Employers occasionally find themselves in litigation with current or former employees. Sometimes an employer-defendant will uncover communications between the plaintiff-employee and her personal attorney or spouse on an employer-owned email or computer system.
These communications might ordinarily be privileged, but inadvertent disclosure to a third party–in this case, the employer–could waive the privilege if the employee failed to take reasonable precautions to maintain confidentiality. Many employers maintain policies informing employees that communications on work systems are not private and may be monitored. Employers seeking to use otherwise-privileged communications in litigation have argued that any asserted employee privilege is misplaced or waived, because the employee had no reasonable expectation of privacy on company systems.
But courts have not always agreed. The existence of a computer use policy only begins the analysis. Employers might therefore seek a court’s permission before reviewing or using potentially-privileged communications. The chances of a favorable ruling improve if some or all of the following occur:
- a clear policy existed at the time of the employee’s communication;
- the policy was actually enforced, i.e., the employer had a practice of monitoring communications;
- the employee had notice of the policy and the enforcement;
- the scope of the policy covers the communication at issue, e.g., it might be helpful to show that the policy-
- covers the particular server, device, or hard drive where the communication is stored, e.g., a policy covering messages exchanged on a work email account might not apply to emails sent on personal account accessed via a work computer;
- informs employees that their communications will be reviewed, that the system may automatically create, and permanently retain, images or other records of their internet activity, and that the employer may disclose their communications to a third party, including for use in litigation or to a regulatory body; and/or
- asserts that communications conducted or stored on the employer’s systems are the employer’s sole property;
- third parties, e.g., technology service providers, also had access to the communications;
- if the employee failed to take affirmative steps to keep the communications confidential, e.g., by deleting the emails from their work account; and
- communications were unauthorized because the policy prohibits this type or degree of personal use of the employer’s system.
It is important to carefully review the case law and professional responsibility rules in your jurisdiction because there is no uniform approach or standard for this issue. Our colleagues at InsidePrivacy previously summarized a Fourth Circuit case finding the marital privilege waived for communications on a work email account. However, other courts have been more reluctant to find the privilege waived depending on the circumstances. E.g., Stengart v. Loving Care Agency, Inc., 990 A.2d 650 (N.J. 2010).
A comprehensive email and computer use policy can enhance an employer’s ability to use an employee’s email and other electronic information stored on company equipment in litigation. These policies should be crafted with attention to the factors outlined above–as well as to the company’s other legal duties, rights, and interests in areas such as privacy, data security, intellectual property, employment, and securities laws.
To read about legal issues that arise when employees access work networks on their personal mobile devices, see this post from our colleagues at InsidePrivacy.