy when they use the company's systems.

On March 30, 2010, the New Jersey Supreme Court in Stengart v. Loving Care Agency, Inc. analyzed how broad an employer's policies may reach.  Stengart addressed the privacy rights of an employee's e-mails sent and received over an employer's electronic mail server, but not using the employer's e-mail account.  Like many employers, Loving Care had an electronic use policy that warned employees that use of the company's computers was for business purposes.  Loving Care's policy warned that the company had full access to "all matters on the company's media systems and services at any time."  And Loving Care advised its employees that any Internet communications or e-mails are the company's business records and "are not to be considered private or personal."  But the policy also stated that "occasional personal use is permitted."
Stengart was issued a company laptop from which she could access the Internet through Loving Care's server.  Stengart used the company laptop to access her personal, password-protected Yahoo account to communicate with her attorney about difficulties she was experiencing at work.  Stengart did not save the e-mails to her hard drive and did not save her password information on the computer.  Unbeknownst to Stengart, the e-mails were saved in the laptop's temporary Internet cache. 

Stengart eventually resigned and then filed a Complaint alleging discrimination.  Loving Care hired forensic computer experts to recover all the files that were saved on the hard drive of Stengart's company laptop.  Included in these files were seven or eight e-mails that Stengart and her attorney exchanged using Stengart's personal e-mail account.  At the bottom of the e-mails sent by Stengart's attorney appeared a warning to readers that the content of the e-mail may be a "privileged and confidential" communication and was "intended only for the personal and confidential use of the designated recipient" of the e-mail.  Nonetheless, Loving Care and its counsel reviewed the e-mails and did not advise Stengart of their existence until discovery.  Stengart's attorney demanded return of the e-mails and sought to disqualify Loving Care's attorneys.

The New Jersey Supreme Court held that Stengart had a reasonable expectation of privacy in the e-mails that she sent using her own, password-protected e-mail account, even though she used the company's laptop and Internet server.  In reaching this conclusion, the Court looked at the Restatement of Tort's "Intrusion into Seclusion" to shape the discussion of the employee's privacy expectations:  would the intrusion "be highly offensive to the ordinary reasonable man, as the result of conduct to which the reasonable man would strongly object?"  The Court also looked at privacy interests underlying Fourth Amendment "search and seizure" decisions noting, however, that the public policy underlying Fourth Amendment cases is quite different.  Ultimately, the Court declared that the analysis of an employee's privacy expectations must be made on a case-by-case basis.

Strongly impacting the Court's decision was Loving Care's ambiguous electronic use policy, which did not directly notify the employee that personal e-mail accounts were subject to review.  And permitting occasional "personal use" may have created an expectation of privacy for these personal uses.  Lastly, the Supreme Court held that the attorney-client privilege is sufficiently important to outweigh the employer's countervailing interests.  Interestingly, the Supreme Court admonished that businesses continue to have a legitimate interest in protecting their technological assets, although the interest has its limits:

Our conclusion that Stengart had an expectation of privacy in e-mails with her lawyer does not mean that employers cannot monitor or regulate the use of workplace computers. Companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies. And employers can enforce such policies. They may discipline employees and, when appropriate, terminate them, for violating proper workplace rules. … Because of the important public policy concerns underlying the attorney-client privilege, even a more clearly written company manual -- that is, a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee's attorney-client communications, if accessed on a personal, password-protected e-mail account using the company's computer system -- would not be enforceable.

Stengart is an important case for employers because it legitimizes an employer's use of an appropriate electronic usage policy as well as monitoring and regulation of workplace computers.  It serves as an important reminder that there are limits on these policies, however, and that employees may have reasonable expectations of privacy notwithstanding the use of company equipment.  As such, we urge employers to re-evaluate their internal electronic use policies in light of this decision.  We can assist you with this review and in creating a policy that is practical, legally compliant, and workable for your business.  Please call us at (908) 735-2377 or contact us online.

back to list