Employees’ Information on Work Computers Not Protected

Employment Law: Under New Jersey law, an employee does not have a reasonable expectation of privacy in the content stored on his work computer. This is true notwithstanding the fact that the employee may have created confidential passwords to preclude third parties from accessing the computer. This was the ruling of the New Jersey Appellate Division in the August 2008 decision in State v. M.A., 402 N.J. Super 353 (App. Div. 2008).

In State v. M.A., during the course of working as a bookkeeper, the defendant employee stole money from his employer company. Upon the employer discovering the employee’s theft, the employee was terminated. Subsequently, the employer reported the theft to the police and consented to the search of the employee’s work computers to obtain evidence of the employee’s theft. The employee was subsequently prosecuted. At trial, the employee sought to suppress the information obtained from the computers on the basis that the search of the computers without his permission was impermissible. Specifically, the employee asserted that he had a reasonable expectation of privacy in this information because he had, among other things, created confidential passwords precluding access from third parties.

The Appellate Division, however, found that the search of the employee’s work computers was valid because the employer, in its capacity as owner of the computers, consented to the search. The Court noted that the employee never requested that the computers be provided to him. Therefore, even if he had tried to claim an ownership interest in them, the Court determined that the employee had abandoned them. Accordingly, he no longer retained any reasonable expectation of privacy in them. Again, this was despite the fact that the employee had tried to block third party access. In other words, setting up passwords and other obstacles may be insufficient to establish a privacy invasion.

So employees beware of what you store on your workplace computers. Regardless of what passwords and other security initiatives you take to preclude access of any information stored on the computers, the consent of the employer may be all that is necessary for a search to be conducted with respect to these computers.

Moreover, employers should also take this as a reminder to clearly articulate employee’s privacy expectations. It is strongly recommended the company’s adopt an employee manual or other policy document that clearly states that employees should not expect to have any privacy rights in their workplace computers, other company equipment or otherwise. While these Court here did not require such a policy statement required to allow the “invasion,” it would certainly be a useful weapon in an employer’s arsenal. In other words, such a policy would help to make it clear that any purported employee expectation of privacy was unreasonable because of the employer’s clear statements to the contrary.

Comments/Questions: ljm@gdnlaw.com

© 2008 Nissenbaum Law Group, LLC