Avansic's newest whitepaper "Those Emails Aren't as Privileged as You Think"
01-26-2010, Avansic - Dr. Gavin W. Manes
Several recent rulings have highlighted the issue of privilege protection for employee communications made using corporate IT assets. Specifically, two cases were argued this year regarding employees that communicated with their attorneys via email using company computers; Alamar Ranch, LLC v. County of Boise, 2009 WL 3669741 (D. Idaho Nov. 2, 2009), and Stengart vs. Loving Care Agency, 408 N.J. Super. 54 (App. Div. 2009). These two cases have very similar backgrounds but different outcomes, and they provide some insight into the court’s attitude towards this issue.

In Alamar Ranch v. County of Boise, the court ruled that emails exchanged between an individual and her attorney were not protected by privilege because the employer had a clearly stated policy of email monitoring. The court indicated that since there was no expectation of privacy and the emails were sent using a corporate account, privilege does not apply. The individual sent mails using her corporate email account from a company-owned computer.

In Stengart v. Loving Care an employee used a company computer to send emails to counsel, but did so through a Yahoo email account instead of the company’s mail program. The trial court ruled the communications were not covered under privilege due to the company’s policy of email monitoring. However, the appellate court reversed that ruling and indicated that privilege remained intact and the company did not have the right to review those emails. They argued that even a robust electronic resources policy does not necessarily allow carte blanche for the review of personal information stored on a company-owned computer.

Although these rulings might seem to make the picture of privilege-at-work more unclear, they at least provide a general guideline. Those who claim that information sent from an email account hosted by their employer is subject to privacy rights may already have a good argument if there is no clear policy about monitoring. This reinforces the critical need for companies to be clear and articulate about their computer and email use policies. Even if such policies are in place, there may not be protection for all the information on a computer – but a policy is certainly the first, best defense against such claims. Companies with policies would do well to review them in light of these court decisions in order to add specific rules or clauses relevant to their industry and their litigation risks.

This issue is likely to become more tangled in the near future. Telecommuting, ever-more-portable digital devices, and easy Internet access have all contributed to the blurred lines between work and personal lives – many employees access their Facebook pages and send Tweets during the business day, often on devices owned (at least in part) by the company. This makes for some complex arguments about expectations of privacy and ownership of information – does a business have the right to review all the Facebook status updates (even those that are private) sent from their company iPhone? And if so, could that information be used as a part of a case against an employee? These questions remain unanswered for the moment, but court decisions are likely to arise very shortly on the matter.