• Home
  • About
  • Terms
  • RSS

Attorney-client privilege trumps an employer’s electronic communications and computer use policy

August 18th, 2009 | By Steve Puiszis

Stengart v. Loving Care Agency, Inc., 973 A.2d 390 (N.J. Super. A.D., 2009 WL 1811064 (N.J. Super. A.D.)

Introduction.

Stengart addressed whether the attorney-client privilege protected a former employee’s emails that were sent to her attorney using a company-issued laptop computer through a personal, password-protected, web-based (Yahoo) email account. The emails addressed a lawsuit the former employee contemplated bringing against her employer and were sent to the employee’s personal attorney prior to her resignation from the company. The company obtained the emails after suit was filed by making a forensic image of the computer’s hard drive and extracting them from the plaintiff’s internet browser history.

cctv_laptop

The court in Stengart concluded the emails were privileged, holding the policy considerations underlying the attorney-client privilege “substantially outweighed” the company’s interest in enforcing its computer use and electronic communications policy. The decision is also significant in that the court remanded for an evidentiary hearing to determine whether the company’s attorneys should be disqualified or if some other sanction should be imposed as a result of their failure to comply with Rule 4.4(b) of the New Jersey Rules of Professional Conduct. The New Jersey rule, like Rule 4.4(b) of the Model Rules, requires that whenever a lawyer has reasonable cause to believe that a document was inadvertently produced, the lawyer should not read it, and must promptly notify the sender.

The court’s decision in Stengart should be contrasted with Scott v. Beth Israel Medical Center, 17 Misc. 934, 847 N.Y.S.2d 436 (2007), which held the attorney-client privilege was lost when the plaintiff used the company’s email system to communicate with his attorney in view of the company’s no personal use and email monitoring policies coupled with the plaintiff’s awareness of those policies. The Stengart and Beth Israel decisions demonstrate that whether an employee’s communication with personal counsel retains its privileged nature when made via the company’s computer or email system involves a fact-specific inquiry. This post will address those decisions and will outline the factors that courts have examined when addressing the issue of attorney-client privilege in this context.

Ambiguous Electronic Communications Policy.

In Stengart, the plaintiff disputed whether the company’s electronic communications policy was in effect or was merely in draft form at the time she sent the emails, and whether the policy applied to executives such as the plaintiff. While the appellate court noted that the privilege issue should not have been decided absent an evidentiary hearing addressing these points given the factual dispute in the record, that was not the basis of the court’s holding.

The court also noted several ambiguities in the company’s electronic communications policy. In its employee handbook, the company reserved “the right to review, audit, intercept and disclose all matters in the company’s media systems and services at any time, with or without notice.” However, the policy neither defined nor suggested what was encompassed by the phrase “media systems and services,” and the court concluded that those words alone did not convey “a clear and unambiguous understanding about their scope.”

The company policy clearly provided: “E-mail and voice mail messages, internet use and communication and computer files are considered part of the company’s business and are not to be considered private or personal to any individual employee.” It further stated, however, that “occasional personal use” of those systems was permitted. The court in Stengart observed the policy made no attempt to explain when such personal use was permitted and ruled “[a]n objective reader could reasonably conclude … that not all personal emails are necessarily company property because the policy expressly recognizes that occasional personal use is permitted.”

Stengart noted “[t]hese ambiguities cast doubt over the legitimacy of the company’s attempt to seize and retain personal emails sent through the company’s computer via the employee’s personal email account.” While the electronic communications policy was obviously relevant to whether the communication was confidentially made, the court again chose not to base its decision on the ambiguities in the company policy. Rather, the court explained:

Giving the company the benefit of all doubts about the threshold disputes mentioned in earlier sections of this opinion, as well as the broadest interpretation of its electronic communications policy permitted, despite the obvious ambiguities in the policy’s text, we nevertheless are compelled to conclude that the company policy is of insufficient weight when compared to the important societal considerations that undergird the attorney-client privilege. As a result, we conclude that the judge exhibited inadequate respect for the attorney-client privilege when she found that plaintiff “took a risk of disclosure of her communications and a risk of waiving the privacy she expected” when she communicated with her attorney through her work-issued computer, and that plaintiff’s action in the face of the policy “constitute[d] a waiver of the attorney client privilege.” Accordingly, we reverse the order under review and conclude that the emails exchanged by plaintiff and her attorney through her personal Yahoo email account remain protected by the attorney-client privilege.

