- New Jersey Supreme Court Rules That Employees Retain Privacy And Privilege of Attorney-Client Communications Made From Work
- July 12, 2010 | Author: Fernando M. Pinguelo
- Law Firm: Norris McLaughlin & Marcus, P.A. A Professional Corporation - Bridgewater Office
New Jersey Supreme Court Rules That Employees
Retain Privacy And Privilege of Attorney-Client
Communications Made From Work
he New Jersey Supreme Court March 30 announced that after an employee sends or receives e-mails to her attorney via her personal e-mail account from an employer-provided computer, the employer cannot pierce the attorney-client privilege to access the contents of those communications. (Stengart v. Loving Care Agency, Inc., N.J., A-16-09, 3/30/10) In Stengart, the court held that an employee could ‘‘reasonably expect that e-mail communications with her attorney through her personal account would remain private, and that sending and receiving them via a company laptop did not eliminate the attorney-client privilege that protected them.’’
The court also held that the company’s attorneys violated an ethics rule by reading the ‘‘arguably privileged’’
e-mails and by failing to alert the employee that they had them.
New Jersey Privacy Protections. The Court’s 7-0 opinion reinforces New Jersey’s commitment to providing broader privacy protections to her citizens than those that are typically available under federal law.1 Thus, its conclusion that upheld the privilege as attaching to communications made in the workplace was not a complete surprise.
But the court did unleash at least one surprise by announcing that even a seemingly bulletproof company policy on workplace computer use that claims attempts to defeat the attorney-client privilege would not be enforceable if the employee accessed the privileged communication through a personal, password-protected e-mail account.
This ruling thus establishes a nearly impenetrable firewall through which employers must pass when they seek to pierce an employee’s attorney-client privilege attached to a personal e-mail.
The Facts. As plenty of other employees at work often do, Marina Stengart used her employer’s computer to briefly access the Internet for personal use. Stengart worked as Executive Director for Nursing for Loving Care Agency, Inc., a home health-care and nursing services provider.
While still employed by Loving Care, Stengart anticipated filing an employment discrimination case against it. On several occasions prior to her resignation, Stengart used her company-issued laptop computer to access e-mail from her attorney via her personal, password protected Yahoo e-mail account. By that time, Loving Care had already distributed an employee handbook containing an ‘‘Electronic Communication [P]olicy’’ that outlined the company’s policies on computer use at work. The Policy specifically provided:
High Court’s Holding. On challenge to New Jersey’s highest court, Loving Care argued that the attorney client privilege did not attach to the e-mails because its company policy regarding computer and Internet use at the workplace removed any expectation of privacy that Stengart may have had; and that she waived the privilege because she accessed her e-mail via the company’s computer and server.
The Supreme Court of New Jersey disagreed. After first concluding that Loving Care’s Policy was ‘‘not clear’’ and created ‘‘ambiguity about whether personal e-mail use is company or private property,’’ the court evaluated case law from other jurisdictions, giving particular attention to (and ultimately following) a Massachusetts case with nearly identical facts.
Relevant Factors. The court considered factors by which an employee could be found to have a lesser expectation of privacy in attorney communications.
First, the court distinguished between the use of a company e-mail system as compared to a personal, web-based e-mail account (such as Yahoo or Gmail.) E-mails transmitted via an employer’s e-mail account might be subject to less privacy than those sent via a personal web-based account.
Second, the court noted that the physical location of the company’s computer might make a difference in the analysis, suggesting that an employee who works from a home office may be entitled to greater privacy than an employee whose communication is made via the company’s servers.
Third, the court recognized that other jurisdictions have held that the existence of a clear company policy that prohibits personal computer use may diminish an employee’s expectation of privacy; but, as explained below, the New Jersey Court refused to consider the sufficiency of a company policy as a determination of whether the employer can pierce the attorney-client privilege.
In holding that Stengart’s e-mails were protected by the attorney-client privilege because she could reasonably expect them to remain private, the court outlined three reasons.
First, the court noted that Stengart had both a subjective and an objectively reasonable expectation of privacy in the e-mails because she had used a passwordprotected account to access the messages and had not given her password to anyone at Loving Care.
The court also noted that Stengart had not used the computer to conduct illegal activities.
Third, the court recognized that the e-mails were clearly labeled as attorney-client communications and warned the reader that the messages were personal and confidential. (The e-mails included a paragraph warning the reader ‘‘THE INFORMATION CONTAINED IN THIS EMAIL COMMUNICATION IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENT NAMED ABOVE.’’)
Privilege Trumps Policy. Addressing Loving Care’s argument that no privilege attached to Stengart’s e-mails because Stengart ‘‘brought a third person into the conversation from the start—watching over her shoulder,’’ the court explained that the ‘‘Policy did not give Stengart, or a reasonable person in her position, cause to anticipate that Loving Care would be peering over her shoulder as she opened e-mails from her lawyer on her personal, password-protected Yahoo account.’’
