Slashdot Mirror
NJ Court Upholds Privacy of Personal Emails At Work
chiguy sends word of a ruling from the New Jersey Supreme Court which found that a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer. This ruling is likely to set precedent for other workplace privacy cases around the country.
"'The court has recognized the very legitimate and real concerns with regards to privacy. This gives some guidance to employers in terms of how explicit (e-mail) policies need to be,' [attorney Marvin Goldstein] said. The ruling stems from a harassment and discrimination lawsuit Marina Stengart of Bergen County filed three years ago against Loving Care of Ridgefield Park. Stengart, then the executive director of nursing, sent her attorney eight e-mails from her company-loaned laptop about her issues with her superiors. Stengart used her Yahoo e-mail account. 'Under all of the circumstances, we find that Stengart could reasonably expect that e-mails she exchanged with her attorney on her personal, password-protected, web-based e-mail account, accessed on a company laptop, would remain private,' Chief Justice Stuart Rabner wrote in the decision, which upholds an appeals court’s ruling last year."
a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer.
I agree with the general principle - if someone doesn't use the company account there should be a reasonable expectation of privacy for a personal webmail account. However she still may be violating company policy about using work assets for personal affairs. The computer is owned by the company and they have every right to reprimand her for making the emails regardless of the content.
Interesting, but I'm not going to get too worked up about it without reading the actual ruling. Attorney / Client communication is the one of the most privileged under the law. Unless the court wrote the opinion in such a way as to explicitly broaden the scope of "privileged information from personal email accounts", this is likely to be interpreted narrowly (or, at least, an argument can be made that the decision should be narrow).
If you can read this... 01110101 01110010 00100000 01100001 00100000 01100111 01100101 01100101 01101011
But if what she did was wrong "regardless of the content", why did the employer have to read them?
They didn't. That was just stupid on their part - at least according to the judge. Unless they didn't have their usage policies written out (also stupid) they could have fired her, without reading the content, for violating corporate policy on acceptable use of company assets.
I could use company paper and company pens to write my letter, and mail it with a company stamp. I would be misusing company resources for personal business, but that doesn't give the company the right to read its contents. I could sit on the company toilet and use company water to take a shit, but that doesn't give them the right to watch. I could even be masturbating in there, misusing the time, and they still wouldn't have the right to monitor my activities. They would be in their rights to discipline an employee for taking long breaks and doing who knows what in the restroom, but they wouldn't be allowed to watch their employees to check just how they're spending their time in there. In this case, they can discipline her for misusing company resources, but can't violate the privacy that she has a reasonable expectation of.
On a closer note, it's the same privacy standard as if she'd had the conversation with her lawyer on the company phone -- a misuse of resources, but not within their right to listen in.
Remember, there were no nuclear weapons before women were allowed to vote.
The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company
How far do we take this logic? Does the company have a right to search an employee's pocketbook because it's sitting in a company-owned office? Can the company take samples of an employee's lunch for drug testing (or health insurance purposes_ because it's sitting in a company-owned refrigerator, powered by company-paid-for electricity? Can a company search an employee's car because it's sitting on a company-owned parking lot?
A person has no reason to expect anonymity on a computer or network that is not their own.
That's rather like saying you have no reason to expect privacy because you rent an apartment instead of owning a house. You send letters through the postal service which is a network you don't own either but you still have an expectation of privacy in many cases. I'm not sure the logic of your argument is on solid footing there.
I agree that she was probably naive in assuming that the company couldn't read her correspondence. Many people assume email is much more private than it actually is. Ignorant but probably nothing worse.
The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company. Unless the company accessed her email account at Yahoo using this data, there doesn't seem to be an issue to me.
From that logic, it follows that if you send a letter by snailmail, where the letter exist in the offices of the postal service, the postal service workers have the right to open and read your letter. In my opinion, my employers have no more right to read my personal email than a postal worker has reading my letters. Usage of company email may be a gray zone, but my personal email account is not. They may argue that I sent a mail during work hours and fire me for that (if it is against company policy), but that is something very, very different.
The truth may be out there, but lies are inside your head
Company owned property (parking lot, refrigerator, network) which contains non-company-owned property (employee's car, employee's lunch, employee's email). The analogy is perfect.
Welcome to the Panopticon. Used to be a prison, now it's your home.
Instead, the court should have asked: if Stengart had left a written letter to her attorney in her desk when she left Loving Care, could Loving Care have used that letter in preperation for court cases?
Actually, if the letter was still in a sealed, addressed envelope... Then she could reasonably expect that the company would not be able to open it and read the contents, much less use anything they read in court. If the letter was NOT sealed it would be a different story.
IANAL, but I would think that the correlation of sealed envelope -> password protected personal email account would be an easy one to make.
From reading the article, it looks like it has nothing to do with networks and proxies and firewalls (oh my). They scanned her hard-drive and probably found them in the browser cache. Since it was a laptop, it entirely possible, if not likely, that she emailed her attorneys from home using her own network.
Flawed analogy. When you send your postal mail, you contracted with the postal service that they won't open your letter.
All analogies are flawed. Doesn't mean they are useless. To address your criticism however, you missed the point of my analogy which is that just because you don't own a network does not mean you have no expectation of privacy at any time. It's just not that simple.
Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.
That's a FAR different thing from saying the corporations have a right to monitor anything they want without limitation. Companies generally don't have a right to install a camera to watch me take a crap. It violates the principle of reasonableness. There are limits to how intrusive monitoring can get. This ruling says that this company violated one of those limits.
And thus all the arguments regarding "they own the hardware, they can do whatever they want" fail.
Actually, other state courts are likely to follow this precedent for two reasons. One, it applied to attorney-client communication (judges are lawyers, as such they tend to favor rulings that protect lawyers). Two, it appears to be a carefully worded and reasoned ruling with a fairly specific, limited scope (judges are human, as such if there is an easy way to make a ruling that they can do by little more than cut and paste, they will).
As my second point notes this is a narrow ruling, as such even if it does influence courts in other states that influence is likely to be limited to very similar cases. Ultimately, the primary result of this ruling will be a re-wording of company policies to allow them to do what this company did.
The truth is that all men having power ought to be mistrusted. James Madison
First of all there is NOTHING in the Constitution explicitly protecting privacy. Nothing. Everything relating to privacy in the Constitution has been inferred. Go ahead and read it. You won't find the word privacy or anything like it mentioned even once.
The fourth and ninth amendments taken together. See also the fourteenth.
$ make available
If she left a sealed, stamped letter to her lawyer I would expect them NOT to open it. If she talked to her lawyer and the company overheard the conversation, I would expect their knowledge gained to be like unto "fruit of the poisoned tree", and disallowed. There is a big difference between what you CAN do and what you are ALLOWED to do. People who do what isn't ALLOWED because they realize they CAN, in a country under the rule of law, should expect to be punished when they are caught.
Can't forget the tenth. If it's not spelled out in the Constitution, the Federal government doesn't have it. Since there is no Amendment saying the government can poke its nose into your business, you still have your privacy with which you were born.
God invented whiskey so the Irish would not rule the world.