Generally, a confidential email sent to one’s personal attorney is protected under the attorney-client privilege. But what if the communication is sent using a business email account? Will a corporate policy entitling the company to access “all communications” sent on work computers undermine the privilege? Followers of this blog will recall, among other posts, our detailed recap of the extensive discussion of this issue at our Annual E-Discovery Conference in the wake of the New Jersey Supreme Court’s decision in Stengart v. Loving Care Agency, Inc., upholding the privilege where the employee used a company computer to communicate with her attorney via a personal password-protected internet based e-mail account, and sanctioning the employer’s attorneys for failing to turn over the protected communications. Readers may also recall our discussion of US v. Hamilton, where the United States Court of Appeals for the Fourth Circuit held that a husband waived the marital communications privilege when he sent messages from his work email account to his wife, but took no steps to protect their sanctity. Since those decisions, courts nationwide have continued to wrestle with these issues. Most recently, a Delaware Court held an employee waived the attorney client privilege where he used his work email account to email his lawyer with knowledge of the company’s policy establishing its right to access all communications on work computers.
In re Information Management Services, Inc. Derivative Litigation, Consol. C.A. No. 8168-VCL (Del. Ch. Sept. 5, 2013) involved a derivative action brought by two family-owned trusts (“Plaintiffs”) who alleged the company’s officers breached their fiduciary duties by mismanaging company funds. During discovery, Information Management Services, Inc. (“IMS”) advised Plaintiffs that two of the officers (the “Officers”) used their work email accounts before and after the filing of the lawsuit to communicate with their personal lawyers. Plaintiffs requested the emails be produced, but the Officers refused, citing the attorney-client privilege. Plaintiffs claimed that the Officers’ waived the privilege when they used work email accounts through the company servers. Plaintiffs also cited the company’s written policy notifying employees of its unrestricted access to communications sent through company computers and that personal use should not be considered private.
The court considered whether the emails constituted “confidential communications” under Delaware Rule of Evidence 502 (governing attorney-client privilege), which protects as confidential communications “not intended to be disclosed to third persons other than those to whom disclosure is made in furtherance of the rendition of professional legal services to the client or those reasonably necessary for the transmission of the communication.” The Court employed the following four factor test to determine whether the Officers had a reasonable expectation of privacy in work emails: 1) is there a company policy banning “personal or other objectionable use,” 2) does the company monitor employee email or computer use, 3) do third parties maintain a right of access to email or the computer, and 4) was the employee notified by the company, or was the employee otherwise aware of the use and monitoring policies?
The court first found that the IMS policy clearly notified employees that emails generated using work accounts would not be private and are accessible by the company. Second, files and internet messages are accessible to IMS staff under the policy. Moreover, despite their rank as senior officers, the Officers have the same expectation of privacy as all other employees. However, because the company never actually engaged in email monitoring, the court found this factor neutral. Third, because the Officers used their work email accounts, IMS, as a third party to the email communications, had the right to access the Officers’ email under the policy, notwithstanding the Officers’ inclusion of the words “subject to the attorney client privilege” in their communications. Fourth, the Officers admitted they knew about the company policy concerning email access. Thus, the four factors weighed in favor of a finding of no reasonable expectation of privacy and production of the emails, and the court granted the motion to compel.
The Delaware court’s decision contains clear lessons for companies and employees about attorney client communications on company owned electronic systems. Companies who take proper steps and enact unambiguous electronic systems policies that clearly notify employees of their right to monitor employee email sent using a work account on a work system — and particularly those that follow through on such email monitoring policies — can expect courts will uphold those policies and deem the privilege waived, just as the Delaware court did here, and the Fourth Circuit did in Hamilton.