The New Jersey Supreme Court's recent decision in Stengart v. Loving Care Agency, Inc.,1 suggests that New Jersey's courts may be more willing than New York's to extend privilege to employee e-mails sent through an employer's computer systems. In Stengart, the New Jersey Supreme Court held that an employee had a reasonable expectation of privacy when accessing her personal, password protected, web-based e-mail account through her employer's laptop—despite the employer's ability to forensically recover those e-mails. The court also indicated that technology policies expressly permitting an employer to monitor computer usage may be insufficient to prevent the privilege from attaching.
Across the Hudson, New York courts have taken a different approach and given greater deference to employers' technology policies. Indeed, New York courts have held that policies expressly permitting employers to monitor communications negate employees' privacy expectations and preclude assertion of the privilege.2
In Stengart, an employer forensically retrieved e-mails between an employee and her attorney from a company laptop.3 The court considered two factors in assessing privilege: (i) the employer's notice that it could view the employee's e mails and (ii) the public policy concerns the attorney client privilege implicates.4 The court held that the company's technology policy failed the first factor, because it did not expressly warn that the employer could monitor personal, password-protected, web-based e-mail and was ambiguous about permitted personal Internet usage.5 Moreover, Stengart states in dicta that even a more specific policy would not prevent the privilege from attaching:
Because of the important public policy concerns underlying the attorney client privilege, even a more clearly written company manual that is, a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee's attorney client communications, if accessed on a personal, password protected e-mail account using the company's computer system—would not be enforceable.6
Prior cases in both the New York federal and state courts disagree with Stengart. In Long v. Marubeni America Corp., the U.S. District Court for the Southern District of New York held that employees lacked a reasonable expectation of privacy when using the employer's computers in light of a policy that provided that (i) personal use of the employer's computer systems was prohibited; (ii) employees "have no right of personal privacy in any matter stored in, created, or sent over . . . internet systems provided" by the employer; and (iii) the employer had the right to monitor all data passing through its systems.7 Thus, the attorney-client privilege did not apply when the employees accessed their personal, password protected, web based e-mail accounts.8
Similarly, in Scott v. Beth Israel Medical Center Inc., the New York County Supreme Court held that an employer's technology policy prevented an employee from having a reasonable expectation of privacy in his e-mails and, thus, vitiated the privilege. The policy (i) restricted computer usage to business purposes; (ii) provided that the employer may monitor the employee's computer usage; and (iii) cautioned employees that all information created, received, saved, or sent on the employer's system would not be confidential.9 As the court noted, the effect of the employer's policy is "to have the employer looking over [an employee's] shoulder each time [the employee] send[s] an e-mail."10
Despite the differing approaches, both the New Jersey and New York cases highlight important lessons for both employers and employees:
- Employers should not assume that all employee information stored on workplace computers is discoverable. Depending on the employer's policy and state law, the computer may contain information protected by an employee's privilege. Indeed, in Stengart, the New Jersey Supreme Court held that the employer's attorneys had an ethical obligation to return the employee's e-mails forensically recovered from the employer's hard drive without reading them and that the attorneys' failure to do so may be sanctionable.11
- Employers should periodically review their technology policies to ensure they are clear and consistent with the evolving law. Generalized statements that the employer monitors computer usage or that employees are not permitted personal use of computers may be insufficient to extinguish employees' privacy expectations. An employer should adopt policies detailing that (i) the employer can—and does—monitor all information passing through or stored on its computer systems, including personal, password-protected, web-based e-mails; (ii) such e-mails may be automatically stored on the employer's hard drive and later accessed; (iii) employees lack privacy when using the employer's equipment; (iv) the employer can access and disclose monitored information at any time without prior notice; and (v) the employer's failure to monitor does not waive its right to do so. Employers also should periodically review their policies to account for new developments in the law.
- Employers should provide employees with notice of their technology policies. By providing notice, an employer significantly enhances its ability to enforce its policy. Certain states, including Connecticut and Delaware, require employers to provide notice before conducting electronic monitoring,12 and several other states are considering similar legislation. Requiring employees to sign an acknowledgement can be particularly helpful.
- Employees risk losing the attorney client privilege's protections by sending or accessing attorney communications from their employers' computers. Indeed, in New York, an employer's mere ability to read employees' e-mails may be sufficient to negate the privilege.
Footnotes
1. Docket No. A-16 Sept. Term 2009, 2010 N.J. LEXIS 241 (Mar. 30, 2010).
2. See Long v. Marubeni Am. Corp., No. 05 Civ. 639 (GEL)(KNF), 2006 U.S. Dist. LEXIS 76594 (S.D.N.Y. Oct. 19, 2006); Scott v. Beth Israel Med. Ctr. Inc., 17 Misc. 3d 934 (Sup. Ct. N.Y. County 2007).
3. See Stengart, 2010 N.J. LEXIS 241, at *15–16.
4. Id. at *25.
5. Id. at *26.
6. Id. at *43.
7. See 2006 U.S. Dist. LEXIS 76594, at *2–3, *8.
8. Id. at *8–9.
9. See Scott, 17 Misc. 3d at 936–37.
10. Id. at 938.
11. See Stengart, 2010 N.J. LEXIS 241, at *43–46 (directing the trial court to determine whether sanctions are appropriate for the attorneys' failure to return the privileged e mails stored on the employer's computer without reading them).
12. See CONN. GEN. STAT. § 31-48d; 19 DEL. CODE § 705.
O'Melveny & Myers LLP routinely provides advice to clients on complex transactions in which these issues may arise, including finance, mergers and acquisitions, and licensing arrangements. If you have any questions about the operation of the applicable statutory provisions or the case law interpreting these provisions, please contact any of the attorneys listed on this alert.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