The Issue as Framed in Stengart Balanced the Company’s Right to Create Workplace Rules Against the Public Policies Underlying the Attorney-Client Privilege.

In order to claim attorney-client privilege, the party asserting the privilege must demonstrate that the communication was confidential when made and expected that its confidential nature would be maintained. See, e.g., Edna S. Epstein, The Attorney-Client Privilege and Work Product Doctrine, at 235 (5th ed. 2007). Various courts have examined the circumstances surrounding an email communication, and have concluded that the privilege is waived when “the holder of the privilege voluntarily discloses or consents to the disclosure of any significant part of the communication to a third party or stranger to the attorney-client relationship.” Power Boot Camp, Inc. v. Warrior Fitness Camp, 587 F.Supp. 2d 548, 563 (S.D.N.Y. 2008).

In Beth Israel, the appellate court outlined four factors relevant to the issue of confidentiality, which is a prerequisite to attorney-client privilege in this context. Those factors address whether:

(a) the company maintains an electronic communication policy banning personal or other objectionable use;

(b) the company monitors the use of its employees’ computers or email;

(c) third-parties have a right of access to its computers or emails; and

(d) the company notifies its employee or whether the particular employee was aware of the company’s use and monitoring policies.

The court in Beth Israel recognized that when an employee sends an email to his personal counsel via the company’s computer system knowing the company has a policy of monitoring and examining those emails, the employee could not legitimately claim he sent the email expecting it would remain confidential. However, another appellate court in People v. Jiang, 131 Cal. App. 4th 1027, 33 Cal. Rptr. 184, 205 (2005), held that an employee’s emails to his attorney were privileged notwithstanding the fact that they were sent via his employer’s computer. In Jiang, the court determined that the privilege was not lost in view of the employee’s “substantial efforts to protect the documents from disclosure by password-protecting them and segregating them in a clearly marked and designed folder.” Additionally, the policy on electronic communications in Jiang did not specifically prohibit the employee’s personal use of the company’s computer system.

Accordingly, the scenario presented in Stengart was factually analogous to Jiang. However, the appellate court in Stengart did not approach the privilege issue from the perspective outlined above. Instead, the court noted that “an employer’s rules and policies must be reasonable to be enforced,” and framed the issue as one which required the court’s “balancing of the company’s right to create and obtain enforcement of reasonable rules for conduct in the work-place against public policies underlying attorney-client privilege.”

With the issue framed in this fashion, the appellate court in Stengart concluded that while a company may monitor its employees’ computer use and take appropriate disciplinary action when the employee engages in personal matters during work hours, “that right to discipline or terminate, however, does not extend to the confiscation of the employee’s personal communications.” The court ultimately concluded that an employer’s policy which transformed all private communications into company property merely because the company owned the computer used to make the private communication or to access the private information during work hours “further[ed] no legitimate business interest.” The court in Stengart added:

Certainly, the electronic age – and the speed and ease with which many communications may now be made – has created numerous difficulties in segregating personal business from company business. Today, many highly personal and confidential transactions are commonly conducted via the Internet, and may be performed in a moment’s time. With the touch of the keyboard or click of the mouse, individuals may access their medical records, examine activities in their bank accounts and phone records, file income tax returns, and engage in a host of other private activities, including, as here, emailing an attorney regarding confidential matters. Regardless of where or how these communications occurred, individuals possess a reasonable expectation that those communications will remain private.

