For an employer preparing to defend against a legal action by a disgruntled employee, few moments are as intoxicating as digging into the employee’s electronic files on the company-owned computer. The golden dirt often emerges in the form of a gossipy e-mail or an internet search for something racier than the sports scores.
But on March 30, 2010, the New Jersey Supreme Court warned that there are limits to what an employer can dig for. In Stengart v. Loving Care Agency, Inc., the Court held that e-mails an employee sent to her lawyer on the company computer were protected by the attorney-client privilege. By reading the e-mails, the company’s attorneys breached the legal profession’s ethical rules. This is the most important court pronouncement to date that employers do not have complete control over communications on their electronic data systems.
The Court’s ruling did not address an employee’s gossipy e-mails to persons other than lawyers, nor did it confront the problem of salacious internet searches. Those issues were not before the Court. But the Court declared a privacy right for employees on company computer systems.
In Stengart, the employee used a company laptop computer and her personal, password-protected, web-based Yahoo account to send a few e-mails to her lawyer. After her employment ended and she filed a sexual harassment lawsuit, the company retrieved data from the laptop’s hard drive, which included the internet files containing the e-mails to her lawyer. Company attorneys reviewed those emails. When the employee learned of this indiscretion, she asked the trial court to disqualify the company’s attorneys. The trial court ruled that the employee had waived the attorney-client privilege by posting the e-mails on the company computer. The Supreme Court disagreed.
The Supreme Court began by attacking the employer’s electronic communication policy — which had purported to provide the employer sweeping control over its computer system. The Court criticized the policy because (1) it did not expressly state that personal, password-protected, web-based accounts used on company computers were subject to review, (2) it did not warn employees that contents of e-mails are stored on a hard drive and can be retrieved, and (3) it permitted employees occasional personal use of e-mail, thus creating ambiguity as to whether a personal e-mail was company or personal property. These failings meant the employer had not "notified" the employee that her e-mails were accessible to probing eyes.
We’re not sure why the Court spent considerable effort criticizing the policy, because it later held that even a perfect policy would not have saved the employer. The attorney-client privilege was impenetrable in these circumstances. "Because of the important public policy concerns underlying the attorney-client privilege," the Court held, "even a more clearly written company manual . . . would not be enforceable."
The Court did not determine whether the attorney-client privilege would have applied had the employee written to her lawyer via her company-issued e-mail account.
It appears certain that employers still may review all personal e-mails — except those subject to the attorney-client privilege — and all internet searches that are composed on the company account. An employer’s right to review is less certain when it comes to non-privileged personal information found on the company computer but under the employee’s personal, password-protected, web-based account. The tenor of the New Jersey decision suggests that employers are permitted to review those e-mails, especially if they contain illegal or inappropriate material.
We suggest revising your electronic communications policy to expressly permit employer review of personal, password-protected, web-based accounts, to warn employees that e-mail contents are stored on a hard drive and can be retrieved, and to clarify what type of personal e-mail use is not permitted.