Ride the Lightning

NEW JERSEY MUDDIES THE WATERS: CAN EMPLOYERS READ EMPLOYEE'S E-MAIL?

September 2, 2009

Just when you think you know the law, the landscape changes again. On July 10th, a New Jersey appellate court issued what many commentators regard as a rogue decision in Stengart v. Loving Care Agency, Inc., which may be downloaded here.

Ms. Stengart had sent, from her workplace computer, e-mails to her lawyer about the sex discrimination suit she intended to file against her employer. She did this from a password protected Yahoo account.

After she filed the suit, the employer forensically imaged Ms. Stengart's computer and found the e-mails. The trial court concluded that the e-mails were not protected by the attorney-client privilege because the company's electronic communications policy put the plaintiff on sufficient notice that her e-mails would be viewed as company property. On appeal, the appellate disagreed, stating that the policies underlying the attorney-client privilege substantially outweigh "the employer's interest in enforcement of its unilaterally imposed regulation," and rejecting "the employer's claimed right to rummage through and retain the employee's e-mails to her attorney.

Plaintiff had persuasive evidence that there were multiple drafts of a company e-mail policy floating around and that no definitive policy was in place at the time that she resigned. It was even unclear whether some of the policies were applicable to executives such as Ms. Stengart. There was a clear factual dispute between the parties. Moreover, the policy relied upon here was marvelously unclear as to its terms. It was possible to read the policy and conclude that occasional personal e-mails, permitted under the policy, were not subject to employer review.

The court concluded that, with the facts in dispute, the trial judge should have held an evidentiary hearing. With this, I agree. However, the court goes on to say that an employer's rules and policies must be reasonable to be enforced and that rules must reasonably further the legitimate business interests of the employer. The company's ownershp of the computer did not, in the court's judgment, mean that an employee's personal e-mail necessarily become the property of the employer. The court conceded that some personal communications might serve the company's interest because of a business impact or interest, but that was not the case here.

This case really attempts to limit what an employer may do with private e-mails by focusing on the importance of the attorney-client privilege. It goes further with this line of reasoning than I've ever seen.

What we did not have here is a clear policy, signed by the employee, saying that the employee had no expectation of privacy with respect to anything done on company computers. If we had, would the decision have been the same? It is hard to say for sure, but the tenor of this decision suggests that it might have been, that employers are limited in what they can monitor.

I found this decision impractical. For one thing, "bad actors" use their personal e-mail accounts on a regular basis to (for instance) funnel proprietary data outside the company. Companies have a legitimate business interest in monitoring these accounts for a host of reasons.

As an employer, the best advice is to try to make the policy as clear and ironclad as possible, signed by the employee, acknowledging that there is no expectation of privacy with respect to anything created on the company's computers, including personal communications of any kind. It may be wise to specfically state that this includes attorney-client communications, which the employee agrees not to engage in from the work computer. Would that have stood up? Perhaps not in New Jersey.

But my take is that it SHOULD stand up. Data security is a major headache for employers – there should be no "fenced off" areas that employers cannot monitor and control.

E-mail:      Phone: 703-359-0700

www.senseient.com

http://twitter.com/sharonnelsonesq