On March 30, the New Jersey Supreme Court affirmed the Appellate Division of the Superior Court’s decision in Marina Stengart v. Loving Care Agency, Inc.,1 and held that an employee has a reasonable expectation of privacy with respect to her communications with counsel using a personal, passwordprotected, web-based email account, which she accessed using a company laptop computer. This decision is significant because the prior law and general understanding was that an employer has unfettered access to an employee’s computer content when that content is created, stored, or accessed on company-issued equipment.

This case involved the resignation and subsequent employment discrimination claim brought by an executive against her former employer. While employed, plaintiff was issued a company laptop and email address to perform her duties. Prior to her resignation, plaintiff communicated with her attorney about a potential action against her employer using her personal, password-protected, Yahoo email account. Plaintiff accessed her Yahoo email account from her company-issued laptop.

During discovery, the employer created a forensic image of plaintiff’s company-issued laptop. While reviewing the laptop’s contents, defense counsel discovered and read several communications between plaintiff and her attorneys. Defense counsel did not alert plaintiff’s counsel of the discovery of these emails. Instead, the defense referenced and attached some of the plaintiff’s emails to her attorneys in its interrogatory responses. Plaintiff’s counsel immediately requested return of all communications between the plaintiff and her counsel, as well as the identification of any lawyers who viewed them. After defense counsel refused this request, the plaintiff sought a restraining order preventing the defendant from using the attorney communications. The trial judge denied the plaintiff’s motion, holding that the emails “were not protected by the attorney-client privilege because the company’s electronic communications policy put plaintiff on sufficient notice that her emails would be viewed as company property.”

The Appellate Division reversed the trial court’s decision and remanded, based on the fact that the company policy concerning communications on the company’s systems was ambiguous, and was insufficient to put an employee on notice that her personal communications were subject to review by the company. The defendant appealed.

The Supreme Court Opinion

On appeal, the New Jersey Supreme Court modified and affirmed the Appellate Division opinion and remanded to the trial court for consideration of sanctions against defense counsel. Specifically, the Supreme Court held that under the circumstances, Stengart could reasonably expect that email communications with her lawyer through her personal, password-protected, web-based email account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them.

The court found that the employer’s policy did not clearly put the employee on notice that the emails at issue were company property or subject to review. Specifically, the court found that the policy was unclear on whether personal, password-protected, web-based email accounts accessed through a company computer were covered; did not warn employees that the contents of such emails were stored on a hard drive and could be forensically retrieved and read by the employer; and expressly permitted the occasional personal use of email. Citing the important public policy concerns related to the attorneyclient privilege, however, the court ruled that even if the employer’s email policy banned all personal use and clearly put the employee on notice that the company could retrieve and read attorney-client communications on personal email accounts, such a policy would be unenforceable and the communications would remain privileged.

The court recognized that employers can adopt and enforce lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and ensure compliance with legitimate corporate policies. The court ruled that employers have no need to read the contents of personal, privileged, attorney-client communications.

Further, the court held that by reading emails that were at least arguably privileged and failing to promptly notify Stengart about them, Loving Care’s counsel violated R.P.C. 4.4(b), which provides that a “lawyer who receives a document,” which includes an email, and who “has reasonable cause to believe that the document was inadvertently sent shall not read the document or, if he or she has begun to do so, shall stop reading the document” and promptly notify and return the document to the sender.

Guidance for Employers

This case provides a bright-line prohibition in New Jersey on reviewing attorney-client communications sent or received on personal, password-protected, web-based email accounts even when accessed on company computers. The implications of this decision for nonprivileged communications is less clear, but New Jersey employers should review their electronic communications policies to specifically address communications through web-based email accounts using company equipment and avoid the types of ambiguities identified by the court in Stengart. Specifically, policies should (1) give express notice to employees that messages exchanged on a personal, password-protected, web-based email account are subject to monitoring if accessed through company equipment; (2) warn employees that the contents of such emails may be stored on a hard drive and can be forensically retrieved and read by the employer; and (3) if the company permits the occasional nonbusiness use of email, clearly advise employees that such nonbusiness emails are still company property and are thus subject to review, and that there is no expectation of privacy with respect to such emails.

Moreover, the Supreme Court’s decision serves as a warning to parties and their lawyers engaging in eDiscovery and forensic review of company-issued computers. Here, defense counsel was found to have violated the Rules of Professional Conduct in not setting aside the arguably privileged messages once it realized they were attorney-client communications, and failing either to notify its adversary or to seek court permission before reading further. Those conducting forensic review of emails should be aware of the court’s decision and the requirements imposed.