A recent New Jersey Supreme Court decision limits the circumstances where an employer may read an employee’s personal e-mails stored on a company’s computer system. The Court recently held that a company policy is not enough to allow an employer unfettered access to electronic communications by an employee.
In Stengart v. Loving Care Agency, the plaintiff, a former employee of Loving Care, was provided a company-owned laptop computer for business use, which she returned to her employer when she resigned from her employment. Stengart subsequently filed suit against the employer alleging violations of the New Jersey Law Against Discrimination (NJLAD). In connection with the lawsuit, the employer hired an expert to create forensic images of the contents of the laptop’s hard-drive and discovered a number of e-mail communications between Stengart and her attorneys, exchanged via the plaintiff’s personal Web-based password protected e-mail account.
The Court held that not only were the plaintiff’s e-mails with her attorney protected by the attorney-client privilege, but the employer’s e-mail and Internet policy was ambiguous.
While the e-mails at issue in Stengart involved attorney-client communications, this Court decision is important for all employers. To overcome an employee’s expectation of privacy in e-mails, the employer must develop and implement a detailed and specific Internet and e-mail use policy to ensure that it retains the right to monitor and read e-mails sent on its computers. Employers must also provide employees with express notice that messages sent or received on a personal, Web-based e-mail account will be subject to monitoring if company equipment is used to access the account.
An e-mail and Internet use policy should clearly: (1) notify employees of what information is stored in the employer’s computer systems and will be subject to retrieval and review; and (2) identify personal e-mail messages saved in such systems as company property.