Company E-mail Policies May Defeat Attorney-Client Privilege
Businesses, employees, and their attorneys should be aware of the effect company computer system and e-mail policies can have on the attorney-client and work product privileges. According to the latest surveys conducted by the American Management Association and The ePolicy Institute, 76% of organizations have e-mail usage and content policies, and 55% of organizations monitor employee e-mail. A recent New York appellate court’s opinion that the attorney-client and work product privileges did not apply when an employee used his employer’s computer system to send and receive e-mail from his company e-mail account has not gone unnoticed and was discussed in the November 14, 2007 issue of the ABA/BNA Lawyers’ Manual on Professional Conduct.
In Scott v. Beth Israel Medical Center, Inc.,1 the matter before the court concerned an employee’s motion for protective order seeking the return of e-mails between himself and his attorney concerning his severance pay dispute against his employer. All e-mails sent by the employee’s attorney to the employee’s company e-mail account contained the law firm’s notice that the communication was intended only for the addressee and that it may contain privileged and confidential information. The company’s e-mail policy stated that: (1) computer, internet, e-mail, and other specified technology systems were the employer’s property and should be used for business purposes only; (2) all information and documents created, received, saved, or sent on the employer’s computer or communications systems belonged to the company; (3) employees had no personal right of privacy in such information; and (4) the company had a right to access and disclose such information at any time without prior notice.
The court determined that if an employee had at least constructive knowledge of a corporation’s policy prohibiting personal or other objectionable use, and the company monitors the use of employee computer systems or e-mail, the attorney-client privilege would be inapplicable.2The court concluded that the employee’s e-mails were not made in confidence because, as a result of the employer’s computer and e-mail policies, sending and receiving e-mail through the employer’s e-mail system was tantamount to having the employer looking over his shoulder each time he sent or received an e-mail. Thus, the e-mails were not confidential communications and were not protected by the attorney-client privilege. Furthermore, the law firm’s notice that the e-mail may contain confidential information did not prevent the attorney work product privilege from being waived. The court found that the notice was “insufficient and not a reasonable precaution” in light of the company’s e-mail policy.3
Conversely, in Curto v. Med. World Commc’ns., Inc.,4a U.S. district court refused to find that an employee had waived the attorney-client and work product privileges concerning documents allegedly recovered from previously deleted files stored on company owned laptop computers. While a similar computer system and e-mail policy was in place, this case is distinguishable from Scott because the employee worked from home, the computers were not connected to the company’s computer server, the employer could not monitor computer activity without physically having possession of the computers, and the employee deleted her personal files from the employer’s computers before she returned them to the company. Therefore, the court reasoned that despite the company’s policies, “it was reasonable for [the employee] to believe that the e-mails she sent and the personal documents she stored on her laptops were confidential.”5 Moreover, the court also concluded that the company’s general lack of enforcement of its monitoring policies “lulled [their employees] into a ‘false sense of security’ regarding their personal use of company-owned computers.”6
While there are no Texas cases addressing this issue, communications between attorneys and their clients must also be confidential for the privilege to apply. Furthermore, although the attorney-client and work product privileges were not implicated, a Texas appellate court ruled against an employee attempting to claim that his employer invaded his privacy when the employer accessed the employee’s password protected personal e-mail folder located on the employee’s work computer to conduct an internal sexual harassment investigation. The court inMcLaren noted that the employee’s workstation “was provided to him by Microsoft [his employer] so that he could perform the functions of his job.”7 The court found that the e-mails sent and received on the company workstation “were not McLaren’s personal property, but were merely an inherent part of the office environment.”8Moreover, the court rejected the employee’s argument that he had a “reasonable expectation of privacy in the contents of the e-mail messages such that Microsoft was precluded from reviewing the messages.”9
Attorneys should also be aware of the potential ethical issues concerning whether e-mail sent to their clients at company e-mail accounts are confidential communications. In 1999, the American Bar Association (“ABA”) issued a formal opinion stating that lawyers could send unencrypted e-mail to their clients without violating the Model Rules “principally because there is a reasonable expectation of privacy in its use.”10 The opinion noted, however, that the conclusions regarding e-mail communications do not “diminish a lawyer’s obligation to consider with her client the sensitivity of the communication, the costs of its disclosure, and the relative security of the contemplated medium of communication.”11 Since Model Rule 1.6 requires lawyers to maintain the confidentiality of information relating to the representation of a client, lawyers should inform their clients about the issues concerning sending and receiving e-mail through company computer systems and possibly even prohibiting such communication.
Disputes over e-mail communications are likely to occur more frequently as more and more companies establish computer e-mail and monitoring policies. As long as e-mail and computer policies are properly drafted and implemented, businesses may be able to defeat privilege claims asserted by employees concerning e-mail communications with their attorneys. Employers should obtain their employees’ consent to monitor company e-mail accounts and any internet activity, including web-based e-mail accounts accessed through the company computer system. Finally, the policies should be specific so they do not leave room for ambiguity, and employees should frequently be reminded of such policies so there is no confusion.
1No. 602736/04, 2007 NY Slip Op 27429, 2007 N.Y. Misc. LEXIS 7114, at *1 (N.Y. App. Div. October 17, 2007).
2Id. at *10-*12 (discussing the test enunciated in In re Asia Global Crossing, Ltd., 322 B.R. 247 (S.D.N.Y. 2005)).
3Id. at *19.
4 No. 03CV6327, 2006 U.S. Dist. LEXIS 29387, at *1-*2, 99 Fair Empl. Prac. Cas. (BNA) 298 (E.D.N.Y. May 15, 2006).
5Id. at *17.
6Id. at *25.
7McLaren v. Microsoft Corp., No. 05-97-00824-CV, 1999 U.S. App. LEXIS 4103, at *11 (Tex. App.-Dallas May 28, 1999, no pet.).
8Id.
9Id. at *12.
10 ABA Comm. On Ethics & Prof’l Responsibility, Formal Op. 99-413, p. 2 (1999), available athttp://www.abanet.org/cpr/nosearch/99_413.pdf
(last visited Dec. 20, 2007).
11Id.