Workplace Computer Policy and the Attorney Client Privilege


Back in April, I mentioned a New Jersey case that found e-mail, sent during work hours on a company computer, was not protected by the attorney-client privilege: Compliance Policies and Email (Stengart v. Loving Care [.pdf]) That case has now been overturned. It seems that a company’s policy on computer use may be more limited that I originally posted.

Factual Background:

The company provided Stengart with a laptop computer and a work email address. Prior to her resignation, plaintiff communicated with her attorneys, Budd Larner, P.C., by email about an anticipated suit against the company, and using the work-issued laptop but through her personal, web-based, password-protected Yahoo email account. After Stengart filed suit, the company extracted a forensic image of the hard drive from plaintiff’s computer. In reviewing plaintiff’s Internet browsing history, an attorney discovered numerous communications between Stengart and her attorney from the time period prior to her resignation from employment with Stengart.

I found it strange that the email from a web-based email account would be stored on the local computer. I am going to guess that it was attachments to the email that ended up stored on the computer in a temporary file and not the email itself.

Company Position:

According to the decision, the company’s policy may not have been clearly distributed and applied. There was some factual disputes about whether the company had ever adopted or distributed such a policy. There was a further dispute that even if the policy was put in place as to whether it applied to executives like Stengart.


In the end the company’s position didn’t matter and the court assumed the policy was in place. Instead, the court took a harsh position:

A policy imposed by an employer, purporting to transform all private communications into company property — merely because the company owned the computer used to make private communications or used to access such private information during work hours — furthers no legitimate business interest. See Western Dairymen Coop., 684 P.2d 647, 649 (Utah 1984). When an employee, at work, engages in personal communications via a company computer, the company’s interest — absent circumstances the same or similar to those that occurred in State v. M.A., 402 N.J. Super. 353 (App. Div. 2008); Doe v. XYC Corp., 382 N.J. Super. 122, 126 (App. Div. 2005) — is not in the content of those communications; the company’s legitimate interest is in the fact that the employee is engaging in business other than the company’s business. Certainly, an employer may monitor whether an employee is distracted from the employer’s business and may take disciplinary action if an employee engages in personal matters during work hours; that right to discipline or terminate, however, does not extend to the confiscation of the employee’s personal communications.

Those were some broad statements, but the decision was ultimately limited to the attorney-client privilege.

There is no question — absent the impact of the company’s policy — that the attorney-client privilege applies to the emails and would protect them from the view of others. In weighing the attorney-client privilege, which attaches to the emails exchanged by plaintiff and her attorney, against the company’s claimed interest in ownership of or access to those communications based on its electronic communications policy, we conclude that the latter must give way. Even when we assume an employer may trespass to some degree into an employee’s privacy when buttressed by a legitimate business interest, we find little force in such a company policy when offered as the basis for an intrusion into communications otherwise shielded by the attorney-client privilege.

It seems that New Jersey courts are now taking the position that a company cannot read an employee’s personal e-mail, even when the employer has a policy stating that the employee has no reasonable expectation of privacy. The exception to this rule would be when the company needs to know the content of the e-mail to determine whether the employee broke the law or violated company policy.