New Jersey Supreme Court Requires Detailed Notice in Employer Electronic Communications Policies and Increases Employee Privacy Rights in Stengart v. Loving Care Agency, Inc.
In a unanimous ruling, the New Jersey Supreme Court held in Stengart v. Loving Care Agency, Inc., that employees' "attorney-client communications, if accessed on a personal, password-protected e-mail account using the company's computer system" are protected by the attorney-client privilege and cannot be retrieved and used by the employer irrespective of the employer's electronic communications policy. Despite this seemingly narrow holding, the New Jersey Supreme Court went out of its way to dissect the employer's electronic communications policy and suggested that absent a clear, explicit policy, employees enjoy a cognizable right to privacy for communications via private, password-protected, web-based e-mail accounts even if accessed on a company computer system, via a company server, and even during work time. Businesses with New Jersey employees should carefully review the Loving Care decision and revisit their own electronic communications policies with counsel to ensure they account for advances in electronic communications and developments in policy regarding the privacy of such communications.
The dispute in Stengart v. Loving Care Agency, Inc. arose out of a discrimination lawsuit filed by Stengart against her employer Loving Care (and others). Stengart used a company-issued laptop to communicate with her attorney about the litigation via e-mail through her personal, password-protected, web-based e-mail account. Stengart never saved her password or ID on the company laptop. Browser software on the computer automatically made a copy of each webpage Stengart viewed and stored them in a cache folder, which remained on the hard drive unless deleted or overwritten. As part of discovery in the discrimination lawsuit, the employer recovered all files stored on the laptop, which included e-mails exchanged between Stengart and her attorney. The employer used the information from the e-mails during discovery, but Stengart's attorney claimed privilege over the communications. The trial court ruled that, in light of the employer's electronic communications policy, Stengart had waived the attorney-client privilege by sending e-mails on a company computer. The Appellate Division reversed the trial court, and the Supreme Court unanimously affirmed the judgment of the Appellate Division.
The court explained that its analysis "draws on two principal areas: the adequacy of the notice provided by the Policy and the important public policy concerns raised by the attorney-client privilege. Both inform the reasonableness of an employee's expectation of privacy…."
On the first of these two areas, the court concluded that Loving Care's electronic communications policy did not provide adequate notice with respect to employee privacy over personal e-mail accounts. The court explained that although Loving Care retained the right to review and access "all matters on the company's media systems and services at any time," according to the court, it was "not clear from that language whether the use of personal, password-protected, web-based e-mail accounts via company equipment [was] covered." The court noted that the terms "media systems and services" were not defined in the employer's policy, "e-mail system" referred to company e-mail accounts, and the policy did not at all address personal e-mail accounts. Based on the foregoing, Loving Care's "employees [did] not have express notice that messages sent or received on a personal, web-based e-mail account [were] subject to monitoring if company equipment [was] used to access the account."
Further, the court noted that the policy did not "warn employees that the contents of such e-mails are stored on a hard drive and can be forensically retrieved and read by Loving Care."
Finally, the court found ambiguity in the policy regarding personal e-mail use since it stated that e-mails "are not to be considered private or personal to any individual employee" but then acknowledged that "[o]ccasional personal use [of e-mail] is permitted."
Turning to the second area of analysis, the court explained that the attorney-client privilege is a "venerable privilege … enshrined in history and practice" and codified under New Jersey state law. The court pointed out that e-mail exchanges are covered by the privilege just like any other form of communication. Against this backdrop, the court drew from the common law tort of "intrusion on seclusion" and relevant decisions from outside New Jersey in evaluating the reasonableness of Stengart's expectation of privacy over the e-mails she exchanged with her attorney. The court was "mindful of the fact-specific nature of the inquiry involved and the multitude of different facts that can affect the outcome in a given case [and that] [n]o one factor alone is dispositive." Based on the court's review of relevant jurisprudence, such factors can include whether the communication is made via a company e-mail account versus a personal e-mail account, whether the employer had a complete ban on personal e-mails, and the location of the company computer at the time the message was drafted and transmitted.
With respect to Stengart, the court found the following factors relevant: Stengart used a personal, password-protected e-mail account instead of her company e-mail; she did not save her password on the computer; the lack of notice provided in the employer's policy (discussed above) and the fact that Stengart was unaware that the technology was available for Loving Care to review her personal e-mail; the fact that the e-mails were not illegal or inappropriate or harmful to the company; and, seemingly most importantly, the attorney-client nature of the communications, which was obvious from the subject matter and the standard warning concerning privilege on each e-mail. Based on these factors, the court held that Loving Care's policy "did not give Stengart, or a reasonable person in her position, cause to anticipate that Loving Care would be peering over her shoulder as she opened e-mails from her lawyer on her personal, password-protected Yahoo account" and that use of a company laptop alone is insufficient to establish otherwise.
The court concluded by explaining that despite its holding, employers can adopt and enforce policies relating to computer use to protect their assets, reputation, and productivity, and can discipline and even terminate employees for violating proper workplace rules "that are not inconsistent with a clear mandate of public policy." However, "employers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy" and "[b]ecause of the important public policy concerns underlying the attorney-client privilege … a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee's attorney-client communications, if accessed on a personal, password-protected e-mail account using the company's computer system—would not be enforceable."
The Loving Care decision puts employers with New Jersey operations on notice that their electronic communications policies will be carefully scrutinized by New Jersey courts, and that even the most explicit policy will still be weighed against public policy to protect the privacy of the type of communications at issue. To be sure, employees will likely seek to expand the protections offered by the Loving Care decision beyond attorney-client communications to other sensitive, personal communications, such as, for example, those regarding health information, union affiliation, or other types of information about themselves that employees may wish to shield from their employers. In the interim, employers should reevaluate existing policies in light of emerging technologies, such as the use of web-based tools and mobile devices for e-mail, instant messaging, social networking, and other cloud computing technologies.
For further information about workplace privacy issues, please contact your principal Firm representative of one of the lawyers listed below. General messages may be sent using our "Contact Us" form, which can be found at www.jonesday.com. If you wish to be removed from future email alerts, reply to this message with a subject line of "unsubscribe".
Michael J. Gray
+1.312.269.4096
mjgray@jonesday.com
Mauricio F. Paez
+1.212.326.7889
mfpaez@jonesday.com
Matthew W. Lampe
+1.212.326.8338
mwlampe@jonesday.com
Joseph J. Bernasky
+1.212.326.379
jjbernasky@jonesday.com