Does your email policy still protect you?
Although they aren't binding in the UK, employers can often learn a great deal from watching how the USA courts interpret matters. A recent case in New Jersey demonstrates exactly why it is so vitally important for employers set out clear policies for personal email and internet usage.
Marina Stengart, was employed as a nursing manager by the Loving Care Agency Inc, one of the leading providers of home care nursing and health services in the US. In the course of employment, Loving Care provided her with a laptop to use in her work duties. Ms Stengart subsequently used that laptop to communicate with her lawyer, through her personal, password protected, web-based Yahoo e-mail account.
Ms Stengart then left her employment with Loving Care and brought a claim against her employer for constructive dismissal, citing a hostile work environment as well as claiming bullying and harassment based on gender, religion, and national origin.
In preparing their defence to the action, Loving Care hired a computer forensic expert to recover all files stored on the hard drive of the laptop, including the personal e-mails from and to Ms Stengart's Yahoo account. They then attempted to use the information contained within the e-mails to support their defence. Ms Stengart's lawyer demanded the return of these communications, which he considered to be confidential.
This raised a question… could an employee expect privacy and confidentiality in personal e-mails to and from a solicitor, which were sent from and accessed using a computer belonging to an employer.
Despite Loving Care's e-mail use policy stating that occasional personal use was permitted, it was held that the policy was vague and did not address personal e-mail accounts at all. The policy did not warn employees that the contents of e-mails from personal e-mail accounts could be stored on the hard drive and could be forensically retrieved. Accordingly, it was held that Ms Stengart, "could reasonably expect that email communications with her lawyer through her personal account would remain private, and that sending and receiving them via a company laptop did not eliminate the attorney-client privilege that protected them. By reading e-mails that were at least arguably privileged and failing to notify Stengart promptly about them, Loving Care's counsel breached RPC 4.4(b)." [In the USA RPC 4.4 provides for the respect of rights of third parties].
Employers in the UK should take note and ensure that their email and internet use policies are clearly and accurately drafted and up to date. It is important to remember, that as technology develops policies should also include guidance on the use of blackberries, PDAs and mobile phones. Employees should ensure that they are aware of exactly what they are, and are not, permitted to do in terms of such policies.
by Alex Lyttle