Employee’s E-Mails To Lawyer On Company Laptop Are Off Limits
The decision by the Supreme Court of New Jersey in Stengart v. Loving Care Agency has a lot of lawyers talking. The case has to do with the privacy interests of an employee’s personal e-mail on a company computer and the attorney-client privilege.
The reason the case made ripples through the employment law community is because there simply aren’t many decisions on the issue and it hits a topic of real practical concern for both employers and employees.
What Happened In The Case
Marina Stengart worked for Loving Care Agency, Inc. (“Loving Care”), a home health care agency, as an Executive Director of Nursing. Like many employers, Loving Care provided Stengart a laptop computer for company business. Stengart could send e-mails using her company e-mail account from the laptop and she could also access the Internet through Loving Care’s server.
In December of 2007, Stengart used her computer to access a personal, password-protected e-mail account on Yahoo’s website to communicate with an attorney about her situation at work. She never saved her Yahoo ID or password on the company laptop.
When she sent the personal e-mails Stengart didn’t know that Loving Care’s browser software automatically saved a copy of each web page she viewed on the computer’s hard drive in a “cache” folder of temporary Internet files.
Stengart left Loving Care and returned the laptop computer. A couple of months later, she filed a lawsuit with claims of discrimination, harassment and retaliation.
After the lawsuit was filed, Loving Care hired experts to create a forensic image of the laptop’s hard drive. Among the items retrieved were the e-mails Stengart exchanged with her lawyer via the personal Yahoo account.
Loving Care’s lawyers used the e-mails in the lawsuit. Stengart’s lawyers demanded that the e-mails be identified and returned. Loving Care’s Lawyers argued that Stengart had no expectation of privacy in light of the company’s electronic communications policy which stated in part:
- Loving Care may review, access, and disclose all matters on the company’s media systems and services at any time
- e-mails, Internet communications and computer files are the company’s business records and are not to be considered private or personal to any individual employee
- occasional personal use of the computer is permitted
Stengart’s lawyers asked the trial court to order a return of the e-mails and disqualification of Loving Care’s lawyers. The judge denied the request, concluding that Stengart waived the attorney client privilege by sending e-mails on the company computer.
Stenagart appealed.The Court of Appeals reversed.
It found that Stengart had an expectation of privacy in the e-mails and that Loving Care’s lawyers violated the disciplinary rules by failing to alert Stengart’s lawyers that they had the e-mails before they read them.
It sent the case back to the trial court to determine whether disqualification of the firm, or some other sanction was appropriate. Loving Care appealed
The New Jersey Supreme Court Opinion
The Supreme Court of New Jersey agreed with Stengart and affirmed the Court of Appeals decision. In a long and thoughtful opinion, it framed the issue this way:
This case presents novel questions about the extent to which an employee can expect privacy and confidentiality in personal e-mails with her attorney, which she accessed on a computer belonging to her employer.
Loving Care argued that its employees have no expectation of privacy in their use of company computers based on the company’s policy. It also contended that attorney client privilege either never attached or was waived.
Stengart argued that:
- she intended the e-mails with her lawyer to be confidential
- the company policy, even if it applied to her, failed to provide adequate warning that Loving Care would monitor the contents of e-mail sent from a personal account or save them on a hard drive
- when the lawyers encountered the e-mails, they should have been immediately returned
The Court found favor of Stengart. In sum, this is what it held:
- Under the circumstances, Stengart could reasonably expect that the e-mail communications with her lawyer through her personal, password protected, web-based e-mail account would remain private
- Sending and receiving e-mails through the company laptop did not eliminate the attorney-client privilege that protected them
- By using a personal e-mail account and not saving the password, Stengart had a subjective expectation of privacy
- Her expectation of privacy was also objectively reasonable in light of the ambiguous language of the policy and the attorney-client nature of the communication
- Stengart took reasonable steps to keep the messages confidential and did not know that Loving Care cold read communications sent on her Yahoo account
Regarding the company policy the Court wrote:
The Policy did not give Stengart, or a reasonable person in her position, cause to anticipate that Loving Care would be peering over her shoulder as she opened e-mails from her lawyer on her personal, password-protected Yahoo account.
None of this means that companies are prohibited from monitoring the use of workplace computers. As the Court stated:
Our conclusion that Stengart had an expectation of privacy in e-mails with her lawyer does not mean that employers cannot monitor or regulate the use of workplace computers.
Companies can adopt and enforce lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies…..
But employers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy.
The Court also found that the defense lawyers should have promptly notified Stengart’s lawyers when they discovered the nature of the e-mails. It sent the case back to the trial court judge to determine whether the firm should be disqualified, costs should be imposed, or whether some other remedy was appropriate.
I represent employees, and many communicate with me by e-mail. I am always concerned that somehow these e-mails are going to be read by their employers – so this case is very good news because it clearly states that these communications are privileged and protected.
Management lawyers who get these e-mails are prohibited from reading them, must return them, and can be disqualified or sanctioned if they don’t.
Having said that, employees should still be extremely careful if they don’t want their personal e-mails read by their employers — which means that the best practice is not to use the company computer for personal e-mails or surfing the net.
As far as employers go, you can bet (and others agree) that many are reviewing their policies and trying to figure out and address the implications of this decision.
The bottom line is that employers do not have carte blanche to read employees’ private, confidential personal e-mails and even a very good corporate policy is not going to change that fact –at least for now.