NJ Court Upholds Privacy of Personal Emails At Work

chiguy sends word of a ruling from the New Jersey Supreme Court which found that a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer. This ruling is likely to set precedent for other workplace privacy cases around the country. "'The court has recognized the very legitimate and real concerns with regards to privacy. This gives some guidance to employers in terms of how explicit (e-mail) policies need to be,' [attorney Marvin Goldstein] said. The ruling stems from a harassment and discrimination lawsuit Marina Stengart of Bergen County filed three years ago against Loving Care of Ridgefield Park. Stengart, then the executive director of nursing, sent her attorney eight e-mails from her company-loaned laptop about her issues with her superiors. Stengart used her Yahoo e-mail account. 'Under all of the circumstances, we find that Stengart could reasonably expect that e-mails she exchanged with her attorney on her personal, password-protected, web-based e-mail account, accessed on a company laptop, would remain private,' Chief Justice Stuart Rabner wrote in the decision, which upholds an appeals court’s ruling last year."

Still probably violates company policy

[sjbe]

a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer.

I agree with the general principle - if someone doesn't use the company account there should be a reasonable expectation of privacy for a personal webmail account. However she still may be violating company policy about using work assets for personal affairs. The computer is owned by the company and they have every right to reprimand her for making the emails regardless of the content.

Narrow interpretation

[religious freak]

Interesting, but I'm not going to get too worked up about it without reading the actual ruling. Attorney / Client communication is the one of the most privileged under the law. Unless the court wrote the opinion in such a way as to explicitly broaden the scope of "privileged information from personal email accounts", this is likely to be interpreted narrowly (or, at least, an argument can be made that the decision should be narrow).

Re:Still probably violates company policy

[flaming error]

> ... they have every right to reprimand her for
> making the emails regardless of the content.

Ok. But if what she did was wrong "regardless of the content", why did the employer have to read them?

Reading not required

[sjbe]

But if what she did was wrong "regardless of the content", why did the employer have to read them?

They didn't. That was just stupid on their part - at least according to the judge. Unless they didn't have their usage policies written out (also stupid) they could have fired her, without reading the content, for violating corporate policy on acceptable use of company assets.

Re:Soon To Be Overturned!

[Stone Rhino]

I could use company paper and company pens to write my letter, and mail it with a company stamp. I would be misusing company resources for personal business, but that doesn't give the company the right to read its contents. I could sit on the company toilet and use company water to take a shit, but that doesn't give them the right to watch. I could even be masturbating in there, misusing the time, and they still wouldn't have the right to monitor my activities. They would be in their rights to discipline an employee for taking long breaks and doing who knows what in the restroom, but they wouldn't be allowed to watch their employees to check just how they're spending their time in there. In this case, they can discipline her for misusing company resources, but can't violate the privacy that she has a reasonable expectation of.

On a closer note, it's the same privacy standard as if she'd had the conversation with her lawyer on the company phone -- a misuse of resources, but not within their right to listen in.

Re:Soon To Be Overturned!

[Reverberant]

The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company

How far do we take this logic? Does the company have a right to search an employee's pocketbook because it's sitting in a company-owned office? Can the company take samples of an employee's lunch for drug testing (or health insurance purposes_ because it's sitting in a company-owned refrigerator, powered by company-paid-for electricity? Can a company search an employee's car because it's sitting on a company-owned parking lot?

Expectations of privacy

[sjbe]

A person has no reason to expect anonymity on a computer or network that is not their own.

That's rather like saying you have no reason to expect privacy because you rent an apartment instead of owning a house. You send letters through the postal service which is a network you don't own either but you still have an expectation of privacy in many cases. I'm not sure the logic of your argument is on solid footing there.

I agree that she was probably naive in assuming that the company couldn't read her correspondence. Many people assume email is much more private than it actually is. Ignorant but probably nothing worse.

Re:Still probably violates company policy

[Anonymous Coward]

Yes of course. That doesn't mean they can go read the private emails.

Re:Still probably violates company policy

[Herkum01]

The company does not have the right to read her personal mail either, but if she wrote it using a company pen or paper she may be violating company policy about using work assets for personal affairs... Or maybe the company phone, or maybe the rental car when she decided to stop at a store on a business trip, etc...

The costs of the items involved, like a personal email, can be minimal to non-existent so it is not about money. These things are not being done in the companies name, so it is not about being a representative of the company. The person is probably an exempt employee, which means that the person is expected to do their job, whatever that is, not punch a clock. As long as the job is getting done, the so called time lost is irrelevant.

These policies are rules made by busy bodies that feel a need to insert their nose into someone's business. That it involves "Company property" is just the excuse. Why these people believe that the companies rights are so superior to the individual is rather pathetic. Especially since the Constitution was really set up to protect the individuals right to privacy, that the government seems so willing to defer that right because a business is involved is very scary.

Re:Soon To Be Overturned!

[Zumbs]

The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company. Unless the company accessed her email account at Yahoo using this data, there doesn't seem to be an issue to me.

From that logic, it follows that if you send a letter by snailmail, where the letter exist in the offices of the postal service, the postal service workers have the right to open and read your letter. In my opinion, my employers have no more right to read my personal email than a postal worker has reading my letters. Usage of company email may be a gray zone, but my personal email account is not. They may argue that I sent a mail during work hours and fire me for that (if it is against company policy), but that is something very, very different.

