e-Lesson Learned: Simply instituting an anti-privacy policy is not enough to monitor employee communications. Employers need to ensure that its managers and supervisors are strictly enforcing the anti-privacy policy and not sending contradictory messages.
Is having an anti-privacy policy enough to monitor employer-issued Blackberries® and laptops?
According to the 9th circuit, the answer is a NO!
In Quon v. Arch Wireless Operating Co., 529 F.3d 892 (9th Cir. 2008), the City of Ontario Police Department (“OPD”) had a formal policy governing city-owned computers and associated equipment that limited its use to City related business. It also warned that the users should have no expectation of privacy or confidentiality when using these resources. When the OPD issued pagers to its employees, it clarified that the policy also applied to the use of pagers. Under the OPD’s contract with its service provider, each pager was allotted 25,000 characters, after which it incurred overage charges.
Quon’s supervisor informally allowed employees to pay for their overages thereby avoiding the need to audit the messages. Accordingly, employees paid their share when they exceeded the character limit and avoided an audit. Quon’s repeated overages, however, frustrated the supervisor, who pursuant to the formal policy requested an audit to determine if the exceedances were due to city related business. The audit revealed that many of the messages were personal in nature and often sexually explicit. It also revealed that at least in one instance the pagers were used to undermine a narcotics investigation. Continue reading »
Bridgewater, NJ (April 23, 2010) – Fernando Pinguelo, a Member of Norris McLaughlin & Marcus, P.A., appeared as a guest on Fox News Channel’s live web show, The Strategy Room, hosted by Kimberly Guilfolye. Pinguelo was interviewed about today’s headlines featuring internet abuse, including the Security and Exchange Commission Office of Inspector General’s 5-year investigation that revealed SEC employees and contractors visiting porn sites and viewing sexually explicit pictures using government computers. Ms. Guilfoyle’s guests today also included Richard “Bo” Dietl and Dr. Kathryn Smerling.
The Strategy Room airs weekdays from 9 a.m. to 5 p.m. ET for a discussion of the day’s top stories, plus a variety of hour-long shows on topics like business, health, technology, and entertainment.
“Casual use of the internet in the workplace is on the rise. With up-to-the-minute Facebook statuses and Twitter ‘tweets,’ the use of company time for personal internet use has become common place. This has become so common that it is obvious employees don’t realize their actions can be tracked and saved. This new breaking story testifies to the fact that many workers don’t realize the implications of their actions online,” said Pinguelo.
Often I am asked if certain arrangements and deals are enforceable without a written contract. Sometimes, I am asked that question with a little bit of layman lawyering as to whether the so called “statute of frauds” (this is an ancient statute that essentially says certain classes of contracts) can cut off a contract claim. First, let me say that the law is blind, but not dumb. If there was a real arrangement oral or otherwise, rarely will a court will simply tell the plaintiff that he/she is without a paddle.
e-Lesson Learned: Attorney-client communications made via personal, password-protected web-based email accounts are still privileged, even if accessed via a company-supplied computer – at least in New Jersey!
The New Jersey Supreme Court has a long history of affording New Jersey citizens broader privacy protection rights than those offered by the federal government. For example, the New Jersey Supreme Court has held that citizens have a reasonable expectation of privacy in their bank account records, in their garbage, and in the personal information linked to their IP addresses. Thus, when the question of whether an employee who uses a company computer to access e-mail communications between her and her attorney maintains the confidentiality of those communications, it was no surprise that the Court held that the act of an employee who accesses her attorney-client communications via a company laptop does not destroy the privilege.
Citation: Stengart v. Loving Care Agency, Inc., Docket No. BER-L-858-08 (slip opinion) (N.J. Super. Ct. L. Div. Feb. 5, 2009)
Employee/Employer Implicated: Employees and Employers Alike
e-Lesson Learned: (Coming as soon as the Supremes rule on the issue of whether this employee had a reasonable expectation of privacy in emails between the employee and her lawyer, sent and received (during work hours) using the employer’s computer and IT systems
e-Lesson Learned: Don't post potentially incriminating statements or photographs on publicly available websites, especially if they are directly traceable back to you.
All content that you put on the internet, whether you think it is private or not, is out in the open and can be accessed by anyone. Think about some of things you may have on your MySpace or Facebook pages, or may have posted on your blog or might have tweeted. Do you want your boss or the police or the courts to see them? If not, you’d be wise to avoid posting anything that could expose you to the wrath of authorities.
In Clark v. State, police and prosecutors used statements on Ian Clark’s MySpace page to help convict him of first-degree murder. Granted, your dirty little secrets probably won’t end up as badly as Ian Clark’s, but why take any chances?
