The answer is, in some situations, they cannot! March 30, 2010, the New Jersey Supreme Court, in a highly-anticipated decision, held that e-mails from an employee’s personal, password-protected account to her attorney that were sent from and saved on a company-issued laptop were protected by the attorney-client privilege, even though the employer had a policy warning that Internet communications were not private. While the Supreme Court’s unanimous decision in Stengart v. Loving Care Agency, Inc. was primarily based upon its concern for the protection of attorney-client communications, companies will be particularly interested in the Court’s treatment of the conflict between their right to monitor employee activities on their computer systems and employees’ privacy interests. By recognizing that employees have a reasonable expectation of privacy in certain online activities, the Court has established that there are limits to companies’ control over their own computer networks. While the decision provides some guidance to employers (particularly about how Internet policies should be worded), it also raises questions about how courts will decide similar disputes that do not involve attorney-client communications.

• Although the decision recognized that employers can adopt computer use policies, the Court found this policy lacking because employees were not effectively informed that these types of e-mails were company property nor explicitly warned that the contents of personal e-mails were stored on a computer’s hard drive and could be retrieved.
• The Court also found that even if the company’s policy had put Stengart on sufficient notice that the e-mails were company property, employers do not have a basis “to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy.”

What remains to be seen is whether courts will use the Stengart decision to protect other putatively private employee activities on company computer systems. In the wake of this decision, employers should be careful to ensure that their investigations into employees’ activities on company computers are tied to a legitimate business interest. In addition, employers would be well-served to make sure that their computer use policies expressly reserve the right to investigate all employee activities and information on their computers and networks, including personal e-mail and social networking accounts. Such policies should also notify employees that all Internet and e-mail use, personal or professional, is saved and can be retrieved by the company, and that the employer may retrieve and monitor the content of both personal and business communications. Finally, if an employer chooses to permit the personal use of its computer and communications systems, it should expressly limit such use to occasional or casual non-business use.