A new development in New Jersey based on Stengart precedent.

When Is An Employer Permitted To Monitor and Review An Employee’s Internet Activity and Usage?

On March 10, 20108, Marc Liebeskind began working at Rutgers Facilities Business Administration Department.  By March 28 of that year, Liebeskind was terminated for lacking the basic skill set needed to perform his job in addition to having a poor attitude while on the job. Liebeskind’s supervisors had suspected he was spending an unreasonable amount of time on non-work related activities on his work computer. Having doubts about Liebeskind’s work performance, his supervisors reviewed the browsing history on Liebeskind’s computer by using an application called IEHistoryView. It is important to note that this search only entailed browsing history, and there is no evidence that Liebeskind’s supervisors were granted any access to his personal or password-protected information and accounts.

After his termination, Liebeskind filed suit against Rutgers University and his supervisors, claiming invasion of privacy, among other claims. On appeal, the New Jersey Superior Court Appellate Division affirmed the lower court’s ruling, which ruling struck down all claims that Liebeskind’s privacy was violated as a result of his supervisors’ investigating the browser history on his computer.

The appellate court referenced the New Jersey Supreme Court’s Stengart ruling, which had set the precedent for an employer’s right to monitor employee Internet activity and usage. Closely followed in previous eLessons Learned posts, the 2010 Stengart ruling held that an employee’s email communication with her attorney, using a company-issued computer, but via a personal, password-protected email account was held to be protected by the attorney-client privilege. However, the court’s decision to uphold Stengart’s privacy was not intended to forbid employers from monitoring employees’ actions on company-issued computers or devices in the future. In Stengart, New Jersey’s highest court stated: “Companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies.”

As noted in Liebeskind, Rutgers’ “Acceptable Use Policy for Computing and Information Technology Resources” was in effect during the time of Liebeskind’s employment. This policy expressly stated that an employee’s privacy “may be superseded by the University’s requirement to protect the integrity of information technology resources, the rights of all users and the property of the University.” Additionally, Rutgers University “[r]eserve[d] the right to examine material stored on or transmitted through its facilities.”

Unlike the findings in Stengart, the court established that Liebeskind did not have a “reasonable expectation of privacy.” In addition, the court agreed that Rutgers had a “legitimate interest in monitoring and regulating plaintiff’s workplace computer.”

All companies can learn from this case and the policies in place at Rutgers that protected its right to monitor and search an employee’s computer. One of the most important lessons to be learned here is the need for a written internet usage policy. At the very least, these written policies should mandate that employees are expected to use the Internet and their work issued computers for work related activities only. Additionally, the possible disciplinary actions for any violation of this policy should be made available to employees.

As seen in in this case, the existence of an internet usage policy and the reserved right of a company to monitor its employee’s Internet activity is the key to eliminate an employee’s reasonable expectation of privacy.

Comments (3):

  1. It was not unreasonable for the Liebeskind Court to hold that the Plaintiff did not have a reasonable expectation of privacy in his work computer’s browser’s history. It is very easy for employees to slack off on the internet while at work without the employer realizing. Companies should be allowed to monitor employees’ internet activity. That being sad, an employee should be entitled to some reasonable downtime on the internet while at work.

  2. I wonder the extent Liebeskind cited supporting case law because it seems like this was a pretty clear decision for both courts to make. Moreover, the decision was so clear that the trial court granted summary judgment that was upheld on de novo review.

    That aside, you might have put too much emphasis on the written policies. To quote the court (citations omitted), “employers are given ‘wide latitude’ to enter their employees’ offices for work-related, non-investigatory reasons as well as for purposes of investigating work-related misconduct.” While the policy was later discussed as giving the plaintiff no expectation of privacy, it did not appear to be crucial to the court’s holding. What would be a significant issue, however, is if a policy gave employees an expectation of privacy. I would think such a scenario could cause courts to rule the other way, at least on summary judgment.

  3. The state courts got this case entirely wrong. An absolute misstatement of the facts. What the courts left out, was what the policy actual said, which was that there first had to be a suspicion of a violation of the policy before a reasonable expectation of privacy “might” be superseded. The courts left that important point out. In this case, there was no policy violation nor did the employer allege any policy violation or that I wasn’t doing my work. Moreover, the policy was never distributed to the employees, so there was no actual notice of it. Flies in the face of Stengart. The cases that talk about computer-related privacy require actual notice and a description of what will be subject to inspection.

Leave a Reply

  • Find an eLesson

  • Register for Post Notifications

    Subscribe to receive updates whenever a new eLesson is published.

    Manage Subscriptions
  • Let Us Blog Your Event!

    eLessons Learned is fast becoming the site of choice for employers, employees, judges, lawyers, and journalists who are interested in learning more about these areas without being intimidated by the complexity of the topic. In fact, organizations and event coordinators often feature eLessons Learned as their official eDiscovery blog. Fill out our simple registration form to have eLessons Learned be the official blog of your organization or event.

    Register Now
  • Recent Praise

    The blog takes a clever approach to [e-discovery]. Each post discusses an e-discovery case that involves an e-discovery mishap, generally by a company employee. It discusses the conduct that constituted the mishap and then offers its ‘e-lesson’ — a suggestion on how to learn from the mistake and avoid it happening to you.

    Robert Ambrogi

    Legal Tech Blogger and creator of LawSites

    Although I may have missed some, yours is the first article that I have seen addressing Zubulake II. It is often the lost opinion amongst the others.

    Laura A. Zubulake

    Plaintiff, Zubulake v. UBS Warburg

    Click here to see more.