Compliance Policies and Email


You should take a look at your computer use and email policies to see how they address three recent cases involving email in the workplace.

The first case involves unauthorized acces: (Van Alstyne v. Electronic Scriptorium, Inc.).  The president of the company had broken into an employee’s personal AOL email account. The employee had occasionally used that email account for business communications. To top off the bad behavior, the president of the company had propositioned the employee before firing her and then accessing that email account.

In the second case (Stengart v. Loving Care [.pdf]), Ms. Stengart resigned from Loving Care and sued the company. Before leaving she e-mailed her lawyer through her personal web-based account from her company-issued computer using the company’s internet access. Loving Care recovered temporary files stored on that computer which contained copies of Stengart’s attorney-client communications. Stengart discovered that Loving Care’s lawyers planned to use her e-mail in the litigation. She asked the trial court to decide whether the e-mail, sent during work hours on a company computer, was protected by the attorney-client privilege. The court held that it was not.

In the third case (Noonan v. Staples), Staples fired sales director Alan S. Noonan  for padding his expense report. Executive Vice President Jay Baitler sent an e-mail to approximately 1,500 employees explaining the reason for the firing. The e-mail contained no untruths, but Mr. Noonan sued for defamation anyhow. Unfortunately for Staples, truth is not a defense in Massachusetts if the challenged statement was communicated with actual malice.

Lessons? What should you have in your company’s computer policy?

First, tell employees that they should not use personal e-mail accounts for purposes of conducting company business.

Second, the company should have a policy that any message sent from a company computer is subject to disclosure and the employees should not have an expectation of privacy.

Third, employees should not access another employee’s files or email accounts, whether they are the company’s or personal.

Fourth, employees should not use email or company computers to send malicious messages.

Finally, make sure you can prove that each employee knows these rules.



Subscribe to have new articles from Compliance Building sent to your inbox.

, , ,

6 Responses to Compliance Policies and Email

  1. Michael L. Pisauro, Jr. November 19, 2009 at 12:10 pm #

    The NJ case, Stengart v. Loving Care is now on appeal to the NJ Supreme Court. The Appellate Division reversed the trial courts decision and found that Loving Care could not use the emails. Part of their reasoning was that it was unclear whether the policy was in place. The Appellate Division also wrote that the employer’s policy had to be related to the employer’s legitimate business interests. The Supreme Court will hear oral argument on Dec. 2nd.


  1. Corporate Compliance Insights - April 2, 2009

    GRC Blog Roundup: KPMG Sued for $1 Billion For Role in New Century Collapse…

    KPMG is being sued for $1 billionn by the liquidators of New Century, the collapsed subprime lender, in the first big lawsuit against one of the Big 4 audit firms arising from the current financial crisis. Also, links to blogs on email compliance and …

  2. Workplace Computer Policy and the Attorney Client Privilege | Compliance Building - July 6, 2009

    […] sent during work hours on a company computer, was not protected by the attorney-client privilege: Compliance Policies and Email (Stengart v. Loving Care [.pdf]) That case has now been overturned. It seems that a company’s […]

  3. N.J. Supreme Court upholds privacy of personal e-mails accessed at work | Compliance Building - March 31, 2010

    […] sent during work hours on a company computer, was not protected by the attorney-client privilege: Compliance Policies and Email. That later was overturned: Workplace Computer Policy and the Attorney Client […]

  4. Email, Warrants and Corporate Email | Compliance Building - December 20, 2010

    […] and you can decide how your employees use them. If you clearly state that your employees have no expectation of privacy for email on the company’s network then you are free to dig into their email traffic as part of an internal […]