Last year, employers were taken aback when a New Jersey court ruled that an employee did have some expectation of privacy of e-mails she sent to her attorney using work computers.  The case, Stengart v. Loving Care Agency became one of the most talked about cases of the year. 

Last week, a California court came out with a decision based on California law that basically said the opposite. The New Jersey Employment Law Blog has this good post describing the key aspect:

Recently, in Holmes v. Petrovich Development Company, the California courts held that an employee who was consulting with counsel in connection with a pregnancy discrimination claim used a company system for privileged communications at her own risk.

[T]he e-mails sent via company computer under the circumstances of this case were akin to consulting her lawyer in her employer‟s conference room, in a loud voice, with the door open, so that any reasonable person would expect that their discussion of her complaints about her employer would be overheard by him. By using the company‟s computer to communicate with her lawyer, knowing the communications violated company computer policy and could be discovered by her employer due to company monitoring of e-mail usage, Holmes did not communicate “in confidence by means which, so far as the client is aware, discloses the information to no third persons other than those who are present to further the interest of the client in the consultation or those to whom disclosure is reasonably necessary for the transmission of the information or the accomplishment of the purpose for which the lawyer is consulted.” (Evid. Code, § 952.) Consequently, the communications were not privileged.

What are we to make of this apparent split in how courts are reating the issue (besides differing state laws)? Well I think Frank Steinberg is dead-on with his suggestion for employees. "The question is, Stengart notwithstanding, why would an employee take the foolish risk of compromising the protection provided by the attorney-client privilege by using her employer’s e-mail system? After all, most everyone owns or has access to a personal computer, a wireless phone or Blackberry, on which secure communications can be sent."

For employers in Connecticut, the electronic monitoring statute is a must to know and follow.  I’ve previously covered it in prior posts.  Employees have no private cause of action under it (as the Connecticut Supreme court ruled in Gerardi v. City of Bridgeport, 294 Conn. 461, 985 A.2d 328 (2010) but that doesn’t mean employers can simply ignore it.

Still, courts in Connecticut have not fully adjudicated this issue. As a good summary of this issue said in a recent Connecticut Bar Association newsletter article, "in-house counsel and other attorneys who retrieve privileged information as a result of a search of the employee’s work computer — even if the data is itself “owned” by the employer — should proceed cautiously and comply in all respects with the applicable Rules of Professional Conduct." 

Moreover, employers can review their personal use policies and consider notifying employees that while personal use of computers may be permitted, employees should have no expectation of privacy of such communications. 

  • There is an important distinction to be made between the New Jersey decision in Stengart and the California decision in Holmes – a distinction that may make a difference to employers and their attorneys when addressing this issue.
    The employer in Stengard retrieved communications that the employee had with her attorney using a webmail account (e.g., gmail, hotmail, Yahoo!, etc). The employer did so by recovering html screenshots of the webmail from the residual space (sometimes called slack space or deleted data) of the employee’s work computer. The Court’s opinion was clear that most (normal) people have no idea that accessing webmail on a company owned computer leaves such traces of the communications, and that the employer’s policy did not expressly warn the employee of the company’s ability to recover such data. The Court left the door open to the possibility that a waiver might occur if the employer’s policy was clear on this issue, although the Court also expressed doubt about whether a waiver ever would occur in these circumstances.
    Incidentally, there is a Massachusetts case, NERA v. Evans, 2006 WL 244008 (Mass. Super. Aug. 3, 2006), with similar facts. The Mass Superior Court reached the same conclusion as the New Jersey case.
    The employer in Holmes recovered communications that the employee had with the attorney using the employee’s company email account. The Court relied on the fact that the employer had an electronic use policy expressly notifying the employee that such communications were not private and that such data was the property of the company. The Court also reasoned that, in this day and age, employees should be well aware that their employers can and often do monitor company owned email accounts.
    Thus, the distinction to be made here is between communications recovered from a company owned email account, and communications on a webmail account recovered from residual data. As long as the employer has an apppropriate electornic use policy, a waiver may exist as to the former, but even with such a policy a waiver probably does not exist as to the later.
    That said, I agree with the conclusion of your article that lawyers should be wary of relying on the California precedent or assuming that a waiver has occurred. Where I practice in New Hampshire and Massachusetts, I am not confident that Courts here would necessary agree with the California case. I believe that lawyers should treat such communications as potentially inadvertently disclosed. In other words, do not review the email, do not permit your client to tell you about the email if the client has already reviewed it, have your client (or client’s IT staff) preserve the email, and then put the matter before the court at the appropriate time.
    [Ed note: Great comment and yes, things are still very unsettled in this area. One case does not define what employers should do.]