Employee/Employer Implicated: Employees and Employers Alike
e-Lesson Learned: Coming as soon as the Supremes rules on the issue of whether this employee had a reasonable expectation of privacy in emails between the employee and her lawyer sent and received (during work hours) using the employer’s computer and IT systems
So what is all the fuss about Stengart v. Loving Care Agency, Inc. et al.? Why are eDiscovelebrities and employment lawyers alike watching the case so closely? Why should YOU be watching?Privacy! (And eDiscovery, of course)
“It” (Stengart, the fuss, the Supreme Court of New Jersey, this post, all this blog attention) all boils down to whether this employee had a reasonable expectation of privacy in emails between the employee and her lawyer sent and received (during work hours) using the employer’s computer and IT systems.
According to the trial court, Stengart did not have a reasonable expectation of privacy and the emails were properly retrieved and used by the employer and its lawyers in defense of the lawsuit. According to the appeals court, not only did she (have a reasonable expectation of privacy), but also the appeals court took issue with the way the company lawyers handled the situation and queried whether the lawyers acted inappropriately when they retrieved and used these emails – and whether they should be sanctioned and/or thrown off the case. Ouch!
Protecting your privacy starts with you! When sending an email, keep in mind where you are sending it from – it may not be as private as you may think (or expect). In Leor v. Aguiar, the court found that the CEO had no reasonable expectation of privacy in emails he transmitted through his employer’s server, thus, he could not meet the burden necessary to establish attorney-client privilege in an email he sent to his attorney from work, resulting in the e-mail losing protection from disclosure. CompareStengart v. Loving Care Agency, Inc., New Jersey Superior Court, docket no. BER-L-858-08 (similar holding) withStengart v. Loving Care Agency, Inc., 408 N.J. Super. 54 (App. Div. 2009) (reversing trial court and finding no waiver of privilege) (certification granted by the New Jersey Supreme Court and decision pending).
The court iterated that whether an employee had a reasonable expectation of privacy in his/her emails transmitted through an employer’s server should be determined on a “case-by-case basis.”
Increasingly, our society devotes a lot of time and energy to the use of smartphones. Whether it is a BlackBerry or an iPhone, it is the craze, and many now feel that they need to access their emails from the palm of their hands. And the corporate world is no different. Executives spend as much time focusing on the best ways to read emails, send and receive instant messages, and access the Web as the rest of us.
However, executives (and the corporations they work for) who use company intranets, also need to worry about the possibility of unintentional data distribution — meaning they should concern themselves with the fact that confidential information may be disseminated unintentionally or unexpectedly to the public. Continue reading »
Employee/Employer Implicated: Employees and Employers Alike
e-Lesson Learned: (Coming as soon as the Supremes rule on the issue of whether this employee had a reasonable expectation of privacy in emails between the employee and her lawyer, sent and received (during work hours) using the employer’s computer and IT systems
Earlier we reported that a New Jersey state trial court found that a former employee waived the attorney-client privilege when she decided to use company time, equipment, and resources to communicate with her lawyer (see Stengart v. Loving Care). Recently, an appellate court reversed that ruling and framed the issue “whether workplace regulations converted an employee’s emails with her attorney” sent through the employee’s personal, password-protected, web-based email account, but via her employer’s computer “into the employer’s property.”
Plaintiff had argued that the company failed to demonstrate that it had ever adopted or distributed the policy in question, that she was unaware that the policy applied to her, and even if the policy did exist, the company had not previously enforced it. The company argued that it had disseminated the policy, and that the policy did apply to the plaintiff. The appellate court determined that issues of material fact existed as to whether the policy at issue was in place and disseminated at the time of plaintiff’s employment and as to whether the policy applied to plaintiff; and that these issues could not be resolved by the trial judge without a hearing on the matter.
e-Lessons Learned is fast becoming the site of choice for employers, employees, judges, lawyers, and journalists who are interested in learning more about these areas without being intimidated by the complexity of the topic.In fact, organizations and event coordinators often feature e-Lessons Learned as their official e-discovery blog.To register e-Lessons Learned as the official blog of your organization or event, click here.
“The blog takes a clever approach to [e-discovery]. Each post discusses an e-discovery case that involves an e-discovery mishap, generally by a company employee. It discusses the conduct that constituted the mishap and then offers its ‘e-lesson’ — a suggestion on how to learn from the mistake and avoid it happening to you.”
-- Robert Ambrogi, Legal Tech Blogger and creator of LawSites
"Although I may have missed some, yours is the first article that I have seen addressing Zubulake II. It is often the lost opinion amongst the others."
120 Comments | 
More... | 
Permalink
Tagged as: Accessibility, Discoverability, Privacy
