Privacy & Cybersecurity Law Blog

On March 30, 2010, the New Jersey Supreme Court ruled for the former employee in Stengart v. Loving Care Agency, Inc. on the employee’s claim that state common privacy law protected certain of her emails from review by the employer.

The Court considered whether Plaintiff Marina Stengart (the former employee) had a reasonable expectation of privacy in emails she exchanged with her attorney via her web-based personal email account.  Stengart used her employer-issued computer to send the emails.  As a result, images of the emails were saved by the employer’s monitoring system, which saved every web page visited on the computer.  After Stengart left Loving Care and filed suit against the company, the company retrieved the emails from the laptop and attempted to use them in the litigation.  Stengart argued that the employer could neither review the emails nor use them in litigation because the email exchanges with her attorney were private.  The Court agreed.

Like many employers, Loving Care had in place an electronic communications policy that stated that the company could review any matters on the company’s media systems and services at any time, and that all emails and communications were not to be considered personal or private to employees.  The Court, however, found this boilerplate language lacking and interpreted all ambiguities it found in the policy against the employer.  Specifically, the Court found the policy’s disclosures of monitoring insufficient because the policy did not specifically inform employees that the company stored and could retrieve copies of employees’ private web-based emails.  Nor did the policy state expressly that the company would monitor the content of email communications made from employees’ personal email accounts when they were viewed on company-issued computers.  Accordingly, the Court held that Stengart had a subjective expectation of privacy in communications sent via her personal web-based email account and that the monitoring policy, which the court found ambiguous, did not quash that expectation.

This decision carries significant implications for employers.  It suggests that, at the very least, employers who wish to review computer screen shots that contain emails employees send via private web-based accounts will need to provide employees with a detailed, specific notice of such monitoring.  The court, however, appears to suggest that employees’ expectation of privacy in such emails may not be quashed regardless of the language of the policy.  The Court held that, while employers may adopt and enforce lawful policies relating to computer use to protect the assets and productivity of a business, they have no basis to read the contents of employees’ personal, privileged, attorney-client communications sent via personal web-based email.  The Court held that any policy (even if unambiguous) that allowed the employer to do so would be unenforceable.  While this broad holding concerns emails exchanged with an attorney, the decision may have implications for any personal emails (such as communications regarding health or financial issues) employees send over private web-based email accounts.

Finally, it is important to note that the Court suggested that language in the employer’s policy permitting “occasional personal use” of company email systems may create an expectation of privacy by employees with respect to non-business emails sent or received on company email accounts.  On the other hand, courts have found that prohibiting personal use of company email systems may diminish or quash employees’ privacy expectations.  While banning personal use of company email systems may not be feasible, employers should consider whether their interests may be better protected if they do not explicitly authorize personal use of the systems.

See Hunton & Williams' Employment & Labor Perspectives blog for further analysis of the labor law implications of this decision.