SteveK March 28th, 2011
It’s been a year since the New Jersey Supreme Court decision in Stengart v. Loving Care Agency. 990 A2d 650 (2010) and what has changed? The Stengart case shook the world of employment law because it is one of the first cases to provide that an employee has an expectation of privacy in personal, password protected, web-based emails sent on a company computer through a company server, irrespective of the fact that the employer had a computer use policy in effect at the time. The Court held that the Plaintiff had a subjective expectation of privacy in her emails because they were password protected and she did not save them on the company computer, as well as the fact that the emails were between her and her attorney, which is a fiduciary personal relationship. When the company captured the emails from her computer after she left employment and shared those emails with their defense attorneys, the defense attorneys had an obligation to not read them because the emails were privileged and to promptly return them to the Plaintiff’s attorneys.
Will Stengart mean that employees have an unfettered expectation of privacy in personal emails at work so long as they are sent and received on a web-based platform and are password protected? Probably not. That would be a broad end-run around a company’s computer use policy and that isn’t the message from the Court in Stengart. Rather, Stengart may end up meaning that employers have to be more precise in giving adequate warning to their employees that the contents of emails from a personal account may be monitored. Employers will have to drill into specifics in their computer use and internet use policies, so that any argument that the policy or policies are ambiguous is obviated. As the Court in Stengart held, “Our conclusion that Stengart had an expectation of privacy in e-mails with her lawyer does not mean that employers cannot monitor or regulate the use of workplace computers.” The Court went on to say that ”Companies can adopt and enforce lawful polices relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies….But employers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy.
Will Stengart mean that there is a narrow expectation of privacy in personal emails at work when the emails are with an attorney and fall under the attorney-client privilege? Probably not. If that were the case, the Court would not have gone through its detailed logic in arriving at its holding. Instead, it could have simply said personal emails at work with an attorney are privileged and are not discoverable. But it did not say that. In fact, the Court went to great lengths to discuss a concept called a “subjective expectation of privacy” and also to discuss computer use policy ambiguity.
The Stengart message is that an employer would be wise to not construe Stengart too narrowly in thinking its application is only for attorney-client communication; nor should an employer construe Stengart too broadly in thinking that an employee now has an unfettered expectation of privacy in his emails so long as the emails meet certain criteria, namely that they are password protected and are sent on a web-based platform. Rather, a cogent course for an employer to take is the middle ground. There may well be an employee expectation of privacy in emails that are sent on a password protected web-based platform, regardless of whether it is with the employee’s attorney, unless there are pro-active steps taken by the employer to obviate a subjective expectation of privacy and to clarify any computer use or internet use policy ambiguities. Employers should consider not only revising their computer use and internet use policies to be more precise as to this point, but also should consider the design and implementation of a rigorous and consistent employee training programs that include employee acknowledgements.
DiFrancesco, Bateman, Coley, Yospin, Kunzman, Davis & Lehrer, PC ( www.dbnjlaw.com ) is a full service law firm in New Jersey which provides a broad range of legal services, including the representation of clients in technology and privacy matters. For additional information about the matters in this bulletin or in the firm’s insurance practice, please contact Todd. R. Ruback, Esq. who heads our Technology and Privacy Law Department