Have you ever wondered about the privacy of your web-based e-mail communications, e.g., Hotmail, Yahoo, or Gmail, as you carry out your personal business on your company-owned computer? A March 2010 decision by the Supreme Court of New Jersey sheds some light on the subject. In Stengart vs. Loving Care Agency, Inc., Marina Stengart used her company-issued computer to communicate with her lawyer through her personal, password-protected, web-based Yahoo e-mail account. Stengart eventually resigned her position and sued her former employee, Loving Care Agency, for employment discrimination. During the lawsuit, Loving Care Agency conducted a forensic examination of her computer and discovered her e-mails, including e-mails to her attorney written on her Yahoo account, among the web pages stored in the computer’s Internet cache. The story does not end there because opposing counsel disclosed Stengart’s attorney-client e-mail exchanges, claiming that Loving Care Agency had the right to review them. That’s where the court jumped in.
The issues before the court were, first, whether Stengart had an expectation of privacy in her personal e-mail despite her having accessed them on a company computer and, second, whether Loving Care Agency’s lawyer violated the attorney-client privilege by reviewing her e-mail. In New Jersey, as in most states, an employee’s expectation of privacy in his or hers computer equipment is typically determined by employee policies, particularly if they are written and disseminated to all employees in the form of an employee handbook. Loving Care Agency issued a pretty standard employee handbook, which prohibited certain obvious misuses of company computer equipment and provided it the right to “review, audit, intercept, access and disclose” all materials on company computer equipment.
Although it appears that this language provided sufficient notice to employees that they have no expectation of privacy in their computers, the handbook created an ambiguity by also permitting occasional personal use. The Court also pointed out that handbook did not warn employees that the contents of web-based e-mails could be forensically retrieved by Loving Care. The Court held that the ambiguous employee handbook, Stengart’s obvious desire to keep her e-mail private, and her expectation of privacy in her attorney-client communications created an expectation of privacy in her personal e-mails even though they were contained on company-provided computer equipment. Having determined that Stengart had an expectation of privacy in her e-mails, it was an easy step for the Court to conclude that Loving Care Agency’s lawyer had violated the attorney-client privilege by disclosing obviously privileged communications.
The Supreme Court of New Jersey’s decision in Stengart is important for a number of reasons. It suggest to employees that they should be careful with respect to e-mail communications — even web-based e-mail — made on company computers, and for employers it suggests that employee policies must give adequate notice about the information the employer can retrieve from employees’ computers. Also, if an employer permits employees to use company equipment for personal use, it may create an expectation of privacy where none may have previously existed. Take heed even if you are not a New Jersey company. Although the case was decided by New Jersey court, other state courts may find it persuasive.
— Adam G. Garson, Esq.