Pervasive Internet and social media use in the workplace has left employers questioning what rights they have to access and review employees’ online activity using company computers. Employment attorneys are simultaneously exploring how such information can be used to defend companies in litigation. While employee privacy concerns may not necessarily preclude employers from accessing personal information stored on an employee’s work computer, a recent decision from New Jersey’s highest state court highlights that such information may still be off limits if it is protected by the attorney-client privilege.

The plaintiff in Stengart v. Loving Care Agency, Inc. sued her former employer for employment discrimination. Subsequently the company had a forensic expert image the hard drive of the plaintiff’s company-issued laptop to preserve the electronic evidence for discovery purposes. Among the retrieved images were e-mails sent and received from the plaintiff’s personal Yahoo account, including e-mail exchanges with her attorney in the case.

The company reviewed the recovered e-mails between the plaintiff and her lawyer and identified them in pre-trial discovery. The plaintiff’s counsel then sought a court order to compel the company to return the e-mail messages, asserting they were protected by the attorney-client privilege. The company argued that the plaintiff had no reasonable expectation of privacy because of the company’s policy on electronic communications and that she waived the attorney-client privilege when she used the company’s computer to communicate with her attorney.

The New Jersey Supreme Court held that the plaintiff had a reasonable expectation of privacy in e-mail messages sent to and from her lawyer via a personal, password-protected e-mail account, even though the messages were sent and received using her employer’s laptop computer. Nor did the e-mails lose the protection of the attorney-client privilege because they were exchanged using the employer’s computer, the court ruled. Among other things, the court was persuaded by the fact that the company’s computer-use policy permitted limited, personal use of its computers.

The court also found that the company’s counsel violated the Rules of Professional Conduct by reading and failing to promptly notify the plaintiff about the e-mails.

Although the ambiguity of the company’s computer use policy influenced the court’s decision, the court noted that even a “policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee’s attorney-client communications, if accessed on a personal, password-protected e-mail account using the company’s computer system … would not be enforceable.”

While some courts have reached a result different from the New Jersey Supreme Court, the Stengart case serves as a reminder that the same discovery and ethical rules still apply in the electronic realm. Attorneys must always be careful when they inadvertently uncover potentially privileged communications.

Mr. Cino is a Partner in the Morristown, New Jersey office of Jackson Lewis LLP. He is the firm’s National Director of Litigation.