Employers in New Jersey generally can monitor emails sent on company computers if they provide clear policies notifying employees of no expectation of privacy, but privileges like attorney-client communications remain protected. The New Jersey Data Privacy Act (NJDPA), effective January 2025, imposes data handling obligations on businesses but exempts employment records from its consumer protections. Additional laws require transparency for employee monitoring and restrict access to personal accounts.​
Email Monitoring Rules
New Jersey courts, in cases like Stengart v. Loving Care Agency (2010), ruled that employers cannot read personal attorney-client emails stored on company devices, even with broad policies, as such policies are unenforceable for privileged communications. Employers may monitor work-related emails and internet use on their systems if they issue advance notice limiting personal use and stating all communications are company property subject to review. Federal laws like the Electronic Communications Privacy Act also permit monitoring on company systems with proper policy disclosure.​
Data Privacy in Employment
The NJDPA requires businesses processing personal data of 100,000+ New Jersey consumers (or 25,000+ with data sales revenue) to provide privacy notices, allow opt-outs for sales/targeted ads, and conduct data protection assessments, but it explicitly excludes employment data from these rules. Employers must update handbooks for compliance with data security practices and notify employees of data collection purposes in plain language starting January 15, 2025. Violations fall under the Consumer Fraud Act, with fines up to $10,000 for the first offense and $20,000 thereafter.​
Cybersecurity and Monitoring Laws
New Jersey mandates employers notify employees before using electronic tracking devices solely for location monitoring. A 2022 law requires disclosure of tracking software or monitoring tools, with penalties up to $1,000 for first violations and $2,500 subsequent ones. Employers cannot demand passwords to personal social media accounts but may access public information or investigate work-related misconduct.​
Key Protections for Employees
Employees retain privacy expectations for personal web-based accounts (e.g., Yahoo) accessed on work computers unless explicitly warned otherwise. Policies must be unambiguous to override privacy claims, and employers can discipline for policy violations without reading privileged content. For comprehensive guidance, review the NJ Department of Labor site, which enforces wage and workplace conditions but defers specific privacy details to case law and the NJDPA.