Stengart Should be Read in Light of New Jersey’s Recognition of a Broad Right to Informational Privacy Under the State Constitution.

Because the existence of a privilege results in the withdrawal of potentially relevant information from the judicial process, many courts have strictly construed the attorney-client privilege. See, e.g., Fisher v. United States, 425 U.S. 391, 403 (1976) (observing “since the privilege has the effect of withholding relevant information from the fact finder, it applies only when necessary to achieve its purpose”). Foster v. Hill, 188 F.3d 1259, 1264 (11th Cir. 1999) (holding the party invoking the attorney-client privilege has the burden of establishing its applicability which is “narrowly construed”).

Stengart’s approach to the privilege issue should be read in light of the broad right to privacy recognized by New Jersey courts under the New Jersey State Constitution. See, e.g., State v. Reid, 389 N.J. Super. 563, 914 A.2d 310, 317 (2007) (noting a line of decisions which are “highly protective” of an individual’s right to privacy even when the information sought is in the hands of a third party). For example, while federal courts have routinely held that internet subscribers have no right of privacy with respect to identifying information on file with their internet service providers, the appellate court in Reid reached the opposite conclusion based upon the right of privacy afforded by the New Jersey State Constitution. Id. The court in Reid noted that of those States that have an explicit right of privacy in their State Constitutions, only New Jersey has recognized a right to “informational privacy.” Id. at 313-14. Stengart suggests that the issue of privilege waiver in this context involves not only a fact-bound inquiry, but also one that may be jurisdictionally specific, making broad generalizations or bright-line approaches to the issue problematic.

Do Not Ignore Applicable Ethical Rules.

In Stengart, company’s attorneys did not notify the plaintiff or her counsel that the company had extracted the emails from the computer she had used before producing them in discovery. The appellate court in Stengart concluded that counsel’s actions were inconsistent with the obligations imposed by Rule 4.4(b) of the New Jersey Rules of Professional Conduct. The court criticized counsel’s approach in the case, noting that counsel had “appointed itself the sole judge of the issue and made use of the attorney-client emails without giving plaintiff an opportunity to advocate a contrary position.”

Thus, a lesson to be learned from Stengart is that whenever an attorney receives potentially privileged or confidential information relating to the opposing party, that attorney should carefully consider how that information was obtained. Was its production intentional or inadvertent? Counsel should then review the applicable rules of professional conduct and consider whether to consult with a knowledgeable attorney concerning your ethical duties under the circumstances presented. The safest course of action is to promptly notify opposing counsel about your receipt of any confidential or privileged information. When the issue cannot be informally resolved with opposing counsel, bring the matter to the court’s attention and allow the court to resolve the issue before using or further disclosing the information in discovery.

Factors To Consider Involving Privilege And Email Communications.

Courts generally view the use of email as simply another form of communication and apply privilege rules that have developed in the context of written and oral communications between the attorney and client. There are unique technological aspects to the use of email – they can reside in a “sent file,” on a computer’s hard drive, an email server or on backup tapes. Internet service providers will also possess email communications for short periods of time. We have previously posted one of our PowerPoint slides which depicts the potential routes that a single email can take and where it can be found which can be seen here. However, no court has ever held that the technologically unique features of email communication defeats the attorney-client privilege.

The mere fact that a company computer is used by an employee should not result in a loss of the privilege. See Curto v. Medical World Communications Inc., 2006 WL 1318387 (E.D.N.Y. 2006) (holding privilege applied to emails sent from an employee’s home office on a company issued laptop that was not connected to the company’s email server). No one would argue that an employee who uses a company phone to call an attorney from the privacy of his or her own office thereby loses the right to claim their conversation was privileged. The mere use of a company computer does not necessarily change the privilege equation.

Similarly, a company prohibition on the personal use of communication equipment does not necessarily vitiate the privilege. While an employee may be disciplined for violating a company policy by making a personal phone call from the privacy of his or her office, the mere violation of a company policy would not defeat the claim of privilege. However, where a company prohibits personal use of company equipment, advises its employees that it reserves the right to monitor and review their electronic communications and does so, then the employee will have difficulty claiming that the communications made in confidence to the attorney.

