Marina Stengart, a former employee of northern New Jersey-based Loving Care Agency, sued Loving Care for wrongful termination of employment based on discrimination. Loving Care hired an outside firm to analyze Stengart’s computer for information helpful to defense of the lawsuit. The third party investigators accessed Stengart’s Yahoo! email account (presumably because of a saved password), where they found information helpful to defense of the lawsuit. Can Loving Care’s attorneys use the information found on that personal email account? What if the communications are between Stengart and her attorney?

The New Jersey Supreme Court, in a 7-0 ruling (PDF link) upholding the appellate panel that reversed the trial court’s decision, ruled on March 30th that Loving Care wrongfully accessed those emails between Stengart and her counsel. The court held that “[f]inding that the policies undergirding the attorney-client privilege substantially outweigh the employer’s interest in enforcement of its unilaterally imposed regulation, we reject the employer’s claimed right to rummage through and retain the employee’s emails to her attorney.”

In its defense that it had every right to access all electronic records on its computer hardware, Loving Care turned to its company handbook, which provides in part that:

E-mail and voice mail messages, internet use and communication and computer files are considered part of the company’s business and client records. Such communications are not to be considered private or personal to any individual employee.

But the attorney-client nature of the communications may be a red herring if there is something to be learned from this case.

The court provided a detailed, very telling analysis of Loving Care’s handbook and underlying policies, which I believe is the takeaway from this case. The court focused on ambiguities in the handbook, and the lack of a defined nexus between employees’ personal email accounts and Loving Care’s claim of access to and ownership of such communications accessed through its computer hardware. Briefly:

Although there may be gray areas where an employer possesses a legitimate interest in accessing personal communications from a company computer that impact on its business or reputation,…the matter at hand does not present the same or similar circumstances considered in M.A., upon which the company places great emphasis, or Doe, nor does it present a doubtful question in resolving the conflict between an employee’s private interests and the employer’s business interests. Although plaintiff’s emails to her attorney related to her anticipated lawsuit with the company, the company had no greater interest in those communications than it would if it had engaged in the highly impermissible conduct of electronically eavesdropping on a conversation between plaintiff and her attorney while she was on a lunch break.

Certainly, an employer may monitor whether an employee is distracted from the employer’s business and may take disciplinary action if an employee engages in personal matters during work hours; that right to discipline or terminate, however, does not extend to the confiscation of the employee’s personal communications.

The court also took particular care to preserve the attorney-client relationship, and made clear declarations that the attorney-client relationship will remain protected in the brave new digital world:

There is no question — absent the impact of the company’s policy — that the attorney-client privilege applies to the emails and would protect them from the view of others. In weighing the attorney-client privilege, which attaches to the emails exchanged by plaintiff and her attorney, against the company’s claimed interest in ownership of or access to those communications based on its electronic communications policy, we conclude that the latter must give way. Even when we assume an employer may trespass to some degree into an employee’s privacy when buttressed by a legitimate business interest, we find little force in such a company policy when offered as the basis for an intrusion into communications otherwise shielded by the attorney-client privilege.

There have been cases where the attorney-client privilege was lost where there were attorney-client communications on company owned computer hardware (specifically, through the company email account, where no expectation of privacy was found). That being said, this case is different in that the communications were through a personal account and the handbook had many ambiguities, the primary of which was there was no stated nexus between Loving Care assuming ownership of such communications and the harm being prevented.

Again, the takeaway for me is not that the attorney-client privilege was preserved, but rather the importance of a properly drafted handbook that clearly states, among other things, what material is covered and the basis and benefits arising from such policies. Read the ruling’s (PDF link) discussion on the deficiencies in the handbook, and then review your own policy.