Slashdot Mirror

← Back to Stories (view on slashdot.org)

NJ Court Upholds Privacy of Personal Emails At Work

Posted by Soulskill on from the easier-said-than-done dept.

chiguy sends word of a ruling from the New Jersey Supreme Court which found that a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer. This ruling is likely to set precedent for other workplace privacy cases around the country. "'The court has recognized the very legitimate and real concerns with regards to privacy. This gives some guidance to employers in terms of how explicit (e-mail) policies need to be,' [attorney Marvin Goldstein] said. The ruling stems from a harassment and discrimination lawsuit Marina Stengart of Bergen County filed three years ago against Loving Care of Ridgefield Park. Stengart, then the executive director of nursing, sent her attorney eight e-mails from her company-loaned laptop about her issues with her superiors. Stengart used her Yahoo e-mail account. 'Under all of the circumstances, we find that Stengart could reasonably expect that e-mails she exchanged with her attorney on her personal, password-protected, web-based e-mail account, accessed on a company laptop, would remain private,' Chief Justice Stuart Rabner wrote in the decision, which upholds an appeals court’s ruling last year."

38 of 172 comments (clear)

  1. Still probably violates company policy by sjbe · · Score: 3, Insightful

    a company did not have the right to read emails from an employee's personal account even through the account was accessed on a company computer.

    I agree with the general principle - if someone doesn't use the company account there should be a reasonable expectation of privacy for a personal webmail account. However she still may be violating company policy about using work assets for personal affairs. The computer is owned by the company and they have every right to reprimand her for making the emails regardless of the content.

    1. Re:Still probably violates company policy by flaming+error · · Score: 3, Insightful

      > ... they have every right to reprimand her for
      > making the emails regardless of the content.

      Ok. But if what she did was wrong "regardless of the content", why did the employer have to read them?

    2. Re:Still probably violates company policy by Herkum01 · · Score: 5, Insightful

      The company does not have the right to read her personal mail either, but if she wrote it using a company pen or paper she may be violating company policy about using work assets for personal affairs... Or maybe the company phone, or maybe the rental car when she decided to stop at a store on a business trip, etc...

      The costs of the items involved, like a personal email, can be minimal to non-existent so it is not about money. These things are not being done in the companies name, so it is not about being a representative of the company. The person is probably an exempt employee, which means that the person is expected to do their job, whatever that is, not punch a clock. As long as the job is getting done, the so called time lost is irrelevant.

      These policies are rules made by busy bodies that feel a need to insert their nose into someone's business. That it involves "Company property" is just the excuse. Why these people believe that the companies rights are so superior to the individual is rather pathetic. Especially since the Constitution was really set up to protect the individuals right to privacy, that the government seems so willing to defer that right because a business is involved is very scary.

    3. Re:Still probably violates company policy by SlippyToad · · Score: 4, Insightful

      "However she still may be violating company policy about using work assets for personal affairs."

      Maybe. That's another can of worms. I use my personal computer to work from home. I'm expected to be available every few weeks for a week of "on-call" activity where work can intrude quite firmly into my home.

      The line between working at home and "homing" at work, to badly coin a phrase, is getting blurrier every year.

      And companies have a choice of either shutting people out of their personal lives completely for 8-10 hours a day (and getting the exact same shutout when those people go home) or learning to be modestly flexible. So far the trend is that companies are learning to bend just a bit.

      --
      One day I feel I'm ahead of the wheel / the next it's rolling over me / I can get back on / I can get back on
    4. Re:Still probably violates company policy by civilizedINTENSITY · · Score: 2, Insightful

      If company policy states that personal use is OK (as was the case according to TFA) then she wasn't violating company policy.

    5. Re:Still probably violates company policy by arbiter1 · · Score: 2, Insightful

      what if she used her private email to send email with sensitive company info to a competitor? They have the right to monitor all data sent over their networks and any computer they own.

    6. Re:Still probably violates company policy by Anonymous Coward · · Score: 2, Funny

      Why even add "over their networks and any computer they own"? She is an asset of the company, an inventory item. Why should she be expected to have any privacy at all? The company owns here as soon as she signed her work contract.

