Employer's Electronic Communications Policy Did Not Allow Company to Review Employee's E-mail Exchange with Her Attorney

Update August 2009: The New Jersey Supreme Court has granted review to the case discussed below. Littler will monitor developments.

In a case of potentially great significance to all employers with electronic communications policies, the New Jersey Appellate Division recently held in Stengart v. Loving Care Agency, Inc. (No. A-3506-08T1, June 26, 2009), that an employer was not entitled to read e-mails exchanged between an employee and her attorneys through her Yahoo! account, even though the emails were stored on the employee's company-issued laptop. The court relied principally on confusion over whether the employee had received the employer's computer use policy and on ambiguities in the policy. However, the court went on to hold that even if the policy had satisfied all of the court's concerns, the policy still would not have justified the employer's action. The court went even further to suggest that, in most circumstances, employers cannot rely upon an electronic resources policy to justify reviewing the content of employees' personal e-mail stored on the employer's electronic resources.

This decision, which is binding in New Jersey, appears to represent a significant change in the law regarding policies typically in place in companies around the country. The decision appears to be the first from an appellate court to hold that personal e-mails exchanged with an attorney stored on an employer's computers attached to the company's network retain their privilege. Moreover, the court's broader, non-binding pronouncements represent a sharp break from a large body of precedent holding that an employer's policy statements defeat an employee's privacy expectations with respect to both business and personal email stored on company equipment.

Although many aspects of the decision arguably are dicta (i.e., opinions of the court which go beyond the facts of the case and may not be binding), its broad sweep creates significant uncertainty in an area that once was considered settled law. As a result, employers should treat the decision as a warning that other courts may carefully scrutinize, narrowly interpret, and give reduced weight to electronic communications policies used to justify an employer's regulation of communications stored on corporate equipment. Employers with such policies would be well advised to review them carefully and revise them promptly in light of this decision.

Factual Background and Proceedings in the Trial Court

Before Marina Stengart resigned as the Executive Director of Nursing at Loving Care Agency, Inc., she sent her attorney a series of e-mails from the laptop that her employer had provided. Stengart had a company e-mail account, but she communicated with her attorney about her anticipated sexual harassment lawsuit through her personal, web-based, password-protected Yahoo! e-mail account.

After Stengart filed a discrimination action, the employer's computer forensic expert took the common step of creating a mirror image of Stengart's company-issued laptop and searching the image for potentially useful evidence. That search recovered numerous e-mail communications between Stengart and her attorney. Loving Care's attorneys received and reviewed the emails, but they did not advise Stengart's counsel about these e-mails until they produced them to Stengart during discovery.

Stengart demanded the immediate return of all similar correspondence. When Loving Care refused, Stengart sought emergency relief, including return of the emails and disqualification of Love Care's counsel. The trial judge denied the request, holding that the e-mails were not protected by the attorney-client privilege because the company's electronic communications policy properly notified Stengart that any e-mails that she sent or received on her company laptop would be treated as company property, effectively waiving her right to claim privilege.

The Appellate Court's Ruling

The Appellate Division reversed this decision and held that even if the employer had reserved a right to search Stengart's company-owned laptop after her employment ended, which it did not, messages exchanged through her personal email account were protected by the attorney-client privilege. Ruling that the lower court had improperly denied Stengart's request for return of the e-mails, the appellate court granted Stengart's request and remanded the matter for a hearing to determine possible sanctions against the employer, including the disqualification of its counsel.

The Employer's Policy Did Not Support Its Actions

The appellate court began by confronting two key factual questions, namely, whether the company had proven that it had adopted the policy at issue, and whether Stengart had received, or was aware of the policy, a task made more complicated by the several versions of the policy presented to the court. This aspect of the decision reinforces the importance of complete documentation of company policies and of employees' receipt of those rules. Arguably, the court could and should have stopped there, and let the lower court address the factual dispute by way of a hearing.

Instead, the court ruled that even if Stengart had received the employer's policy, the policy failed to warn employees that Loving Care might read e-mails sent through a personal e-mail account. Specifically, the policy, which provided that "[t]he company reserves the right to review, audit, intercept, access, and disclose all matters on the company's media systems and services at any time, with or without notice," did not explain the breadth of the policy's scope to the satisfaction of the court largely because the policy did not define what was meant by "the company's media systems." Further, the court held that the policy's statements that e-mail and voicemail messages, Internet use and communication are considered "part of the company's business and client records" and not "private and personal to any individual employee" conflicted with the provision in the policy that "[o]ccasional personal use is permitted." As a result, the court held that when reading all of the policy's provisions together, an objective reader could believe that personal e-mails sent through a third-party provider, such as Yahoo! or Gmail, would not become company property when they were sent via a company computer.1

Even an Adequately Drafted Policy Would Not Defeat the Privilege

The court continued its analysis by assuming for the sake of argument that Loving Care's policy had adequately informed Stengart that the company owned all email stored on its computer equipment, and that the company would, or retained the right to read such email, including communications exchanged between Stengart and her attorney through her personal email account. After construing New Jersey case law as holding that a court could enforce only those employer policies which "reasonably further the legitimate business interests of the employer," the court ruled that the posited policy could not be relied upon to defeat the attorney-client privilege because the policy "furthers no legitimate business interest." The court based this conclusion on the following proposition, which is central to the court's decision:

When an employee, at work, engages in personal communications via a company computer, the company's interest ... is not in the content of those communications; the company's legitimate interest is in the fact that the employee is engaging in business other than the company's business. Certainly, an employer may monitor whether an employee is distracted from the employer's business and may take disciplinary action if an employee engages in personal matters during work hours; that right to discipline or terminate, however, does not extend to the confiscation of the employee's personal communications.

