Employee's E-Mails to Attorney Are Private Says New Jersey Supreme Court
In the modern workplace, for example, occasional, personal use
of the Internet is commonplace. Yet that simple act can raise
complex issues about an employer's monitoring of the workplace
and an employee's reasonable expectation of privacy.
- Stengart v. Loving Care Agency, Inc., – A.2d. –, 2010 N.J. LEXIS
241 (N.J. March 30, 2010)
In Stengart, the New Jersey Supreme Court held that an employee had a reasonable expectation of privacy in e-mails sent on her work computer.
In this case Ms. Stengart's employer provided her with a laptop computer to conduct company business. From that computer, she could send e-mails from her business e-mail account and could also access the Internet, including her personal e-mail account on the Yahoo website. After Ms. Stengart left her job and filed a wrongful discharge claim, the employer used browser software that had saved web pages she had viewed from the laptop computer—including pages showing e-mails exchanged with her personal attorney.
The court's tightly reasoned decision rested on several key factors including:
- The employer's internet-computer policy (which permitted "occasional personal use" of e-mail)
- The fact that e-mails at issue were sent to and from the employee's personal Yahoo account (not the employer's e-mail system); and
- The fact that those e-mails were exchanged with the employee's personal attorney.
As a result, the court concluded that Ms. Stengart had a subjectively and objectively reasonable expectation of privacy in e-mails exchanged with her attorney. The Court's analysis of those factors is instructive for employers generally.
Electronic Communications Policy
The Court first evaluated whether and how the employer's Electronic Communications Policy affected the employee's reasonable expectation of privacy. The policy declared that the employer had the right to review and access "all matters on the company's media systems and services at any time" and that e-mail messages are "considered part of the company's business."
But, that wasn't clear enough. The court found that the policy did not clearly apply to "personal, password-protected, web-based e-mail accounts," and did not expressly advise that such accounts would be monitored. Further ambiguity resulted from seemingly inconsistent statements in the policy that, on the one hand, e-mails "are not to be considered private or personal to any individual employee," and, on the other, "occasional personal use [of e-mail] is permitted." Although the employer intended to confirm its right to access employee e-mails sent from the company's computers, the loose drafting of the policy failed to accomplish that goal.
Company vs. Internet E-mail System
The New Jersey Supreme Court's opinion also explains that an employee typically has a reduced expectation of privacy for e-mails sent and received by the employer's e-mail system, as opposed to the privacy interest that attaches when using a personal e-mail account. The fact that Ms. Stengart used a password for her personal e-mail account and did not store that password on her work computer also strengthened her claim to privacy. On a related note, the court opined that e-mails sent from a desktop computer in the workplace that went through the company's server may be entitled to less protecttion than e-mails sent from a laptop computer or a computer located in an employee's home office.
While attorney-client communications may not be commonplace for most employers or most employees, the attorney-client privilege weighed heavily in the Court's analysis. The e-mails sent by Ms. Stengart's attorney contained a standard warning that the contents were private and protected by the attorney-client privilege, a fact that increased the employee's reasonable expectation of privacy. Indeed, the Court noted in dicta that – even if an employer's policy banned all personal electronic communications and provided unequivocal notice that the employer would review and read attorney-client communications – that policy would not be enforceable because of the important public policy concerns underlying the attorney-client privilege.
In the final analysis, this was not a close call for the New Jersey court: Ms Stengart had a reasonable expectation of privacy that protected attorney-client communications sent from a work computer by means of her password-protected Yahoo e-mail account. The Court's fact-specific analysis and careful distinctions demonstrate that lines between the private and the public, or the personal and the professional, are not well-defined, and may well vary depending on the particular facts and circumstances of each case.
The Stengart decision provides some useful guidance for employers and their counsel:
- Employers should adopt explicit, specific and defined policies if they seek to monitor and control employee computer usage and Internet access. Employers should carefully define what is and is not company property and which websites and content will be monitored.
- Employers may wish to expressly recognize employee privacy rights in e-mail accounts. Unlike websites that bring hate speech, pornography or other inappropriate content into the workplace, internet-based e-mail generally will not adversely affect the workplace and thus, the employer would have no work-related need to monitor employees' personal e-mail accounts. Exceptions, however, might arise from use of personal e-mail accounts to conduct company business or use that threatens to injure the business through dissemination of trade secrets or defamatory or misleading statements. Policies can be drafted to prohibit those communications and to advise that the company may monitor personal e-mail accounts if it has cause to believe they are being used for these reasons.
- Employers should take extreme caution if they obtain an employee's communications with counsel. The employer should refrain from reading such e-mails unless it obtains permission from the employee's attorney or from a court.
- Employees who work in California likely enjoy even greater privacy protection that the common-law sources of privacy on which Stengart relied. The Privacy Clause of Article I, Section 1 of the California Constitution applies to both government and private employers, and likely confers a greater expectations of privacy.