New Rulings on Attorney-Client Privilege in the Workplace

February 19, 2010

The presumption has been that emails sent over an employer’s computer system are not private, but recently courts have looked more closely at the issue of attorney-client communications over such systems. In the most recent case, Convertino v. United States Department of Justice, No. 04-0236 (D.D.C., filed Dec. 10, 2009), the U.S. District Court for the District of Columbia held that a U.S. attorney for the Eastern District of Michigan had a reasonable expectation of privacy in communications he made over the Department of Justice (DOJ) email system with his personal attorney. The DOJ maintained a policy that did not ban personal use of the company email and the U.S. attorney was unaware that the DOJ would be regularly accessing and saving emails from his account.

In another recent case on the issue, Stengart v. Loving Care Agency, Inc., 973 A.2d 390 (N.J. Super. Ct. 2009), the Appellate Division of the Superior Court of New Jersey held that communications between an employee and his personal lawyer on an employer’s computer system were privileged, and took the extra step of pointing out that employer’s counsel may have been in violation of their ethical obligations by reviewing the potentially privileged communications without giving the employee the opportunity to assert privilege over them. While courts across the country have reached disparate conclusions regarding whether or not the attorney-client privilege protects emails to employees’ personal lawyers sent over an employer’s email system or from a work computer, analysis of this issue has more or less focused on two areas: first, the employee’s expectation of privacy based on limitations outlined by the employer, either in a handbook or in a general policy, and second, whether or not the employer’s policy was consistently enforced. This article identifies the factors courts have used to evaluate whether or not the attorney-client privilege covered the communications at issue and discusses what the new Stengart ruling means for practicing attorneys.

In Stengart v. Loving Care Agency, Inc., 973 A.2d 390 (N.J. Super. Ct. 2009), the Superior Court of New Jersey, Appellate Division, found that emails exchanged by an employee and her attorney through her personal, password-protected, internet-based email account were protected by the attorney-client privilege. This issue arose in the context of the employee’s lawsuit against his employer for discrimination, in which company counsel referenced, in interrogatories, plaintiff’s communications with counsel on the employer’s email system. The company’s electronic communications policy allowed for “occasional personal use,” but reserved the right to “review, audit, intercept, access, and disclose all matters on the company’s media systems and services at any time, with or without notice.” The court noted that it was unclear what, if any, of the company’s differing versions of its electronic communications policy was applicable. Additionally, the company could not produce an acknowledgement form signed by the plaintiff, attesting that she received and understood the company’s policy. As a result, the court found that the employee had a reasonable expectation of privacy and that the emails were privileged. Most notably, the court stated that the actions of employer’s counsel in proceeding to read communications between the plaintiff and her counsel without giving the plaintiff the opportunity to assert privilege over them was inconsistent with the applicable New Jersey professional conduct rule. The court remanded for a hearing to determine whether employer’s counsel should be disqualified or, “if not, whether any other appropriate sanction should be imposed as a result.”

Cases in the area take their lead from In re Asia Global Crossing, Ltd., 322 B.R. 247 (S.D.N.Y. 2005), a federal bankruptcy case in which the court held that the attorney-client privilege protected employees’ email sent though the employer’s email system. The court analyzed four factors as relevant to whether the employees had a reasonable expectation of privacy over emails sent to their personal attorneys:

  1. 1.  Did the company have a policy banning or restricting personal use?
  2. 2.  Did the company monitor employees’ use of email?
  3. 3.  Do third parties have a right of access to the computer and email?
  4. 4.  Did the company notify the employee — or was the employee aware — of the use and monitoring policy?

The Global Crossing court based its decision on conflicting attestations from the company regarding what, if any, employer monitoring policy was in place at the time the emails were sent. The court held that the communications between the former employees and their attorneys would remain privileged because the trustee failed to prove that the company’s practices had compromised the former employees’ expectations of confidentiality in the emails sent to their attorneys.

Other courts have employed the factors enumerated in In re Asia Global Crossing, Ltd. In United States v. Long, 64 M.J. 57 (C.M.A. 2006), a Lance Corporal in the Marine Corps sent emails to her attorney written from her work computer discussing her fear of drug testing. The government later brought drug charges against her and sought to introduce the emails sent to her attorney from her computer at work.

The Court of Appeals for the Armed Forces held that the “Notice and Consent to Monitoring” banner, which popped up when she logged into the system, were insufficient to demonstrate to the employee that she did not have a reasonable expectation of privacy in her email, and overturned the trial court’s admission of the evidence. In other words, in composing an email, despite having been notified that her employer may be monitoring its contents, the Lance Corporal did not waive her expectation of privacy. The court pointed to the testimony of the network administrator, who “repeatedly emphasized the agency practice of recognizing the privacy interests of users in their e-mail,” and of the fact that the Lance Corporal had a password known only to her as factors in its decision that the “‘monitoring’ function detailed in the log-on banner did not indicate to Appellee that she had no reasonable expectation of privacy in her email.”

However, in Scott v. Beth Israel Med. Center Inc., 2007 WL 3053351 (N.Y. Sup. Ct. 2007), the Supreme Court of New York County found that an email communication between a physician and his personal attorney exchanged over the email system of the hospital at which he worked was not protected by the attorney-client privilege. The court looked at the hospital’s email policy, which stated that email accounts should be used only for business purposes, that employees “have no personal privacy right in any material created, received, saved or sent using Medical Center communication of computer systems,” and that the hospital reserved the right to access and disclose the email without prior notice. The court found that the effect of this policy was “to have the employer looking over your shoulder each time you send an e-mail” via the employer’s email system, and attached particular significance to the fact that the physician was an administrator at the hospital, and also was responsible for implementing the email policy. In Curto v. Medical World Communications, 2006 WL 1318387 (E.D.N.Y. 2006), an employee sent to her attorney communications written on an employer-issued laptop from a personal internet-based email address despite the employer’s strict no-personal-use computer policy. The court found that the employee had a reasonable expectation of privacy in the communication. The court focused on the fact that the company did not enforce the no-personal-use policy and concluded that the employee took reasonable precautions to protect the privacy of the document by using a password-protected, Internet-based email address and deleting all personal files from her computer before returning it to the company.

Finally, in Convertino v. United States Department of Justice, the U.S. District Court for the District of Columbia held that a federal prosecutor’s emails to his personal attorney, sent over his employer’s system, were covered by the attorney-client privilege. The court looked at the factors laid out by In re Asia Global Crossing, and determined that the federal prosecutor reasonably expected his emails to his personal attorney to remain confidential. Though the DOJ had access to the personal emails, the DOJ had no ban on personal use of its email accounts, and the federal prosecutor was unaware that the DOJ would be accessing and saving his communications.

Although employers can easily access both communications stored on their own systems as well as communications sent over their network from personal internet-based accounts, employers must be careful not to review privileged communications. Courts are increasingly drawing distinctions as to whether communications with personal attorneys sent over such systems and networks are protected by the attorney-client privilege by focusing on two areas: the employee’s expectation of privacy based on policies in effect and whether those companies’ policies were consistently enforced. Attorneys who review employee emails need to be careful because emails sent over an employer’s email system or using the employer’s network may still be privileged. Moreover, the ethical rules potentially applicable in their jurisdictions regarding the discovery of potentially privileged material may apply.

For more information about the subject matter of this alert, please contact any of the lawyers listed below:

Mark Robinson, Co-chair, White Collar Investigations and Enforcement Group

This alert was originally published as an article in the American Bar Association, Section of Litigation “Professional Liability Litigation Newsletter,” Winter 2010. © 2010 by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association.

This article was originally published by Bingham McCutchen LLP.