    7. Re:Still probably violates company policy by Anonymous Coward · · Score: 5, Insightful

      If you do something on someone else's property, they don't have a right to observe it?

      Like use their toilet?

    8. Re:Still probably violates company policy by plague3106 · · Score: 2, Insightful

      If I use your phone to make a private call, you do NOT have the right to listen in.

    9. Re:Still probably violates company policy by rsborg · · Score: 4, Interesting

      what if she used her private email to send email with sensitive company info to a competitor?

      What's stopping her from putting a file into her briefcase/backpack and taking it home and sending it there? What about thumbdrives or synched cell-phones (which allow file-storage)?

      Face it, unless the worker is in a secured area, the "need to monitor all traffic to prevent leaks" is borderline paranoiac. There needs to be an appropriate level of trust (this includes carrots and threats-of-sticks) for any worker to be productive.

      --
      Make sure everyone's vote counts: Verified Voting
    10. Re:Still probably violates company policy by TubeSteak · · Score: 4, Informative

      Ok. But if what she did was wrong "regardless of the content", why did the employer have to read them?

      Before she resigned, she was planning to sue the company.
      After she resigned and filed her lawsuit, the company went back and dug through her work laptop.
      Then the company lawyers quoted, to her, Yahoo e-mails between her and her lawyer...
      Which is how the whole thing turned into a clusterfuck.

      Unfortunately, this only sets a binding precedent in New Jersey (AFAIK).

      --
      [Fuck Beta]
      o0t!
    11. Re:Still probably violates company policy by AthanasiusKircher · · Score: 2, Interesting

      Especially since the Constitution was really set up to protect the individuals right to privacy, that the government seems so willing to defer that right because a business is involved is very scary.

      This demonstrates a remarkable misunderstanding of Constitutional law.

      First off, the issue here is not "privacy" per se, but rather the right to be secure against unreasonable searches. The Constitution (as other comments have noted) says nothing about "privacy" per se, but rather mentions only a few related rights. "Privacy," as a legal concept, was founded in Supreme Court jurisprudence of the 20th century to strike down laws outlawing birth control, abortions, sodomy, etc. The "right to privacy," as defined in those court cases (and which is not explicitly in the Constitution) has to do with some amorphous right to do what you want in your own private life, with your own body, etc. This is a related but separate issue from things like the Fourth Amendment, which protects you from unreasonable searches. In any case, this is only one of many issues in the Constitution, so the idea that "the Constitution was really set up to protect the individual[']s right to privacy" is simply wrong.

      Second, the right against unreasonable searches is a restriction on the powers of government, not of private individuals or entities. This is true of most "rights" granted by the Constitution in general. For example, you may have the right to "free speech" guaranteed by the Constitution, but if you choose to exercise that right in a way that annoys your boss, you can generally be fired. You can't be arrested by the government for exercising that right, but the limitations on the government's power has nothing to do with businesses. So, in a similar way, a company could have a policy requiring employees to undergo random searches periodically, random drug tests, etc. If the government did that, they would potentially be violating your Fourth Amendment rights against searches, but a private corporation is certainly allowed to search you in any way, as long as such searches don't subject you to harm or undue distress, aren't discriminatory, and particularly if you agreed to them as a condition of employment.

      So, the whole idea that the government is "deferring" rights to businesses is nonsense. Businesses often have little obligation to hold up any of your rights unless there are specific laws requiring them to. The Bill of Rights is generally about various restrictions on the powers of the government. Those "rights" only extend to private entities when there are laws explicitly saying so.

    12. Re:Still probably violates company policy by shentino · · Score: 2, Interesting

      And they should get smacked for that right there.

      There's something called attorney client privilege. If the company WILLFULLY breached that there should be some MAJOR league hell to pay.

  2. Soon To Be Overturned! by Nickodeemus · · Score: 3, Interesting

    The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company. Unless the company accessed her email account at Yahoo using this data, there doesn't seem to be an issue to me. Unfortunately, the article is sparse on the details. Only an idiot would think, in these times, that the things they do on their company PC or laptop would not be accisible by the company. Just because they issue you a system doesn't make that system yours - its theirs, including all its contents.