In fact, the effectiveness of Loving Care’s Policy was not dispositive. As noted above, the court determined that the Policy was ambiguous, lacked clarity, and failed to warn employees that even web-based e-mails could be forensically retrieved. But, as the court explained, even if the Policy were perfectly drafted, it would not be enough to pierce the attorney-client privilege: [E]mployers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy. . . . [E]ven a more clearly written company manual—that is, a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee’s attorney client communications, if accessed on a personal, password protected e-mail account using the company’s computer system—would not be enforceable.
Declining to rely on other states’ case law holding that a clear company policy banning personal e-mails could diminish an employee’s expectation of privacy in attorney-client communications, the court added that a ‘‘zero-tolerance policy can be unworkable and unwelcome in today’s dynamic and mobile workforce and [we] do not seek to encourage that approach in any way.’’
Implications of Ruling on Workplace Practices. The court’s ruling does not mean that employers cannot monitor or regulate Internet use in the workplace. The court made it clear that employers may still establish and enforce workplace policies relating to computer use. Indeed, an employer may ‘‘discipline employees and, when appropriate, terminate them, for violating proper workplace rules . . . .’’ But it cannot use a workplace violation as a reason to pierce an employee’s attorney-client privilege.
Ethical Considerations. The Stengart court also considered whether Loving Care’s attorneys violated professional ethics rules. New Jersey’s Rules of Professional Conduct prohibits a lawyer from reading a document that the lawyer has a reasonable cause to believe was disclosed inadvertently.3 The court ruled that the attorneys were at fault for ‘‘not setting aside the arguably privileged messages once [they] realized they were attorney-client communications’’ and by ‘‘failing either to notify [their] adversary or seek court permission before reading further.’’ Noting the absence of an appearance of bad faith, the Court reiterated that the attorneys ‘‘should have promptly notified opposing counsel when it discovered the nature of the e-mails.’’
Does Technology Defeat Privacy? The Future of Workplace Privacy The court’s holding in Stengart depended heavily on its recognition that ‘‘[i]n the modern workplace . . . occasional, personal use of the Internet is commonplace.’’ But its holding was limited to finding a privacy in attorney-client communications. Stengart did not address whether the contents of other types of highly confidential communications found in personal e-mails might be off-limits to an employer in light of an ambiguous employee policy, or whether a reasonable expectation of privacy attaches to communications that are simply marked ‘‘personal’’ or ‘‘confidential’’ that an employee accesses while at work via a personal password protected web site. Does simply labeling an e-mail communication as ‘‘confidential’’ and only using a password protected personal web-based e-mail account to access it from work prevent an employer from reading its contents?
Additionally, Stengart involved only conduct by private—not state— actors; thus Fourth Amendment protections were not implicated. Yet it is not likely that the New Jersey Supreme Court would allow government employers to more easily overcome the attorneyclient privilege (and Fourth Amendment privacy protections) in order to read the contents of a privileged communication sent or received via a government employer’s computer.
Although the United States Supreme Court has ruled that government employers may conduct warrantless searches for work-related purposes or because of workrelated misconduct, even where the employee retains a 3 See RPC 4.4(b) (‘‘A lawyer who receives a document and has reasonable cause to believe that the document was inadvertently sent shall not read the document or, if he or she has begun to do so, shall stop reading the document, promptly notify the sender, and return the document to the sender.’’). reasonable expectation of privacy,4 the New Jersey Supreme Court would be more likely to provide citizens with broader privacy protections. And a pending ruling from the U.S. Supreme Court5 could potentially throw a wrench into the whole mix. In a case that does not involve attorney-client privilege, the Supreme Court will soon answer the question of whether a government employer is required to use less intrusive methods when reviewing the contents of an employee’s private text messages sent using a employer-issued pager.
The Policy further detailed types of personal use for which the internet should not be used, including
‘‘solicit[ing] for outside business ventures, charitable organizations, or for any political or religious
purpose. . . .’’
Despite the wording of the Policy, Stengart used the company-issued laptop computer to access her private, password protected Yahoo e-mail account. Stengart was unaware that the computer was automatically saving web-page images in a temporary internet file cache folder on the computer’s hard drive. After Stengart formally resigned and returned the laptop, Loving Care had the hard drive forensically imaged and discovered files containing the content of the e-mails Stengart exchanged with her attorney.
Rather than promptly returning the e-mail to Stengart, Loving Care’s attorneys concluded that she had waived privilege claims in light of Loving Care’s computer use Policy, which explained that Internet use and communication were ‘‘not to be considered private or personal to any individual employee.’’
Believing no privilege attached, Loving Care cited one of the e-mails in an interrogatory answer. Stengart’s attorneys immediately sought return of the e-mails, but the trial judge held for Loving Care after concluding that Stengart waived the privilege. The Appellate Division reversed, holding that preserving attorney-client privilege outweighed the employer’s interest in enforcing its Policy.
The company reserves and will exercise the right to review, audit, intercept, access, and disclose all
matters on the company’s media systems and services at any time, with or without notice.
. . .
E-mail and voice mail messages, internet use and communication and computer files are considered
part of the company’s business and client records. Such communications are not to be considered
private or personal to any individual employee. The principal purpose of electronic mail (e-mail) is for
company business communications. Occasional personal use is permitted . . . .