Clearly Written Policies Give Companies The Right To Search Company-Owned Computers for ESI

Guidance Software Employers who wish to investigate employee electronic communications need to have clearly articulated written policies that employees do not have any expectation of privacy in their usage of employer provided computers.

In a recent decision by the New Jersey Supreme Court in Stengart v. Loving Care Agency, Inc., a former employee sued her employer for violating New Jersey’s Law Against Discrimination. In response, the employer searched the former employee’s company-owned laptop computer and found, in the web browser’s history, emails she had exchanged with her attorney using her own private, password protected email account. The e-mails were obtained by the forensic imaging of the employee’s company-owned computer.

The employer contended that the employee waived her privilege by using the company’s computer to send emails to her attorney, citing the company’s electronic communications policy, which stated, “Occasional personal use is permitted” and then described several prohibited uses including soliciting for outside business ventures, charitable organizations, or sending inappropriate sexual, discriminatory, or harassing messages.

However, in an effort to protect attorney client communications, the Court concluded that “[A]s written, the policy create[d] ambiguity about whether personal email use is company or private property when using a company owned computer.”

If the attorney / client privilege was not an issue, this case would likely have been decided differently. Why? Because although the Court correctly held Stengart had a limited expectation of privacy when communicating via email with her lawyer, the Court cited the ambiguity of the policy as the reason for its decision. In fact, the Court went on to say that “companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies.”

Here’s another example.

The United States Supreme Court recently granted review in Quon, et al. v. Arch Wireless, City of Ontario 2008 WL 2440559 (9th Cir. 2008), in which the Ninth Circuit Court of Appeals found the Ontario Police Department violated the Fourth Amendment when the Police Chief and others read an employee's text messages on employer-provided two-way pagers. This was another case in which the workplace policy regarding text messages was unclear.

It is expected that the Supreme Court will use the Quon case to make it clear that a company’s need to protect its intellectual property and monitor the workforce outweighs any privacy rights of employees, except in very limited situations like protecting attorney client privilege.

With data leakage, fraud, and cybersecurity threats increasing, companies need to be able to proactively audit and investigate all activity on their networks and remediate violations quickly. Clearly written policies about data stored on company computers can help ensure the success of these digital investigations.