By Brent A. Cossrow
When employees resign to join competitors, it is not uncommon for employers to review the former employees’ workplace computers to determine whether trade secrets have been taken, restrictive covenants have been breached, or whether statutes like the Computer Fraud & Abuse Act have been violated.
Although these issues were not squarely reviewed by the New Jersey Supreme Court in Stengart v. Loving Care Agency, Inc., the decision was eagerly anticipated by many with these issues in mind. The New Jersey Supreme Court’s decision to affirm the lower appellate court’s decision has been a widely noted workplace privacy case hailed by many to have national implications.
In a unanimous opinion, the Supreme Court this summer held that an employee had a reasonable expectation of privacy in her e-mail communications exchanged with her personal attorney through her web-based, password-protected, Yahoo! e-mail account using her employer’s computer.
This decision is significant because it was generally understood that an employer has unfettered access to, if it does not own, the data residing on computers it issues to its employees.
In one of the first state supreme court decisions to address employee cyber-privacy rights, the justices held that the e-mail communications were protected by attorney-client privilege. In an employee-centric opinion, the New Jersey Supreme Court criticized the employer’s electronic communications policy for its ambiguity and not stating that web-based, password-protected e-mail communications were subject to employer review.
The Supreme Court also directed the trial court to hold hearings to determine the appropriate sanction for the failure of the employer’s attorney to promptly notify the court or the employee’s attorney when the nature of the e-mail communications became clear.
While the opinion bears the hallmarks of a landmark employee privacy rights decision, a closer look at the Supreme Court’s opinion reveals a precedent that is not as threatening to employers as it might appear, for several reasons:
- The holding of Stengart v. Loving Care relied on the attorney-client privilege, Stengart’s lack of understanding of computer systems, and Loving Care’s unclear electronic communications policy. Of these three factors, the sanctity of the attorney-client privilege was paramount. And while the privilege confers powerful legal protection, most employers will never find evidence of privileged communications during an investigation of an employee’s use of a workplace computer. It is a rare occurrence. The majority of personal uses of workplace computers by employees does not involve privileged communications, and these uses were not addressed by the Supreme Court, which limited its analysis to the privileged e-mail communications. As a precedent therefore, Stengart v. Loving Care is like a fig leaf, providing slight but important protection of something superlatively private – and leaving everything else exposed.
- Stengart v. Loving Care is one of the only state supreme court opinions to review and approve of the practice of creating and investigating a forensic image of a hard drive used by a departing employee.
- Highlighting the importance of Stengart’s misunderstanding of computer technology ultimately will benefit employers.
Just what effect this decision will have and to what extent it will be followed and expanded in other states remains to be seen.