Employer E-Mail Policy Creates Privacy Rights

internet-privacy

As an employer, we may assume that because we own the computer equipment, that includes any data left on there by our current or former employees. Thus, if an employee wants to use company time or our equipment for personal e-mail, then they do so at their own peril.  If we’re not careful, however, we may be wrong.

Whether an employee working in New Jersey has an expectation of privacy in e-mails sent during working hours and whether the employer can read those e-mails –will depend on the policies that the company establishes, particularly those in writing, and its actual practices.To be safe, the policy should be clear and it should be in writing.

The New Jersey Supreme Court recently held that an employee had a reasonable expectation of privacy in workplace e-mails sent to her attorney through a web-based personal e-mail account, but using a company computer, largely because the company was less than clear about its policy.  Stengart v. Loving Care Agency, Inc., 201 N.J. 300 (N.J. 2010).  (copy of opinion here). In Stengart, employee Marina Stengart’s e-mails sent to and received by her attorney on her work laptop were viewed by her former employer, Loving Care Agency, whom she was then suing for employment discrimination. The e-mails were discovered by her attorneys when her laptop was examined by an expert during the litigation.

 

Reasonable Expectation of Privacy in a Workplace

Loving Care’s attorneys read the e-mails and did not follow normal procedures by notifying opposing counsel of their access to confidential communications. Instead they assumed that the attorney-client privilege was waived by Stengart due to the combination of her use of a company computer and the existence of Loving Care’s Electronic Communication Policy (which stated that the company reserves the right to access all communications conducted on the company’s server).  The Supreme Court of New Jersey rejected these arguments, finding in favor of Stengart.

In upholding the employee’s privacy rights, the Court found that Loving Care’s online privacy policy was unclear because it did not address the monitoring of messages sent on a personal, web-based e-mail, nor did it warn employees that contents of such e-mail would be stored on a hard drive that can be later retrieved.  The court also noted, using a bifurcated subjective/objective reasonability standard derived from Fourth Amendment and common law privacy jurisprudence, that Stengart’s expectation of privacy in her attorney-client communications, which also pertains to e-mails, was subjectively reasonable.  Stengart took steps to protect the privacy of those emails and shield them from her employer (using a personal password protected e-mail and did not save the passwords on her computer).

Stengart’s expectation of privacy was also objectively reasonable, the court held, since the company communications policy did not address the use of personal, web-based e-mail accounts accessed through a company computer. This, coupled with the fact that all attorney-client communications bore a warning that the e-mails are personal, confidential, and may be attorney-client communications, proved to the court that there was an objectively valid expectation of privacy that vested with Stengart.

Clarity is Key

The court noted that in order to waive the attorney-client privilege in her communications with her attorney, she must “without coercion and with knowledge of [her] right of privilege, [make a] disclosure of any part of the privileged matter or consent[] to such a disclosure.” Stengart did not waive her attorney-client privilege of confidentiality because she never knowingly made a waiver, but rather took a proactive stance on keeping such communications private.

Employers should be clear.  If they want to prohibit personal e-mail accounts from being accessed from company equipment, they should do so in a way that cannot be misunderstood.  Of course, as a litigation attorney, there is another lesson here.  Before you go fishing around on an employee’s computer, find out exactly what the employer’s policy was. The attorneys who read the e-mail communications without doing so – or warning the other side that they planned to do so – brought consequences on themselves and their client.

Contact Information