As Jiang demonstrates, an employee’s use of password protected web-based email account will bolster the employee’s claim of privilege as would the use of encryption software. On the other hand, the use of a shared computer and/or the existence of shared passwords on a company computer will lessen the strength of any privilege argument. Copying others on emails between the attorney and the client can result in the privilege being lost as one of our prior posts explains. A company’s failure to explicitly prohibit the personal use of its email and computer systems, or ambiguities in such a policy are additional factors that several courts have noted when addressing the issue.

Beware of the Stored Communications Act When Accessing an Employee’s Web-based Email.

The Stored Communications Act, 18 U.S.C. §2701, prohibits the access of an “electronic communication service” without proper authorization. The Act is violated when a person accesses an electronic communication service or obtains an electronic communication while in electronic storage without authorization. Several courts have concluded that emails stored on an electronic communication service provider’s system constitute “stored communications” under the Act. See Power Boot Camp, 587 F.Supp. 2d at 555 (collecting cases). The district court in Power Boot Camp concluded that when a company accessed, without proper authorization, its former employee’s Hotmail account emails from the company computer he had purportedly used to view those emails, the Act was violated.

While the district court in Power Boot Camp recognized that an employee’s implied consent may provide sufficient authorization under the Act to permit an employer’s access to an personal email account, statements in an employee handbook must provide clear notice of that fact. While the former employee in Power Boot Camp may have been on notice that the company’s computers could be searched for evidence of his personal use, he was not aware that such a search could include his Hotmail, Gmail or any other web-based mail accounts. Thus, the company policy was not sufficiently specific to dodge a violation of the Act.

Privilege and privacy issues involving an employee’s personal email communications is an evolving area of law that will continue to develop with technological advancements. As these decisions demonstrate, attorneys and their clients must take care when reviewing potentially privileged or confidential information communicated by an employee via a company-issued computer over the internet.

Leave a Comment »

Leave a Reply

Read Our Comments Policy First

    •  
Follow @ediscoveryblog


Recent Posts

  • Requiring defendant to restore backup tapes would have violated proportionality standard
  • Model order for ediscovery is not just for patent troll cases
  • Puiszis authors feature article on DRI Today about model orders governing electronic discovery
  • Court orders phased discovery under Rule 26′s proportionality principles pending resolution of dismissal motion
  • Making the case for uniform culpability standards for ediscovery sanctions

Categories

  • Accessibility
  • Cost
  • electronic data
  • Forensics
  • Litigation Hold
  • Metadata
  • Preservation
  • Privacy
  • Privilege
  • Production
  • Review
  • Sanctions
  • Uncategorized

Blogroll

  • Death by Email
  • Dennis Kennedy
  • Ediscovery 2.0
  • Fios Inc.
  • For the Defense (DRI)
  • Hinshaw & Culbertson LLP
  • HR Illinois Blog
  • Illinois Institute for CLE
  • Internet Cases
  • kCura Corporation
  • Kroll Ontrack
  • Richmond Journal of Law & Technology
  • The Ethical Quandary
  • The Sedona Conference

Archives

  • November 2011
  • October 2011
  • December 2010
  • October 2010
  • September 2010
  • August 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009
  • June 2009
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008

Tags

Accessibility attorney-client privilege backup tapes confidentiality Cost costs cost shifting deposition electronic data email employee keyword keyword searching Litigation Hold locations Metadata model order native format not reasonably accessible ocr ordinary course of business Preservation Privacy Privilege Production proportionality Review rhoads routes rule 26c Rule 34 Sanctions searching spoliation state rules stay storage stored communications act strategy text messages trade secrets waiver website content work product doctrine zubulake

Copyright © 2009 Hinshaw & Culbertson LLP.