New Jersey employment law generally recognizes that employees have a limited right to privacy in the workplace, including in their digital life. However, a recent federal appellate decision limited the reach of employee privacy. It is an unpublished decision, and therefore not binding. However, it is a troubling outcome.
The New Jersey Supreme Court Finds Employees Have Privacy Rights
People generally have a right to privacy which they do not lose when entering the work force. The New Jersey Supreme Court explained in the 1992 case of Hennessey v. Coastal Eagle Point Oil Co. that the source of this right in New Jersey Employment law comes from the New Jersey Constitution and the common law. However, in that same case, the Supreme Court ruled that the right to privacy in the workplace is not absolute, and may yield to legitimate public policy concerns such as public and employee safety.
In that case the New Jersey Supreme Court held that even though a urinalysis is invasive and intrudes on an employee’s privacy, it was permissible when testing for drug use by employees with dangerous jobs.
Employee Privacy in the Digital World Under New Jersey Employment Law
After Hennessey, in 2010, in the case of Stengart v. Loving Care Agency, Inc., the New Jersey Supreme Court held that an employee could have a reasonable expectation of privacy in her private emails. Even though she accessed them on a company computer. In that case emails with her attorney on her own personal, password protected, web-based email account on a work computer. The court ruled that employee’s right to privacy barred her employee from reading them. However, the court held that this right is not unlimited. The Supreme Court explained,
Our conclusion that Stengart had an expectation of privacy in e-mails with her lawyer does not mean that employers cannot monitor or regulate the use of workplace computers. Companies can adopt lawful policies relating to computer use to protect the assets, reputation, and productivity of a business and to ensure compliance with legitimate corporate policies. And employers can enforce such policies. They may discipline employees and, when appropriate, terminate them, for violating proper workplace rules that are not inconsistent with a clear mandate of public policy. For example, an employee who spends long stretches of the workday getting personal, confidential legal advice from a private lawyer may be disciplined for violating a policy permitting only occasional personal use of the Internet. But employers have no need or basis to read the specific contents of personal, privileged, attorney-client communications in order to enforce corporate policy.
Indeed, on another case, the Appellate Division of New Jersey’s Superior Court ruled that not only can employers monitor employees’ email accounts, if they find that the employee is accessing pornography they have a duty to investigate, and if it turns out that the employee was or may have been accessing child pornography the employer had a duty to either terminate the employee or report the access to law enforcement.
In 2013 the New Jersey Legislature made it illegal for an employer to “require or request a current or prospective employee to provide or disclose any user name or password, or in any way provide the employer access to, a personal account through an electronic communications device.” This includes social media accounts. Likewise, employers may not retaliate or discriminate against anyone who refuses to allow the access to their accounts.
Two other laws also limit employer access to employee emails, the Federal Electronic Communications Privacy Act of 1986, and the New Jersey Wiretapping and Electronic Surveillance Control Act. These acts make it illegal for third parties to get access to email without consent of the users. These laws contain two exceptions, however. The first is for inspections done in the normal course of business for business purposes or to protect the employer’s rights or property. The second exempts access to emails when consented to by one of the parties to the communication. Thus, a well-written policy could possibly negate these laws’ reach.
A Crack in Employee Privacy
The United States Court of Appeals for the Third Circuit (which hears appeals from the Federal District Courts in New Jersey, Delaware, Pennsylvania and the Virgin Islands) recently issued a decision in the case of Scherer Design Group, LLC v. Ahead Engineering, LLC, et al., interpreting New Jersey’s employment laws on employee digital privacy rights. Although an unpublished case, it signals a troubling departure from New Jersey’s legal framework.
In that case several employees left their employer, and several of the original firm’s clients followed the departing employees who created a new and competing business. Litigation ensued, and the original employer sought an injunction barring the new company from doing business with the original firm’s customers. The original firm based this claim on the allegation that the employee’s were plotting to compete with their employer, and actually taking steps to do so, while still employed. They based this on intercepted electronic communications.
The employer obtained not just work emails while the employee’s were employed. After the employees left, they hired an IT consultant who installed software which allowed the original employer to access the employees’ personal email and social media passwords from cache, and allowed the employer to monitor the employees’ Facebook, and messaging accounts without detection for a considerable period of time after the employees left the firm. The company had no policy in which it stated that it retained the right to review personal communications of any kind on company computers.
The former employees objected to the use of these communications under the “unclean hands” doctrine, because they were obtained in violation of the employees’ privacy rights. However, the Court rejected the former employees’ argument because it was negated by their own breach of their duty to their former employer while they were still employed. The Court refused to even reach the violation of New Jersey’s privacy law. Judge Ambro vigorously dissented based on the violations New Jersey privacy law.
- While the Scherer Design Group opinion was non-precedential, as the highest federal court reviewing New Jersey’s courts except for the United States Supreme Court, the Third Circuit’s decisions – even unpublished ones – carry weight. Therefore, employees should assume that anything they do on a company computer could be monitored.
- However, the New Jersey cases clearly showed that New Jersey courts favor an employee’s right to privacy while allowing exceptions to apply. Therefore, employers should have a clear policy stating that they maintain the right to review everything done by employees on the company’s systems, including personal emails, and that the employee agrees to such terms as a condition of employment. The employee should sign for acknowledging and agreeing to the policy.
- However, what the employer did in the Scherer Design Group case was wrong under any case, and could lead to civil and possibly even criminal consequences. Do not monitor employees’ personal accounts – particularly after they have left employment.
- That being said, should a former employee access their former employee’s computer systems after they left, the employer would certainly be within its rights to see who was getting into its computer systems and what they were doing. Moreover, there is nothing preventing an employee looking to see what current and past employees have done on company email and with company files. Indeed, in many cases they would have a legal duty to safeguard their customers’ and employees’ information.
Our employment lawyers represent employers and employees in all aspects of New Jersey employment law. Call us at (973) 890-0004 or fill out the contact form on the right to set up a consultation with one of our attorneys.