New Jersey Supreme Court Rules that E-Mails Exchanged Between Employee and Her Attorney Using Company's Computer Remain Privileged
In a case with potentially nationwide implications, the New Jersey Supreme Court, in Stengart v. Loving Care Agency, Inc., ruled on March 31, 2010 that an employee had a reasonable expectation of privacy in e-mail communications with her lawyer that were sent through a private, personal web-based account, even though those communications were stored on a company-issued computer and concerned a claim against her employer.
Rather than limit its decision to the facts presented, the court broadly stated that even "a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employees' attorney-client communications . . . would not be enforceable." As a result of this decision, New Jersey employers are barred from reading their employees' e-mail exchanges with personal attorneys when stored on a company computer — regardless of whether the employer's electronic resources policy expressly grants the employer the right to do so.
It is critical that employers located anywhere in the United States, and certainly those with operations or employees in New Jersey, understand the ruling's implications.
Loving Care Agency, Inc. ("Loving Care") provided the plaintiff with a laptop computer and a work-related e-mail address. Before resigning her employment, the plaintiff used her company laptop to access a personal, password-protected e-mail account on Yahoo's website, through which she communicated with her attorney about her anticipated employment discrimination lawsuit against Loving Care.
After she filed a discrimination action, the company's attorneys, with the help of a computer forensic expert, recovered and reviewed numerous e-mails between the plaintiff and her attorney. Defense counsel disclosed their possession of these e-mails to the plaintiff's counsel only in response to written discovery requests. In rejecting a demand by the plaintiff's counsel for the immediate return of all communications between the plaintiff and her counsel, the company asserted that the attorney-client privilege either did not attach, or had been waived, because the plaintiff had no reasonable expectation of privacy in files stored on a company-owned computer in light of the company's electronic communications policy.
The trial court adopted Loving Care's position and denied the plaintiff's motion to compel return of the putatively privileged e-mail. The Appellate Division reversed, reasoning that Loving Care's policy was too ambiguous to defeat the plaintiff's privacy expectations.
The New Jersey Supreme Court's Ruling
In upholding the Appellate Division's decision, the New Jersey Supreme Court agreed that the policy was ambiguous and, thus, did not diminish the plaintiff's expectation of privacy with respect to her communications with her attorney. According to the court, the policy failed to give express notification to employees that the company had the ability and right to retrieve from company-issued equipment communications transmitted through a web-based, personal e-mail account.
While the court recognized that companies have wide latitude in adopting policies designed to protect corporate assets, reputation and productivity, it held that even a well-crafted and adequately-publicized policy, which provides zero-tolerance for personal use of a company e-mail system and which unambiguously notifies employees that the company can retrieve their communications, would be unenforceable with regard to communications between an employee and a personal attorney.
Based on (1) the legend at the bottom of the e-mails between the plaintiff and her lawyers, which contained a standard warning that their contents were personal and confidential and may constitute attorney-client communications; (2) the ambiguity of the company's policy; and (3) the plaintiff's method of transmittal, the court determined that the plaintiff's communications were privileged and confidential and not subject to the company's scrutiny or use.
Implications of Decision
It is critical to note the limits of the court's decision:
- This case does not change the commonly accepted principle that employers can use a well-crafted policy to reduce employees' privacy expectations in communications stored on, or transmitted through, corporate electronic resources.
- The court did not hold that employees have a right, as a matter of public policy, to use corporate electronic resources to communicate with a personal attorney.
- The court acknowledged that employers can discipline an employee for violating an electronic resources policy, even if the violation constitutes the employee's communication with an attorney. However, New Jersey employers cannot read the content of employee-attorney communications upon which the discipline is based. It remains unclear if communications normally subject to other types of privileges, such as with a doctor, clergy member or spouse, are also protected.
- The court repeatedly emphasized the attorney-client nature of the communications in question and did not suggest that its finding of the plaintiff's reasonable expectation of privacy would have been the same had the plaintiff been exchanging e-mail with a non-lawyer.
- While the court found that the plaintiff had a reasonable expectation of privacy in her e-mail, it did not suggest that the plaintiff had a viable claim against Loving Care for invasion of privacy, which would require a showing that the employer's review of the e-mail would be highly offensive to a reasonable person.
In short, the decision does not condone an employee's unrestrained personal, e-mail use of corporate electronic resources, through either a corporate or personal e-mail account.
In light of the court's decision in Stengart, all employers should:
- Make it clear in their electronic resources policies that employees have no reasonable expectation of privacy with respect to any communications stored on company equipment.
- Inform all employees that the company's policy applies to everyone.
- Warn employees in the policy that the company will monitor employee use of its electronic resources.
- Notify employees that duplicates of e-mail transmitted through a personal, web-based e-mail accounts using company equipment can remain stored on that equipment, and explain that the company (except in New Jersey) may, in its discretion, review all communications stored on, or transmitted by, company equipment regardless of whether a personal account is used (subject to state laws regarding attorney-client communications or other privileged communications).
- Prohibit employees from using any company resources (including telephones) to communicate with an attorney, except with the company's prior approval.
- Warn employees that they can be disciplined for violating the policy, even if their communications using corporate electronic resources were with an attorney.
- Ensure that all employees receive, review and acknowledge receipt of the electronic resources policy.
In addition, employers should establish guidelines for handling potentially privileged communications discovered on the employer's information systems. Specifically:
- IT and HR professionals should be trained on the indicators of potentially privileged communication, told not to review such communications except to the extent necessary to determine whether they might be privileged, and instructed promptly to inform in-house or outside counsel about the discovery of such communications.
- Counsel should not review such communications except as minimally necessary to determine whether they might be privileged and, if so, follow applicable ethical rules for addressing waivers of privilege arising from the inadvertent disclosure of attorney-client communication. This takes on particular importance because the court left open the possibility of sanctions, including disqualification in a pending civil action brought by the employee, if counsel reviews the emails between that employee and his/her personal attorney.
- If the employer has implemented the policies described above, it should fully document the scope of any violation of company policy and determine whether and to what extent the violating employee should be disciplined.
Phillip L. Gordon is a Shareholder in Littler Mendelson's Denver office and chairs the firm's Privacy and Data Protection Practice Group; Eric A. Savage is a Shareholder and Geida D. Sanlate is an Associate in Littler Mendelson's Newark office. If you would like further information, please contact your Littler attorney at 1.888.Littler, email@example.com, Mr. Gordon at firstname.lastname@example.org, Mr. Savage at email@example.com, or Ms. Sanlate at firstname.lastname@example.org.