New Jersey Supreme Court Decision Affects Electronic Systems Policies and E-Discovery Practices for New Jersey Employers
Employment & Labor Law Special Alert
March 31, 2010
It is now common practice for employers to implement electronic systems policies that restrict employee use of company computers to company business and treat all information on company computers as company property. Yet, it is not unusual for these policies — perhaps in recognition of the seemingly inevitable use of company computers for personal reasons — to allow employees to engage in personal use of company computers on an “occasional” or “limited” basis. Such policies thus present a possible tension between the employer’s goal of insuring that its computers are being used for appropriate business reasons and an employee’s privacy interests. That tension is exemplified in the New Jersey Supreme Court’s much anticipated decision in Stengart v. Loving Care Agency, Inc., No A-16-09, 2010 WL 1189458 (March 30, 2010). In the Court’s own words, the Stengart case “presents novel questions about the extent to which an employee can expect privacy and confidentiality in personal e-mails with her attorney, which she accessed on a computer belonging to her employer.” The Court held that an employee does not waive the attorney-client privilege when using a company computer to communicate with her attorney via a personal password-protected e-mail account. Litigation attorneys for the employer who fail to turn over to the employee’s attorney privileged communications found on company computers are subject to sanctions.
The Court’s decision obviously has serious implications both for employers who seek to restrict employee use of company computers and for attorneys who discovery arguably privileged communications between an employee and the employee’s lawyer on the computers of their clients.
Marina Stengart filed suit in New Jersey Superior Court alleging that she had been constructively discharged by her employer, Loving Care Agency, Inc. (“Loving Care”), because of a hostile work environment and harassment based on gender, religion, and national origin, all in violation of the New Jersey Law Against Discrimination, N.J.S.A. §10:5-1, et seq. (“the LAD”). After litigation commenced, Loving Care made a forensic image of the hard drive of the laptop computer it had provided to Stengart for business purposes in order to preserve information for discovery. While still employed, Stengart had used the laptop to access a personal, password-protected Yahoo! e-mail account through which she communicated with her attorney about her situation at work. The e-mails were presumably relevant to her LAD claims. Stengart had been unaware that the company had in place a computer program that automatically preserved these e-mails on her computer’s hard drive.
Attorneys from the law firm representing Loving Care (“the Firm”) reviewed the e-mails between Stengart and her lawyer, but did not advise the lawyer they were in possession of the e-mails until months later, when they identified one of the e-mails in answers to interrogatories. In response to an application to the trial court by Stengart’s attorney that the Firm produce all of the e-mails between Stengart and counsel, and that the Firm be disqualified for not having done so upon their discovery, the Firm asserted that Stengart had no reasonable expectation of privacy in the e-mails based on Loving Care’s electronic systems policy (“the Policy”). In relevant part, the Policy provided:
The company reserves and will exercise the right to review, audit, intercept, access, and disclose all matters on the company’s media systems and services at any time, with or without notice.
E-mail and voice mail messages, internet use and communication and computer files are considered part of the company’s business and client records. Such communications are not to be considered private or personal to any individual employee.
The principal purpose of electronic mail (e-mail) is for company business communications. Occasional personal use is permitted . . . .
The Supreme Court’s Opinion
Citing to common law tort concepts of privacy, the Supreme Court declared that the central issue was whether Stengart had a reasonable expectation of privacy in her e-mails with her attorney sent and received via her company laptop. The Court identified two factors bearing upon this issue: the scope of the Policy and the importance of the attorney-client privilege.
As to the Policy, the Court found its meaning ambiguous because it: (1) did “not address personal accounts at all” and thus “employees [did] not have express notice that messages sent or received on a personal, web-based e-mail account [were] subject to monitoring if company equipment [was] used to access the account;” (2) did “not warn employees that the contents of such e-mails [were] stored on a hard drive and [could] be forensically retrieved and read by Loving Care;” and (3) “acknowledge[d] that ‘personal use [of e-mail] [was] permitted.'”
With regard to the attorney-client privilege, after tracing the history of the privilege and affirming its importance to the public interest, the Court recognized that e-mail exchanges “are covered by the privilege like any other form of communication.”
In light of the foregoing the Court concluded that Stengart had a reasonable expectation of privacy with regard to the e-mails she exchanged with her attorney using Loving Care’s laptop. The most significant reasons cited by the Court were:
- “Stengart plainly took steps to protect the privacy of those e-mails and shield them from her employer. She used a personal, password-protected e-mail account instead of her company e-mail address and did not save the account’s password on her computer.”
- “[H]er expectation of privacy was also objectively reasonable . . . . [The Policy] does not address personal accounts at all. Nor does it warn employees that the contents of e-mails sent via personal accounts can be forensically retrieved and read by the company. Indeed, in acknowledging that occasional personal use of e-mail is permitted, the Policy created doubt about whether those e-mails are company or private property.”