    1. Re:Soon To Be Overturned! by Stone+Rhino · · Score: 5, Insightful

      I could use company paper and company pens to write my letter, and mail it with a company stamp. I would be misusing company resources for personal business, but that doesn't give the company the right to read its contents. I could sit on the company toilet and use company water to take a shit, but that doesn't give them the right to watch. I could even be masturbating in there, misusing the time, and they still wouldn't have the right to monitor my activities. They would be in their rights to discipline an employee for taking long breaks and doing who knows what in the restroom, but they wouldn't be allowed to watch their employees to check just how they're spending their time in there. In this case, they can discipline her for misusing company resources, but can't violate the privacy that she has a reasonable expectation of.

      On a closer note, it's the same privacy standard as if she'd had the conversation with her lawyer on the company phone -- a misuse of resources, but not within their right to listen in.

      --


      Remember, there were no nuclear weapons before women were allowed to vote.
    2. Re:Soon To Be Overturned! by Reverberant · · Score: 4, Insightful

      The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company

      How far do we take this logic? Does the company have a right to search an employee's pocketbook because it's sitting in a company-owned office? Can the company take samples of an employee's lunch for drug testing (or health insurance purposes_ because it's sitting in a company-owned refrigerator, powered by company-paid-for electricity? Can a company search an employee's car because it's sitting on a company-owned parking lot?

    3. Re:Soon To Be Overturned! by Zumbs · · Score: 3, Insightful

      The data exists on the company's computers, likely passed through their network and servers, and because of these things they are legally accesible by the company. Unless the company accessed her email account at Yahoo using this data, there doesn't seem to be an issue to me.

      From that logic, it follows that if you send a letter by snailmail, where the letter exist in the offices of the postal service, the postal service workers have the right to open and read your letter. In my opinion, my employers have no more right to read my personal email than a postal worker has reading my letters. Usage of company email may be a gray zone, but my personal email account is not. They may argue that I sent a mail during work hours and fire me for that (if it is against company policy), but that is something very, very different.

      --
      The truth may be out there, but lies are inside your head
    4. Re:Soon To Be Overturned! by idontgno · · Score: 3, Insightful

      Company owned property (parking lot, refrigerator, network) which contains non-company-owned property (employee's car, employee's lunch, employee's email). The analogy is perfect.

      --
      Welcome to the Panopticon. Used to be a prison, now it's your home.
    5. Re:Soon To Be Overturned! by Jah-Wren+Ryel · · Score: 4, Informative

      On a closer note, it's the same privacy standard as if she'd had the conversation with her lawyer on the company phone

      I'm too lazy to get you a citation, but the "lawyer" half isn't necessary - the courts long ago ruled that an employer can not snoop on her phone calls to ANYONE even if she is using a company phone.

      --
      When information is power, privacy is freedom.
    6. Re:Soon To Be Overturned! by civilizedINTENSITY · · Score: 2, Insightful

      And thus all the arguments regarding "they own the hardware, they can do whatever they want" fail.

    7. Re:Soon To Be Overturned! by pixelpusher220 · · Score: 2, Informative

      Are they prohibited from listening to personal calls made on a company phone?

      Linky

      "An important exception is made for personal calls. Under federal case law, when an employer realizes the call is personal, he or she must immediately stop monitoring the call. (Watkins v. L.M. Berry & Co., 704 F.2d 577, 583 (11th Cir. 1983)) However, when employees are told not to make personal calls from specified business phones, the employee then takes the risk that calls on those phones may be monitored."

      So if they tell you not to do it, they can monitor if you make calls. Decidedly a gray area me thinks which means, yes they can.

      --
      People in cars cause accidents....accidents in cars cause people :-D
    8. Re:Soon To Be Overturned! by Anonymous Coward · · Score: 2, Informative

      True, but there is no reasonable expectation of privacy in the workplace, only misguided ignorance and stupidity.

      (Glances at the discussion title...)

      It appears that you are mistaken, at least according to the Supreme Court of New Jersey, and I think they know more about following the precedents than you do.

