NJ Supreme Court Rules in Favor of Employees’ Online Privacy

Published June 9, 2010

The New Jersey Supreme Court has ruled that employees have a right to privacy when sending emails from work on their password-protected accounts, a case that is helping to clarify the definition of “reasonable expectation of privacy” on the Web.

The case originated when a nursing manager at the Loving Care Agency in Bergen County New Jersey filed a discrimination and harassment lawsuit against her employer. In preparing for the 2008 case, Loving Care Agency found emails the plaintiff, Marina Stengart, sent to her lawyer via her Yahoo account on a company computer and used them in preparation for its defense.

The company thought it had the right to seize the emails because they were sent using company property. But the New Jersey Supreme Court ruled March 30 Loving Care Agency’s policy regarding email use to be “vague,” and noted the company said “occasional personal use [of company computers] is permitted.”

“The policy does not address personal accounts at all,” the judges wrote in a unanimous decision. “The policy does not warn employees that the contents of such e-mails are stored on a hard drive and can be forensically retrieved.”

Company ‘Overstepped its Bounds’
Jarrod Dornfeld, a consultant with the University of Iowa Computer Systems Support Department, said the employers’ actions were inappropriate, and the New Jersey Supreme Court came to the right decision.

“Since that Yahoo address was in no way affiliated with the [nursing home] company, then the company way overstepped its bounds,” Dornfeld said. “It’s akin to them tapping a phone without asking someone for permission first.

“If [the employee] was using her work email — especially if it was hosted on the company’s own servers or Web site — then I can see where that would be a different ballgame,” he said. “It would be OK [to monitor work emails] if the company tells its employees that work emails may be monitored.

“But the way this case turned out, I definitely disagree with the company’s policy,” Dornfeld said.

Establishing Privacy Precedent
Braden Cox, policy council of Washington, DC-based NetChoice, said the legal expectations of online privacy have been moving toward protecting individuals in recent years, and are “based on a few factors.”

“One of them is whether there is any kind of policy that might state what employees can expect,” Cox said. “Because the legal standard is that employees have a reasonable expectation of privacy, that expectation can be lowered or raised based on workplace policies or where the computer might be located.

“Like it or not, employers have the legal rights to do a wide variety of monitoring of their own computer systems and anything that flows over the network, even if it is a personal email or Web site,” he added. “However, I think many employers will chose to respect the privacy of their employees as a matter of good business practice.

Stricter Policies in Future?
“This case may have the unintentional consequence of pushing employers to further restrict employees’ personal Web access and email accounts,” Cox said. “But employers often go beyond what is legally required, and wish to provide employees with greater freedoms to use the Internet and email.

“Doing so is just good business practice, and helps promote better employer-employee relations,” he added.

Krystle Russin ([email protected]) writes from Texas.