The Boundaries Of Monitoring Employee E-Mail
October 22, 2009
This term, the New Jersey Supreme Court will wrestle with the issue of whether or not e-mail communications between an employee and her attorney, sent on her company-issued laptop, but via her password-protected Yahoo e-mail account, are protected by the attorney-client privilege.
The case, Stengart v. Loving Care Agency Inc. will also give New Jersey’s highest court the opportunity, should it so desire, to define the parameters and conditions upon which New Jersey employers can monitor and review all employee e-mail and Internet usage.
The facts of Stengart are as follows. Loving Care is a provider of home care services. Plaintiff was Loving Care’s director of nursing and a long-term employee, who, in fact, helped draft the employee handbook. During the course of her employment, Stengart communicated via e-mail with her attorneys at Budd Larner about a contemplated lawsuit against Loving Care. She did so, smartly, via her password-protected Yahoo e-mail account, rather than her work e-mail account. She then resigned and filed a lawsuit against Loving Care, alleging hostile work environment and constructive discharge.
Sills Cummis, the law firm representing Loving Care in the ensuing litigation, elected to preserve the hard drive from Stengart’s laptop for electronic discovery purposes. Thus, it made an image of the laptop’s hard drive and sent it to a forensic expert to restore and recover deleted information.
The forensic expert uncovered temporary Internet files that contained the e-mails between Stengart and her attorneys, some or all of which were sent during business hours and dealt with her anticipated lawsuit against Loving Care.
Rather than advise plaintiff or her counsel of its finding, Sills Cummis reviewed the e-mails and then revealed their identity in responding to the employee’s written discovery requests.
Stengart responded by filing an order to show cause seeking return of the e-mails, an order that the e-mails not be used in the case and the sanctioning/disqualification of Sills Cummis from the case.
Loving Care’s electronic communications policy provided that e-mail and Internet use were not to be considered private. However, it also indicated that the “principal purpose” of e-mail was for company business and that “occasional personal use is permitted.”
Further, while the policy prohibited certain uses of the e-mail system, such as job searches, it did not mention any prohibition against communicating with attorneys.
The Law Division’s Decision
The New Jersey Law Division (the trial court) held that where an employee has knowledge of an employer’s policy which warns that Internet use and communication on the employer’s computer systems is not private, and warns that e-mail and Internet use are part of the company’s business and client records, the attorney-client privilege does not extend to communications between an employee and her attorney over those systems, regardless of whether the communications are sent via the employer’s work e-mail account or personal Web-based e-mail account.
On the sanctioning/disqualification issue, the Law Division reviewed Sills Cummis’ conduct in light of New Jersey Rule of Professional Conduct (“NJ RPC”) 4.4, which provides, in pertinent part, that “[a] lawyer who receives a document and has reasonable cause to believe that the document was inadvertently sent shall not read the document or, if or she has begun to do so, shall stop reading the document, promptly notify the sender, and return the document to the sender.”
The Law Division determined that Stengart did not inadvertently transmit the e-mails to Sills Cummis, that Sills Cummis relied in good faith on Loving Care’s electronic communications policy, and that Sills Cummis should not be required to seek judicial intervention where it spent time and resources in drafting a policy designed to avoid such intervention.
The court also noted that Sills Cummis appropriately tried to preserve the information, and then disclosed in discovery that it had the information.
The Appellate Division’s Decision
Stengart appealed the decision to the New Jersey Appellate Division, which reversed the Law Division. The Appellate Division began by noting that it had problems with Loving Care’s electronic communications policy, as follows:
- certain terms in the policy were not defined (such as “media systems and services”)
- the policy stated that “occasional personal use is permitted”, which created ambiguity as to what personal use was contemplated
- the listing of prohibited personal uses did not mention e-mails to attorneys
- Loving Care could not produce a signed acknowledgment from Stengart regarding her receipt of the electronic communications policy
- a former executive provided the court with a certification stating that the policy did not apply to executives, such as Stengart
The court next reviewed the attorney-client privilege waiver issue, independent of its concerns with the language of the policy and how it was communicated to Stengart.
It held that in balancing the employer’s interest in monitoring its computer network vs. the employee’s interest in maintaining the privacy of her communications with her attorney, the balance tipped in favor of the attorney-client privilege.
In so holding, the court ruled that Sills Cummis had to turn over all the e-mails at issue, and delete the e-mails it had in its possession.
However, the Appellate Division didn’t stop there — it made some broad sweeping statements that went beyond the discrete issue that was being considered.
It explained that a policy that transforms private communications into company property simply because the company owns the computer over which the communications were made furthers no legitimate employer interest.
