Can employers read an employee’s personal e-mail composed and sent via a corporate computer, and does the employer own that e-mail? Especially if it’s an e-mail to a lawyer, which raises special questions of client-attorney privilege that invoke confidentiality?
There’s often the assumption that all e-mail that employees write on company computers is under the ownership of the company, which when storing it can read it at any time, and companies typically spell out what they consider their rights in a formal corporate policy. But in a legal case that came to it under appeal, the New Jersey Supreme Court last week decided an employee should have had an expectation of e-mail privacy and confidentiality because she used a personal Webmail account, in this case Yahoo, not the corporate e-mail system.
That decision, handed down by the Supreme Court of New Jersey, Appellate Division, reversed the lower court’s decision about the e-mail of Marina Stengart, who had filed a legal suit against her former employer, Loving Care Agency, a home-care services firm, alleging discrimination.
Stengart’s lawyers and Loving Care’s own team of lawyers had been squabbling over whether Loving Care, which had collected Stengart’s e-mail after she filed suit against the company, had to turn over to Stengart’s lawyers the half-dozen or so Webmail-based e-mails the company had managed to capture as forensic evidence.
These were e-mails Stengart had sent via her personal password-protected Yahoo account to her lawyers before her resignation; Stengart’s lawyers also wanted Loving Care’s lawyers disqualified in the case. Loving Care’s lawyers argued Stengart had no reasonable expectation of privacy in files on a company-owned computer in light of the company’s electronic communications policy.
Stengart had sent the e-mail via her Yahoo account via her work computer at the office, not her corporate e-mail account. Loving Care’s lawyers argued that Stengart “had no reasonable expectation of privacy in files on a company-owned computer in light of the company’s policies on electronic communications,” a court document states. Stengart argued she had been given no warning that e-mail sent from a personal account would be monitored or stored.
According to a court document, Loving Care Agency’s policy states the home care services firm may review, access, and disclose “all matters on the company’s media systems and services at any time,” and also stated that e-mail, Internet communications and computer files are the company’s business records and are “not to be considered private and personal” to employees. It also stated “occasional personal use is permitted.”
The trial court last year had rejected Stengart’s arguments for privacy and confidentiality of the e-mail she had sent.
But last week the justices on the Supreme Court of New Jersey in the Appellate Division reversed that in its decision, stating, “This case presents novel questions about the extent to which an employee can expect privacy and confidentiality in personal e-mails with her attorney, which she accessed on a computer belonging to her employer.”
Noting that it was rejecting the lower court’s decision, the N.J. Supreme Court judges this week stated, “We hold that, under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal account would remain private, and that sending and receiving them via a company laptop did not eliminate the attorney-client privilege that protected them.”
Although Stengart and Loving Care had been squabbling over whether she sent some of the webmail-based e-mail to her attorneys during non-work hours or not, the New Jersey Supreme Court this week said, “it is unclear, and ultimately not relevant, whether Stengart was at the office when she sent or reviewed them.”
The court also concluded that Loving Care’s law firm breached its obligations by failing to alert Stengart’s attorneys that it possessed the e-mails before reading them; the law firm may face sanctions.
The case has gotten the attention of several organizations which were permitted to file opinions with the court.
The Employers Association of New Jersey (EANJ) argued the court decision may unfairly burden employers and undermine their ability to protect corporate assets, the court’s decision says. The Association of Criminal Defense Lawyers of New Jersey (ACDL-NJ) and the National Employment Lawyers Association of New Jersey (NELA-NJ) were largely supportive of the court’s decision, however.
The NELA-NJ argued an employee “has a substantive right to privacy in her password-protected e-mails, even if accessed from an employer-owned computer, and that an employer’s invasion of that privacy right must be narrowly tailored to the employers legitimate business interests,” the court document states.
The Supreme Court judges said in their decision in reading Loving Care’s electronic communications policy, “It is not clear from that language whether the use of personal, password-protected, web-based e-mail accounts via company equipment is covered. The Policy uses general language to refer to its ‘media systems and services’ but does not define those terms. Elsewhere, the Policy prohibits certain use of ‘the e-mail system,’ which appears to be a reference to company e-mail accounts. The Policy does not address personal accounts at all.”
The court also noticed that the policy doesn’t warn that the contents of this type of e-mail are stored on a hard drive and can be forensically retrieved. The court said the Loving Care policy “creates ambiguity about whether personal e-mail is company or private property.”
As specifically concerns the issue of attorney-client privilege and confidentiality, the New Jersey Supreme court said in its decision that because Stengart took steps to protect the privacy of the e-mails and shield them from her employer, because she used a personal password-protected e-mail account instead of her company e-mail address and did not save the account’s password on her computer, she had a subjective expectation of privacy in messages to her lawyer discussing a possible future lawsuit.
And the court decided those expectations were “also objectively reasonable.”
“The Policy did not give Stengart, or a reasonable person in her position, cause to anticipate that Loving Care would be peering over her shoulder as she opened e-mails from her lawyer on her personal, password-protected Yahoo account,” the court stated, later adding that in monitoring employees’ actions online, “employers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy.”
The court’s decision this week in the Stengart vs. Loving Care Agency case shakes up some oft-accepted notions about employer right to ownership of e-mail that employees may compose on a corporate-issued computer, says Jen Rubin, attorney at Mintz Levin in New York, which has been closely following the case.
“It’s almost a property rights issue,” says Rubin, noting that at the very least, the New Jersey Supreme Court’s decision in this case should send businesses, their lawyers and the IT departments running back to review their acceptable-use policies related to e-mail.