In other words, according to the court, employers generally should not be permitted to rely upon a policy in a handbook stating that they own all communications stored on their systems and that such communications are not private to justify reviewing the content of an employee's non-business email. Rather, an employer could justifiably review the content of personal email only when such review is necessary to advance the employer's legitimate business interests, such as to determine whether the employee has violated an employment policy by, for example, sending harassing or sexually offensive messages or providing assistance to a business rival. The court did not explain why an employee's communications with counsel concerning a possible lawsuit against the company would not be considered adverse to the company's legitimate business interests.

Applying this analysis to the facts before it, the court concluded that Loving Care had no legitimate interest in reading Stengart's email communications with her attorney, even through the exchanges concerned a potential lawsuit against Loving Care. Consequently, Loving Care's electronic resources policy could not serve as a basis for finding that Stengart had waived the privilege.

With that decision made, the court went on to hold that Loving Care's counsel should not have read the e-mails at issue. Instead, the court ruled, counsel had the affirmative obligation to stop reading any document that it had reasonable cause to believe might contain privileged information, notify its adversary, and allow the court to adjudicate whether Loving Care's counsel had the right to retain and make use of the e-mails. The court remanded the case for a hearing to determine whether counsel should be disqualified, or whether other sanctions should be imposed. The court ordered the return of the disputed emails and their deletion from the computer hard drives upon which they were stored.

A Recommended Response to the Stengart Decision

The Stengart decision remains subject to possible review, on either an interlocutory or final basis, so it is not clear that it will continue to remain the law in New Jersey. Whether courts in other jurisdictions, which are not bound by the decision, will follow its reasoning is also unpredictable. Nonetheless, employers in New Jersey cannot ignore the decision because its holding currently is binding precedent for New Jersey trial courts. Employers in other jurisdictions should expect that the case will be cited frequently by employees' attorneys, and it may well prompt courts outside of New Jersey at least to scrutinize more carefully than ever before the language of employers' electronic communications policies.

There are several steps that employers should take in light of this decision. First, they should confirm that they have adopted a single electronic resources policy and that every employee has executed an acknowledgement of receipt and comprehension of that policy.

Next, the policy should unambiguously identify the resources that it covers. For instance, a policy should explain that it encompasses all company-issued equipment comprising the employer's communications network, including laptops, desktops, servers, BlackBerries, printers, PDAs and cell phones, as well as all electronic communications and files, including e-mails, instant messages, and text messages, stored on, or transmitted by or through, any of the employer's equipment or through its network, regardless of whether employees use a third-party service provider to convey the message.

As part of that policy, employers should inform employees that the employer will, in its discretion, review any communication or files stored on any company-owned device, whether or not the communication concerns the employer's business, either during or after the end of the employee's tenure. Critically, the policy should expressly advise employees that the employer's monitoring may encompass any communication or other information stored on its electronic resources regardless of whether a personal email or text message account facilitated the transmission.

Employers should prohibit employees from using personal accounts to conduct any company business and should consider going one step further and prohibit employees from accessing accounts at personal, third-party service providers using company electronic resources. Such a policy could be enforced using blocking software. At the same time, however, employers need to be mindful that such a policy could generate employee disgruntlement and might well be honored only in the breach. Finally, employees should be told that they have no expectation of privacy in any business or personal communications transmitted through or stored on corporate electronic resources, including but not limited to any communications with a personal attorney or for any other purpose adverse to the company's business, including after the termination of their employment..

The Stengart court took issue with Loving Care's policy provision that "[o]ccasional personal use is permitted" because the employer never explained when such use was allowed. To address this concern, employers should advise employees that incidental personal use of company computer equipment or its network is permitted only during rest, breaks, meal periods or before and after shifts. In addition, the policy should unambiguously state that any such personal use is not private and is subject to all of the provisions of the electronic resources policy.

Even New Jersey employers whichtake all of these precautions should recognize that they may still face a ruling that employees' communications with personal counsel are privileged despite the policy. Therefore, New Jersey employers reviewing their employees' e-mails should be advised that they need to be careful about turning over to their counsel any recovered communications between an employee and his/her attorney. Of course, an employee who violates a rule prohibiting use of the employer's resources to communicate with personal counsel runs the risk of termination or exposure to an after-acquired evidence defense, which would limit back-pay damages in a wrongful termination action.

Employers cannot predict how courts will react to this new and potentially far-reaching decision. Nonetheless, employers should review their electronic resources policies ? both in terms of how they are distributed and how clearly they are written ? to make sure their policy places them in the strongest position when monitoring communications stored on their equipment.

1 Interestingly, Section III of the New Jersey Judiciary Information Technology Security Policy contains similar language and would appear to be vulnerable to challenge under the decision in Stengart.

Philip L. Gordon is a Shareholder in Littler Mendelson's Denver office. Eric A. Savage is a Shareholder and Paul H. Mazer is an Associate in Littler Mendelson's Newark office. If you would like further information, please contact your Littler attorney at 1.888.Littler, info@littler.com, Mr. Gordon at pgordon@littler.com, Mr. Savage at esavage@littler.com, or Mr. Mazer at pmazer@littler.com.

Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.