The court intimated that while the employer might have a legitimate interest in disciplining employees for wasting company time, it did not have a legitimate interest in confiscating private attorney-client communications
The Appellate Division determined, in essence, that an employer has no “legitimate business interest” in monitoring and intercepting e-mails between an employee and her attorney regarding the employee’s anticipated lawsuit against the employer.
This, of course begs the question, “why not?” If an employer has a legitimate interest in deciphering whether or not its employees are conducting a job search during the workday, why wouldn’t it also have a legitimate interest in knowing whether or not its employees are planning to sue it, especially when they are planning their lawsuit against it during business hours?
The court continued, explaining that a company has no greater interest in reviewing an employee’s attorney-client e-mail communications than if it would have electronically eavesdropped on a conversation between the plaintiff and her attorney while the plaintiff was on her lunch break.
One wonders how these two scenarios are the same. For if the employee has notice that her e-mail communications are being monitored, as Stengart did here, isn’t that different than an employer electronically eavesdropping on a private lunchtime conversation, where lack of consent is implied?
Furthermore, there is evidence that Stengart’s e-mails were sent in the middle of the afternoon, rather than during lunchtime.
The court next addressed the sanctions/disqualification issue, and held that Sills Cummis violated NJ RPC 4.4 because it “appointed itself the sole judge of the issue and made use of the attorney-client e-mails without giving plaintiff an opportunity to advocate a contrary position.”
The Appellate Division left open the potential for Sills Cummis to be disqualified from the case, or for other sanctions to be imposed on it.
The Current Status of Stengart
Not surprisingly, Sills sought leave to appeal the decision to the New Jersey Supreme Court. On July 29, 2009, the Supreme Court granted that request. It is anticipated that oral argument will be heard late this year, or early 2010.
Given the significant issues involved, the case is drawing considerable attention, with national and state employers’ associations, and the criminal defense bar weighing in.
So, what can be drawn from the decision, in its current form?
- Having an electronic communications policy is critical to an employer’s ability to monitor its employees’ e-mail and Internet usage.
- The policy needs to be written in plain English, with technical terms of art, such as ”media systems” and “Internet files,” defined.
- Employers should clearly define, in their electronic communication policy, what their legitimate interests are in monitoring their networks, such as preventing waste of company resources, and protecting confidential information.
- It is probably not a good idea to affirmatively state in such policies that personal use of electronic systems is permitted.
- If feasible, employers may want to consider blocking employee access to their personal e-mail accounts via company computer systems, to ensure that any personal e-mails, including attorney-client privileged e-mails, are sent from the employee’s work e-mail account, where employees arguably have less privacy rights.
In fact, in the most analogous New Jersey case on this issue, an unpublished 2006 District of New Jersey case, Kaufman v. SunGard Invest. Sys., 2006 U.S. Dist. LEXIS 28149 (D.N.J. May 9, 2006), Judge Linares expressly held that the attorney-client privilege did not apply to such e-mails.
However, the New Jersey Supreme Court is not bound by the Kaufman decision, and could hold that employers are not permitted to monitor even those attorney-client communications sent from employees’ work e-mail accounts.
- Employers need to procure signed employee acknowledgments regarding employees’ receipt of electronic communication policies at the commencement of employment and periodically thereafter. Typically, employers only secure written acknowledgments with regard to receipt of the employee handbook and sexual harassment policies.
- Employers need to ensure that their employees sign-off on having received revisions to their employee handbooks.
- Further, revised handbooks and/or revisions to handbooks should be dated so it is clear when the revisions were implemented.
- Finally, employers should consider providing training to employees regarding their electronic communication policies, similar to the sexual harassment training that employers typically provide to their employees.
We will need to wait and see what the New Jersey Supreme Court says before having any confidence about the final contours of this decision.
For example, will employers with clearly drafted electronic communication policies be able to lawfully monitor and review all of the personal e-mail of their employees? If not, what categories of personal e-mails will be off-limits?
More specific to the issue before the court, will employers be permitted to review their employees’ attorney-client e-mail communications so long as they advise their employees in writing that communications with an attorney, whether via the employees’ work e-mail account or an internet e-mail account, are prohibited personal uses, and can be monitored and intercepted by the employer?
Will it matter if the attorney-client e-mails are sent during business hours?
All of these questions are food for thought until the Supreme Court decides this case.
For now, what seems clear is that employers in New Jersey should not review e-mail between their employees and legal counsel, even if the e-mail is sent from the employees’ work e-mail accounts.
Rather, in such a circumstance, pursuant to NJ RPC 4.4, employers should not read, or stop reading, the e-mail, and return it to the employee or the employee’s attorney.