The New Jersey Supreme Court recently ruled that an employee has a reasonable expectation of privacy when emailing their attorney from an employer-issued computer. This is so, despite the employer’s computer use policy advising employees that they should not expect privacy on any employer-owned computer. Though not a Washington case, employers should still take a serious look at this ruling and its possible implications for their businesses.
The case, Stengart v. Loving Care Agency, arose out of an employment discrimination lawsuit that Marina Stengart filed against her former employer, Loving Care Agency. Loving Care provided Stengart a laptop computer to conduct company business. Loving Care’s employment policies allowed “occasional personal use” of the laptop but also stated that e-mails, Internet communications and computer files are the business records of the company and “are not to be considered private or personal” to employees. The policy further allowed Loving Care to review, access, and disclose “all matters on the company’s media systems and services at any time.”
From the company laptop Stengart regularly sent personal emails through her personal, password-protected Yahoo-mail account. Unbeknownst to her, Loving Care’s network automatically saved a copy of each web page she viewed on the computer’s hard drive in a “cache” folder of temporary Internet files.
In early 2008, Stengart left her employment with Loving Care and filed an employment discrimination complaint. Not long afterwards in preparation for trial, Loving Care hired experts to create a forensic image of the laptop’s hard drive, including the temporary Internet files. Among the files saved were seven or eight e-mails Stengart had exchanged with her lawyer, via her Yahoo account, directly relating to the alleged discrimination. The e-mails contained a clear warning at the bottom that the information “is intended only for the personal and confidential use of the designated recipient” of the email and that the message may be a “privileged and confidential” attorney-client communication.
Loving Care attorneys read the e-mails and used the information in discovery. Stengart’s attorneys demanded identification of the emails and that they be returned. Loving Care lawyers disclosed the e-mails but refused to return them on the grounds that Stengart had no reasonable expectation of privacy in files on a company-owned computer, in light of the company’s electronic communications policy.
Stengart’s attorney next turned to the court, requesting the return of the e-mails and disqualification of Loving Care’s lawyers. The case eventually worked its way up to the New Jersey Supreme Court where the Court sided with Stengart.
The Court held that “under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private,” and that sending them through the employer-owned laptop did not eliminate the attorney-client privilege that protected them. The Court not only rejected the argument that the electronic communications policy trumped attorney-client privilege, but it went one step further, stating that even a policy providing notice that an employer could “retrieve and read an employee’s attorney-client communications, if accessed on a personal, password-protected e-mail account using the company’s computer system, would not be enforceable.”
The Stengart case represents a shift in the law and an expansion of employee privacy rights. Until now, Employers and their lawyers have been reasonably confident that employees have no reasonable expectation of privacy in communications made using employer-provided computers and networks. Just 10 years ago, it was widely understood that an employer could let employees know they had no reasonable expectation of privacy in electronic communications using employer-provided computers and networks, and that a court would enforce such a policy against the employee. See Muick v. Glenayre Electronics, 280 F. 3d 741, 743 (7th Cir. 2002.); and also Garrity v. John Hancock Mutual Life Insurance Co., 18 IER Cases 981 (Mass. Dist. Ct. 2002).
A reasonable view of Stengart is that the Court’s ruling is limited to attorney-client privileged communications. It is prudent, however, for employers to anticipate future privacy-based challenges by employees. For example, the United States Supreme Court is currently considering City of Ontario v. Quon, where one of the issues on appeal is whether a SWAT team member had a reasonable expectation of privacy in text messages transmitted on a Police Department owned mobile device. The Police Department had an official “no-privacy” policy regarding Police Department owned equipment however, a non-policymaking Lieutenant announced an informal policy whereby transcripts of the messages would not be reviewed so long as officers reimbursed the Department for any plan overages due to excessive use.
SWAT team member, Jeff Quon, his wife, girlfriend, and another officer, filed suit against the Police Department for violating their 4th Amendment privacy rights after the Department reviewed transcripts of sexually explicit text messages sent from, and received by, his Department issued device. It is now up to the Supreme Court to decide whether Quon, or the other parties involved, had a reasonable expectation of privacy in sending and receiving messages that trump or nullify the clear employer “no-privacy” policy.
It is unclear how the Supreme Court will resolve Quon, but it is clear that employees and their counsel feel emboldened by court decisions like Stengart and will continue efforts to weaken employer network control policies, even in the face of clearly written employment policies.
Stengart is a decision by a New Jersey court, and therefore not binding in Washington. It could, nevertheless, be a persuasive decision for a Washington court confronted with the same or similar issues. What can employers do to be ready? Well, the Stengart court noted that Loving Care’s employment handbook’s electronic communications policy was “vague” when discussing employee privacy interests—so making sure that your policies are NOT vague, is the first step you should take. It is unlikely that any change in the language used in an employee handbook will trump attorney-client privileged communications, but you can create an electronic communications policy that notifies employees that they have no right to privacy on company-owned computers, PDAs, smartphones or networks, including in those e-mails drafted, sent, received or viewed through a private, password-protected e-mail account or in any other websites visited. Also, in light of Quon, you should look at management practices to be sure that what you are telling employees is in line with the clearly stated policies in the handbook.
Regardless of employment policies, employers should segregate data collected during forensic searches of computer files into privileged and non-privileged categories. Anything that smacks of attorney-client communication should immediately be tendered to opposing counsel or else the employer’s attorneys could face possible disqualification from the case and even disciplinary proceedings.