  3. Re:Course the government could just ask to see it. by demonlapin · · Score: 2, Informative

    This is her company, not the government.

  4. Reading not required by sjbe · · Score: 2, Insightful

    But if what she did was wrong "regardless of the content", why did the employer have to read them?

    They didn't. That was just stupid on their part - at least according to the judge. Unless they didn't have their usage policies written out (also stupid) they could have fired her, without reading the content, for violating corporate policy on acceptable use of company assets.

  5. Expectations of privacy by sjbe · · Score: 5, Insightful

    A person has no reason to expect anonymity on a computer or network that is not their own.

    That's rather like saying you have no reason to expect privacy because you rent an apartment instead of owning a house. You send letters through the postal service which is a network you don't own either but you still have an expectation of privacy in many cases. I'm not sure the logic of your argument is on solid footing there.

    I agree that she was probably naive in assuming that the company couldn't read her correspondence. Many people assume email is much more private than it actually is. Ignorant but probably nothing worse.

    1. Re:Expectations of privacy by icebraining · · Score: 2, Insightful

      Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.

      They can say what they want. Doesn't mean it's legal.

      --
      Dilbert RSS feed
  6. Re:Narrow interpretation by TubeSteak · · Score: 5, Informative

    MARINA STENGART v. LOVING CARE AGENCY, INC., [and others]
    http://www.employerlawreport.com/uploads/file/Steingart%20v_%20Loving%20Care.pdf

    As part of the employment relationship, the company
    provided plaintiff with a laptop computer and a work email
    address. Prior to her resignation, plaintiff communicated with
    her attorneys    , Budd Larner, P.C., by email. These communications
    pertained to plaintiff's anticipated suit against the company    ,
    and were sent from plaintiff's work-issued laptop but through
    her personal, web-based, password-protected Yahoo email account.
    After plaintiff filed suit, the company extracted and
    created a forensic image of the hard drive     from plaintiff's
    [New Page]
    computer. In reviewing plaintiff's Internet browsing history,
    an attorney at Sills Cummis     discovered and, as he later
    certified, "read numerous communications between [plaintiff] and
    her attorney from the time period prior to her resignation from
    employment with [the company]."     Sills Cummis did not advise
    Budd Larner that the image extracted from the hard drive
    included these communications.

    Many months later, in answering plaintiff's
    interrogatories, the company referenced and included some of
    plaintiff's emails with her attorneys    .

    That sounds like the type of shit that should get the company lawyer disbarred.
    Reading the facts of the case, I'm not at all surprised the Judge ruled the way he did.

    --
    [Fuck Beta]
    o0t!
  7. Court said she didn't violate the company policy by Anonymous Coward · · Score: 5, Informative

    The company did have their usage policies written out and the court noted that they explicitly said "occasional personal use is permitted."

    So she didn't violate the company's acceptable use policy.

    If the company policy had said that personal use is never permitted, the court might well have ruled differently.

  8. Re:Networks and proxies and firewalls oh my by jjoelc · · Score: 3, Insightful

    Instead, the court should have asked: if Stengart had left a written letter to her attorney in her desk when she left Loving Care, could Loving Care have used that letter in preperation for court cases?

    Actually, if the letter was still in a sealed, addressed envelope... Then she could reasonably expect that the company would not be able to open it and read the contents, much less use anything they read in court. If the letter was NOT sealed it would be a different story.

    IANAL, but I would think that the correlation of sealed envelope -> password protected personal email account would be an easy one to make.

  9. Re:Networks and proxies and firewalls oh my by MontyApollo · · Score: 2, Insightful

    From reading the article, it looks like it has nothing to do with networks and proxies and firewalls (oh my). They scanned her hard-drive and probably found them in the browser cache. Since it was a laptop, it entirely possible, if not likely, that she emailed her attorneys from home using her own network.

  10. REASONABLE privacy by sjbe · · Score: 2, Insightful

    Flawed analogy. When you send your postal mail, you contracted with the postal service that they won't open your letter.