Re:Still probably violates company policy

[SlippyToad]

"However she still may be violating company policy about using work assets for personal affairs."

Maybe. That's another can of worms. I use my personal computer to work from home. I'm expected to be available every few weeks for a week of "on-call" activity where work can intrude quite firmly into my home.

The line between working at home and "homing" at work, to badly coin a phrase, is getting blurrier every year.

And companies have a choice of either shutting people out of their personal lives completely for 8-10 hours a day (and getting the exact same shutout when those people go home) or learning to be modestly flexible. So far the trend is that companies are learning to bend just a bit.

Re:Soon To Be Overturned!

[idontgno]

Company owned property (parking lot, refrigerator, network) which contains non-company-owned property (employee's car, employee's lunch, employee's email). The analogy is perfect.

Re:Networks and proxies and firewalls oh my

[jjoelc]

Instead, the court should have asked: if Stengart had left a written letter to her attorney in her desk when she left Loving Care, could Loving Care have used that letter in preperation for court cases?

Actually, if the letter was still in a sealed, addressed envelope... Then she could reasonably expect that the company would not be able to open it and read the contents, much less use anything they read in court. If the letter was NOT sealed it would be a different story.

IANAL, but I would think that the correlation of sealed envelope -> password protected personal email account would be an easy one to make.

Re:Still probably violates company policy

[civilizedINTENSITY]

If company policy states that personal use is OK (as was the case according to TFA) then she wasn't violating company policy.

Re:Networks and proxies and firewalls oh my

[MontyApollo]

From reading the article, it looks like it has nothing to do with networks and proxies and firewalls (oh my). They scanned her hard-drive and probably found them in the browser cache. Since it was a laptop, it entirely possible, if not likely, that she emailed her attorneys from home using her own network.

REASONABLE privacy

[sjbe]

Flawed analogy. When you send your postal mail, you contracted with the postal service that they won't open your letter.

All analogies are flawed. Doesn't mean they are useless. To address your criticism however, you missed the point of my analogy which is that just because you don't own a network does not mean you have no expectation of privacy at any time. It's just not that simple.

Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.

That's a FAR different thing from saying the corporations have a right to monitor anything they want without limitation. Companies generally don't have a right to install a camera to watch me take a crap. It violates the principle of reasonableness. There are limits to how intrusive monitoring can get. This ruling says that this company violated one of those limits.

Re:Soon To Be Overturned!

[civilizedINTENSITY]

And thus all the arguments regarding "they own the hardware, they can do whatever they want" fail.

Re:l2federalism

[Attila Dimedici]

Actually, other state courts are likely to follow this precedent for two reasons. One, it applied to attorney-client communication (judges are lawyers, as such they tend to favor rulings that protect lawyers). Two, it appears to be a carefully worded and reasoned ruling with a fairly specific, limited scope (judges are human, as such if there is an easy way to make a ruling that they can do by little more than cut and paste, they will).
As my second point notes this is a narrow ruling, as such even if it does influence courts in other states that influence is likely to be limited to very similar cases. Ultimately, the primary result of this ruling will be a re-wording of company policies to allow them to do what this company did.

Re:Expectations of privacy

[icebraining]

Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.

They can say what they want. Doesn't mean it's legal.

Re:Still probably violates company policy

[arbiter1]

what if she used her private email to send email with sensitive company info to a competitor? They have the right to monitor all data sent over their networks and any computer they own.

Re:Companies are easier to regulate than governmen

[Thinboy00]

First of all there is NOTHING in the Constitution explicitly protecting privacy. Nothing. Everything relating to privacy in the Constitution has been inferred. Go ahead and read it. You won't find the word privacy or anything like it mentioned even once.

The fourth [wikipedia.org] and ninth [wikipedia.org] amendments taken together. See also the fourteenth [wikipedia.org].

what you CAN do vs. what you are ALLOWED to do

[civilizedINTENSITY]

If she left a sealed, stamped letter to her lawyer I would expect them NOT to open it. If she talked to her lawyer and the company overheard the conversation, I would expect their knowledge gained to be like unto "fruit of the poisoned tree", and disallowed. There is a big difference between what you CAN do and what you are ALLOWED to do. People who do what isn't ALLOWED because they realize they CAN, in a country under the rule of law, should expect to be punished when they are caught.

Re:Companies are easier to regulate than governmen

[corbettw]

Can't forget the tenth. If it's not spelled out in the Constitution, the Federal government doesn't have it. Since there is no Amendment saying the government can poke its nose into your business, you still have your privacy with which you were born.

Re:Still probably violates company policy

[Anonymous Coward]

If you do something on someone else's property, they don't have a right to observe it?

Like use their toilet?

Re:Still probably violates company policy

[plague3106]

If I use your phone to make a private call, you do NOT have the right to listen in.

Re:Still probably violates company policy

[Daniel Dvorkin]

what if she used her private email to send email with sensitive company info to a competitor? They have the right to monitor all data sent over their networks and any computer they own.

Any employee who is under suspicion for doing that kind of thing shouldn't have access to sensitive data at all -- or should be an ex-employee if there's proof. And the kind of paranoid workplace where it's assumed that everyone is stealing data is not a place you want to work.