Employment Alert: New Jersey Supreme Court Finds Privacy Rights in Employee E-Mails
4/2/2010
Employers should review their electronic communications policies in light of a recent New Jersey Supreme Court decision in Stengart v. Loving Care, --- A.2d ----, 2010 WL 1189458 (March 30, 2010) holding that an employee had a legitimate expectation of privacy in e-mail communications that she sent to her attorney through her personal web-based e-mail account using her employer’s laptop computer. The decision in Stengart results from an employer’s failure to provide adequate warning to its employees in an electronic communications policy that personal e-mails may be recovered—and read—if they are sent through the employer’s electronic system. Stengart teaches the importance of providing employees with clear notice that their privacy rights are limited in the workplace.
Before Marina Stengart resigned from Loving Care, a nursing agency, she used her work-issued laptop computer to e-mail her attorney from her personal password-protected web e-mail account about suing Loving Care. Like many employers, Loving Care had policies governing its employees’ use of its electronic communications systems. Those policies permitted its employees occasional personal use of its electronic communications systems and alerted the employees that Loving Care could access information on the system. The policy did not, however, specifically alert the employees that Loving Care could forensically retrieve e-mails and data transmitted over an employee’s personal, web-based e-mail system if sent using Loving Care’s hardware.
Loving Care accessed the hard drive from Stengart’s company-owned laptop after Stengart sued Loving Care for discrimination, in part to discharge its obligations to preserve evidence of her claims. Loving Care’s outside counsel read the forensically retrieved communications between Stengart and her attorney, but did not inform Stengart’s counsel that it had accessed this information. When it was later revealed during discovery that Loving Care had accessed this information, Stengart’s counsel moved to sanction and disqualify Loving Care’s counsel based upon the violation of the attorney-client privilege and the Rules of Professional Conduct.
The trial court found that Stengart had no reasonable expectation that the attorney-client privilege would be preserved because Loving Care’s electronic communications policy put Stengart on notice that data stored on Loving Care’s computer system was Loving Care’s property. The New Jersey Appellate Division reversed the trial court, finding that Stengart had a legitimate expectation of privacy in her communications with her counsel, in part because Loving Care’s electronic communications policy lacked clarity with respect to the company’s ability to access personal data.
The New Jersey Supreme Court agreed that the ambiguities in Loving Care’s electronic communications policy impacted Stengart’s reasonable belief that her communications with her attorney would remain private and privileged. Stengart, the Court found, communicated using a password-protected (and therefore presumably private) e-mail account, and she had no reason to believe Loving Care could or would access those communications. The Court distinguished other cases finding to the contrary, such as Scott v. Beth Israel Medical Center, Inc., 17 Misc. 3d 934 (N.Y. Sup. 2007), which found that an employer’s access of e-mails between an employee and the employee’s counsel was proper when those e-mails were sent and received using the employer’s e-mail address, and the employer’s electronic communications policy clearly put the employee on notice that such communications were not private.
The New Jersey Supreme Court also affirmed the Appellate Division’s conclusion that Loving Care’s counsel had violated the Rule of Professional Conduct relating to receipt of communications relating to the legal representation of another party. The Court found that Loving Care’s attorneys should have stopped reading the e-mails once it appeared the e-mails might be subject to the attorney-client privilege, they should have notified Stengart that the e-mails were in Loving Care’s possession, and they should have awaited court adjudication of the privilege issue.
Stengart is one of a few recent decisions addressing the problems associated with retrieving information from company-owned media. But there are some simple steps employers can take to avoid the problems the Stengart employer experienced. Companies should review their electronic communications policies to specifically address the retrieval of information sent or received using a personal, web-based e-mail account, and to provide clarity concerning what is truly personal and private and what is not. In addition, until court adjudication is obtained, in-house counsel and other attorneys who retrieve privileged information as a result of a search of the employee’s work computer should proceed cautiously and comply in all respects with the applicable Rules of Professional Conduct.
Action Items for Employers
- Consider adding cautionary language to electronic information policies that clearly advises employees that the employer may access any information maintained on the employer’s computers (whether intentionally or not), including e-mails from or to the employee’s personal e-mail accounts, including information which the employee “deletes,” but is retrievable through forensic means.
- Electronic communications policies should expressly state whether the employer may retrieve or monitor the content of both personal and business communications.
- “Personal use” policies are acceptable and in fact reasonable in most cases, but employers should consider wording such policies as permitting “occasional or casual non-business” use, rather than “personal use” of employer media, and should clearly define the circumstances under which the employer may access personal or non-business data and communications.
For assistance in this area please contact one of the attorneys listed below or any member of your Mintz Levin client service team.
Andrew J. Bernstein
(212) 692-6742
AJBernstein@mintz.com
Richard H. Block
(212) 692-6741
RHBlock@mintz.com
James R. Hays
(212) 692-6276
JRHays@mintz.com
David R. Lagasse
(212) 692-6743
DRLagasse@mintz.com
Jennifer B. Rubin
(212) 692-6766
JBRubin@mintz.com
Michael S. Arnold
(212) 692-6866
MArnold@mintz.com
Gregory R. Bennett
(212) 692-6842
GBennett@mintz.com
Jessica W. Catlow
(212) 692-6843
JCatlow@mintz.com
Jennifer F. DiMarco
(212) 692-6260
JFDiMarco@mintz.com
David M. Katz
(212) 692-6844
DKatz@mintz.com