    All analogies are flawed. Doesn't mean they are useless. To address your criticism however, you missed the point of my analogy which is that just because you don't own a network does not mean you have no expectation of privacy at any time. It's just not that simple.

    Most corps that I know/heard of pretty much explicitly state they they can and will monitor their network.

    That's a FAR different thing from saying the corporations have a right to monitor anything they want without limitation. Companies generally don't have a right to install a camera to watch me take a crap. It violates the principle of reasonableness. There are limits to how intrusive monitoring can get. This ruling says that this company violated one of those limits.

  11. Re:l2federalism by Attila+Dimedici · · Score: 2, Insightful

    Actually, other state courts are likely to follow this precedent for two reasons. One, it applied to attorney-client communication (judges are lawyers, as such they tend to favor rulings that protect lawyers). Two, it appears to be a carefully worded and reasoned ruling with a fairly specific, limited scope (judges are human, as such if there is an easy way to make a ruling that they can do by little more than cut and paste, they will).
    As my second point notes this is a narrow ruling, as such even if it does influence courts in other states that influence is likely to be limited to very similar cases. Ultimately, the primary result of this ruling will be a re-wording of company policies to allow them to do what this company did.

    --
    The truth is that all men having power ought to be mistrusted. James Madison
  12. Re:Companies are easier to regulate than governmen by Thinboy00 · · Score: 4, Insightful

    First of all there is NOTHING in the Constitution explicitly protecting privacy. Nothing. Everything relating to privacy in the Constitution has been inferred. Go ahead and read it. You won't find the word privacy or anything like it mentioned even once.

    The fourth and ninth amendments taken together. See also the fourteenth.

    --
    $ make available
  13. what you CAN do vs. what you are ALLOWED to do by civilizedINTENSITY · · Score: 3, Insightful

    If she left a sealed, stamped letter to her lawyer I would expect them NOT to open it. If she talked to her lawyer and the company overheard the conversation, I would expect their knowledge gained to be like unto "fruit of the poisoned tree", and disallowed. There is a big difference between what you CAN do and what you are ALLOWED to do. People who do what isn't ALLOWED because they realize they CAN, in a country under the rule of law, should expect to be punished when they are caught.

  14. Re:Companies are easier to regulate than governmen by Anonymous Coward · · Score: 2, Interesting

    When I read the Constitution I found this section called the Fourth Amendment. This is what is said:

    Amendment 4 - Search and Seizure.

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

    I think reading private, off-site, email that is completely separate from work with a password you found cached in work equipment is a violation the "security" of the person in the story. I find that "right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures" and privacy regarding a person's home and private correspondence to be synonymous. The article mentions no potato but it does say a thing or to about potato. (The words "potato" and "potato" should be treated as phonetically different in the previous sentence and may alternately, at your pleasure, both be replaced in whole by the two words "tomato" and "tomato")

    For instance, if you leave a spare house key in your desk drawer (which is using work equipment for personal use again) can management take it an go looking through your underwear drawer?

  15. Re:Companies are easier to regulate than governmen by corbettw · · Score: 2, Insightful

    Can't forget the tenth. If it's not spelled out in the Constitution, the Federal government doesn't have it. Since there is no Amendment saying the government can poke its nose into your business, you still have your privacy with which you were born.

    --
    God invented whiskey so the Irish would not rule the world.
  16. Re:Companies are easier to regulate than governmen by plague3106 · · Score: 3, Informative

    Since Federal law always trumps state law, you're wrong. A State can no more restrict my freedom of speech any more than the Feds could.

  17. Re:Companies are easier to regulate than governmen by whoever57 · · Score: 2, Interesting

    Since Federal law always trumps state law, you're wrong.

    Have you actually read the first amendment? It says that Congress shall not... it says nothing about states rights. The SCOTUS decided some time back that it would be unconcionable for states to restrict some rights and hence the first amendment applies to states also. Other amendments provided the rationale for this decision.

    Why is this distinction important? Well, what about gun rights? the SCOTUS has not yet decided if gun rights can be restricted at the state level. It's not so clear that all the rights enumerated in the bill of rights cannot be restricted by the states.

    --
    The real "Libtards" are the Libertarians!