- The e-mails reflect “conversations between a lawyer and client about confidential legal matters, which are historically cloaked in privacy. Our system strives to keep private the very type of conversations that took place here in order to foster probing and honest exchanges.”
- Stengart was unsophisticated in the use of computers and was unaware that Loving Care could read the e-mails on her Yahoo! account.
Moreover, the Court expressly ruled that because the employee’s privacy interest was based in large measure on “the important public policy concerns underlying the attorney-client privilege,” even a clearly drafted electronic systems policy that “prohibited all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee’s attorney-client communications” would not be enforceable with respect to attorney-client communications “accessed on a personal, password-protected e-mail account using the company’s computer system.”
Importantly, however, the Court was careful to uphold the ability of employers to adopt and enforce electronic systems policies, including monitoring of employee usage, recognizing that such policies are designed to protect “the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies.” The Court specifically noted that employers “may discipline employees and, when appropriate, terminate them, for violating proper workplace rules. For example, an employee who spends long stretches of the workday getting personal, confidential legal advice from a private lawyer may be disciplined for violating a policy permitting only occasional personal use of the Internet.”
Turning to the issue of whether the Firm should be sanctioned for its failure to promptly turn over the e-mails to Stengart’s counsel, the Court focused on Rule of Professional Conduct 4.4(b), which mandates that a lawyer who has “reasonable cause to believe that [a] document was inadvertently sent shall not read the document or, if he or she has begun to do so, shall stop reading the document, promptly notify the sender, and return the document to the sender.” Citing to the ABA Model Rules, the Court interpreted RPC 4.4(b) to cover e-mails and other electronic modes of transmission. Although the Court recognized that the Firm “did not hack into plaintiff’s personal account, … maliciously seek out attorney-client documents in a clandestine way,” or otherwise act in bad faith, and that the Firm was legitimately attempting to preserve evidence, “[i]ts error was in not setting aside the arguably privileged messages once it realized they were attorney-client communications, and failing either to notify its adversary or seek court permission before reading further.” The Court remanded the case to the trial court to decide what sanctions, if any, should be imposed “in light of the specific nature of the e-mails, the manner in which they were identified, reviewed, disseminated, and used, and other considerations noted by the Appellate Division.” As to the sanction of disqualification specifically, the trial court was directed to “balance competing interests, weighing the need to maintain the highest standards of the profession against a client’s right freely to choose his counsel.” (Internal quotes omitted).
Practical Tips for New Jersey Employers and their Attorneys
1. When preserving and reviewing a plaintiff’s e-mails and Internet files on company computers, if privileged communications are identified, counsel should not review their contents but should immediately segregate the potentially privileged communications, notify plaintiff’s counsel and, if necessary, seek a judicial determination regarding whether the communications are privileged. Note also that, while Stengart involved attorney-client communications, RPC 4.4(b) purports to cover any inadvertently produced document, and thus, in the future, courts may well extend Stengart to communications implicating other well-recognized privileges, e.g., the patient-physician and spousal privileges, or to other privacy interests beyond issues of privileged communications.
2. Employers and counsel should carefully review the company’s electronic systems policies to insure they are clear and understandable to the average employee and that they have been updated to account for the current state of the employer’s electronic systems.
3. The types of ambiguities discussed in Stengart should be avoided. Specifically:
- Avoid the use of computer technical jargon where possible.
- To avoid confusion regarding what constitutes impermissible employee conduct, enumerate prohibited uses of the company’s electronic systems and potential disciplinary consequences.
- Address the use of personal, password-protected, Internet-based e-mail accounts (e.g. gmail, Hotmail, Yahoo!, etc.) via company electronic systems. Employees must be given express notice if e-mails sent from or received on personal e-mail accounts are subject to company monitoring when any company equipment (including laptops, Blackberries, etc.) is used to access the personal e-mail account.
- If applicable, warn employees that e-mails sent from or received on personal e-mail accounts using company electronic systems are stored on the computer’s hard drive and may be forensically retrieved and monitored by the company.
- If occasional personal use of the company’s electronic systems is permitted, advise employees that personal use of the company’s electronic systems is not private and may be monitored by the company.
- Articulate the company’s legitimate business interests for restricting personal usage and monitoring employees’ personal e-mails and Internet usage, including protecting the company’s assets and reputation, promoting employee productivity, and ensuring compliance with the law and the company’s legitimate corporate policies.
4. Employers should take the following steps to ensure notice and understanding of their policies:
- Issue the company’s electronic systems policy to all new employees and reissue the policy on a regular basis (annually is ideal) to all employees.
- Require all employees to sign an acknowledgement that they have received and understand the policy. The acknowledgment should include language stating that the employee understands that although occasional personal use of the company’s electronic systems is permitted, he or she has no expectation of privacy or confidentiality in any use of the company’s electronic systems, including e-mails sent from or received on personal, password-protected, Internet-based e-mail accounts (e.g. gmail, Hotmail, Yahoo!, etc.) and Internet usage.
- Provide training to employees on the company’s electronic systems policy.