Acknowledging the complex issues raised by the reality of personal Internet use in the modern workplace, the New Jersey Supreme Court in Stengart v. Loving Care Agency, Inc., No. A-16-09 (N.J. Mar. 30, 2010), ruled that an employee had a reasonable expectation of privacy in communications with her attorney conducted through a personal, password-protected, web-based email account accessed on her company-owned laptop and that the opposing law firm violated its ethical obligations by not disclosing the discovery of such communications. The ruling serves as yet another reminder to employers of the importance—and limitations—of establishing clear policies regarding employees’ personal use of employer computer systems; the decision also serves as a clear warning to counsel to be mindful of their ethical obligations relating to the discovery of materials arguably protected by the attorney-client privilege.
Plaintiff Marina Stengart brought suit against her former employer, Loving Care Agency, Inc., alleging, inter alia, constructive discharge and harassment. Loving Care Agency, in an effort to preserve electronic data, hired experts to create a forensic image of Stengart’s company laptop. Among the items retrieved were emails exchanged between Stengart and her lawyer via Stengart’s Yahoo! account, which were stored in the cache of temporary Internet files on the computer’s hard drive.
Counsel for Loving Care Agency did not disclose the existence of these emails to Stengart until months after their discovery. Stengart applied for an order to show cause seeking the return of the emails and to disqualify the law firm retained by Loving Care Agency for violation of the New Jersey Rules of Professional Conduct.
Loving Care Agency argued that Stengart had no reasonable expectation of privacy in files on a company-owned computer, in light of the company’s electronic communication policy warning employees that they should not consider email or Internet use to be private or personal. Loving Care Agency also asserted that the attorney-client privilege did not attach to emails accessed through Stengart’s personal account via the company’s computer and server.
Stengart countered that she intended the emails with her lawyer to be confidential and that the company’s email policy failed to provide adequate warning that Loving Care Agency would save on a hard drive, or monitor the contents of, email sent from a personal account.
The New Jersey Supreme Court ruled that, under the circumstances, Stengart could reasonably expect that email communications with her lawyer exchanged through her personal email account would remain private, and that sending and receiving email via a company laptop did not obviate the attorney-client privilege. The key factors cited by the Court in support of its decision are:
- Loving Care Agency’s computer use policy permitted the occasional personal use of email in the workplace, did not address the use of personal email accounts, did not warn employees that the contents of emails sent via personal accounts could be forensically retrieved and did not give Stengart cause to anticipate that Loving Care Agency would be “peering over her shoulder” as she opened emails from her personal account;
- Stengart took steps to protect the privacy of her emails by using a personal, password-protected email account and did not save the account’s password on her computer;
- The emails bore the standard hallmark of attorney-client messages, warning the reader that they were privileged;
- The emails at issue did not contain illegal or inappropriate material that might harm the company in some way; and
- The emails between Stengart and her attorney were not simply left behind by Stengart, but were forensically retrieved temporary Internet files from the computer’s hard drive.
There are two other points of note in the Stengart decision. First, the Court’s analysis makes clear that company policies may not unilaterally eliminate the attorney-client privilege. The Stengart court cautions that while employers may adopt lawful computer use policies, they have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy. And, because of the overriding policy concerns in favor of preserving the attorney-client privilege, even a clearly-written policy banning all personal computer use and providing unambiguous notice that the employer could retrieve and read an employee’s attorney-client communications, would not be enforceable in New Jersey. Second, the Court found that the law firm retained by the company had violated the New Jersey Rules of Professional Conduct by reading emails that were at least arguably privileged and failing to promptly notify Stengart about them.
As the Stengart demonstrates, while companies may legitimately seek to prevent their employees from having a reasonable expectation of privacy in workplace communications, courts strongly disfavor inadvertent waivers of the attorney-client privilege and will strictly construe computer use policies to avoid that result.
The decision also suggests that employers seeking to prevent employees from having a reasonable expectation of privacy in workplace communications should (i) eliminate ambiguity from their computer use policies, including specifically defining any terms used in those policies to refer to or describe the company’s computer systems and (ii) consider specifically addressing the use of personal email accounts in their policies.
In addition, the Stengart decision clearly warns that regardless of the content or specificity of the company’s computer use policies, counsel has an ethical obligation to notify the opposing party of the discovery of any purportedly privileged emails between an employee and that employee’s personal attorney. We caution, however, that these issues continue to be litigated actively in the federal and state courts, often with inconsistent results.