Information contained in this publication is intended for informational purposes only and does not constitute legal advice or opinion, nor is it a substitute for the professional judgment of an attorney.
In a case with significant implications for all employers, the New Jersey Supreme Court ruled earlier this week that Marina Stengart, a former executive employee of Loving Care Agency, had a reasonable expectation of privacy in e-mail exchanged with her personal attorney through a personal, web-based e-mail account even though those communications were stored on a company-issued laptop. However, rather than limiting its decision to the facts of the case, that court went further, broadly stating that even “a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employees’ attorney-client communications . .. would not be enforceable.” In other words, New Jersey employers cannot properly read their employee’s e-mail exchanges with a personal attorney stored on company equipment — no matter what the employer tells its employees in its electronic resources policy.
Stengart also is significant because it illustrates the circumstances in which a court might find that an employee reasonably could expect privacy in e-mail stored on the employer’s electronic resources. To begin with, the New Jersey Supreme Court relied heavily on Stengart’s efforts to shield her e-mail from Loving Care. She used a private, personal, password-protected, web-based e-mail account, rather than the company’s e-mail server, and she did not save the user ID or password for that account on company-issued equipment. In addition, the New Jersey Supreme Court cited Stengart’s affidavit testimony in the trial court that she did not know that a duplicate of e-mail transmitted through a personal e-mail account would be saved in a temporary file on the company-issued laptop used to transmit the e-mail or that a computer forensic expert (like the one hired by Loving Care) could retrieve the messages. Finally, the court emphasized that reasonable privacy expectations customarily inhere in attorney-client communications (as opposed to communications that are unlawful or otherwise violate company policy), quoting in full the confidentiality notice contained in all e-mails sent by Stengart’s lawyer.
Loving Care’s electronic resources policy only weakened the company’s position. The court noted that the policy did not even mention personal e-mail accounts, let alone notify Stengart of Loving Care’s ability to retrieve from company-issued equipment e-mail transmitted through a personal e-mail account.
Although Stengart is binding only on employers doing business in New Jersey, the court’s ruling and analysis, apparently the first from any state supreme court, likely will influence other courts addressing similar circumstances. Consequently, it is critical that employers located anywhere in the United States understand the limits of the New Jersey Supreme Court’s decision:
- The case does not change the commonly accepted principle that employers can use a well-crafted policy to reduce employee’s privacy expectations in communications stored on, or transmitted through, corporate electronic resources;
- The court did not establish that employees have a right, as a matter of public policy, to use corporate electronic resources to communicate with a personal attorney;
- The court itself acknowledged that employers can discipline employees for violating an electronic resources policy even if the violation is constituted by the employee’s communication with a personal attorney, albeit New Jersey employers cannot properly read the content of employee-attorney communications on which the discipline is based., It remains unclear if the decision means that other types of communications normally subject to privilege, such as with a doctor, clergy member or spouse, are also protected;
- The court repeatedly emphasized the attorney-client nature of the communication and did not suggest that its finding of Stengart’s reasonable expectation of privacy would have been the same had Stengart been exchanging e-mail with a non-lawyer;
- While the court found that Stengart had a reasonable expectation of privacy in her e-mail, it did not suggest that Stengart had a viable claim against Loving Care for invasion of privacy, which would require a showing that the employer’s review of the e-mail would be highly offensive to a reasonable person.
In short, the decision does not create a dystopia for employers in which employees can engage in unrestrained personal, e-mail use of corporate electronic resources, through either a corporate or personal e-mail account. The decision, nonetheless, should be a call to action for employers to revise or supplement their existing electronic resources policies as follow:
- Inform all employees that the policy applies to every employee;
- Warn employees that the company will monitor the use of employees’ electronic resources;
- Notify employees that duplicates of e-mail transmitted through a personal, web-based e-mail account using company equipment could be stored on that equipment;
- Explain that the company may, in its discretion, review all communications stored on, or transmitted by, company equipment regardless whether a personal account is used, subject to state laws regarding attorney-client communications
- Prohibit employees from using any company resources (including the telephone) to communicate with a personal attorney except with the company’s prior approval;
- Warn employees that they can be disciplined for violating the policy, including the prohibition on communications with a personal attorney using corporate electronic resources.
Significantly, employers should ensure that all employees receive, review and acknowledge receipt of the new/amended electronic resources policy. In addition, employers should establish guidelines for handling potentially privileged communications discovered on the employer’s information systems. First, IT and HR professionals should be trained in the indicators of potentially privileged communication, told not to review such communications except to the extent necessary to determine whether they might be privileged, and to promptly inform in-house or outside counsel about the discovery. Second, counsel should not review such communications except as minimally necessary to determine whether they might be privileged and, if so, follow applicable ethical rules for addressing waiver of privilege arising from the inadvertent disclosure of an attorney-client communication. Third, if the employer has implemented the policies described above, it should fully document the extent of the violation of company policy and determine whether and to what extent the employee should be disciplined.
Employers clearly have an overriding interest in preventing employees from using corporate electronic resources to plan potentially devastating litigation against the employer. Stengart does not bar employers form doing so.
For further analysis of this development, see Littler's ASAP New Jersey Supreme Court Rules that E-Mails Exchanged Between Employee and Her Attorney Using Company's Computer Remain Privileged.