New Case on Employee Privacy Expectations for E-Mails
The situation on privacy expectations of e-mails for employees continues to develop both in Canada and the U.S. A unanimous decision released by the New Jersey Supreme Court this past week in Stengart v. Loving Care Agency, Inc. adds to this area.
Prior to leaving the employer to file a discrimination suit, the employee exchanged 7-8 e-mails with her lawyer through a personal Yahoo! e-mail account through the company’s laptop computer. The employer then retrieved these e-mails through the Temporary Internet Files cache and used them in preparation for the suit. The trial court initially ruled that the employee had waived any attorney-client privilege by using the company computer, a position reversed on appeal.
The Supreme Court ruled in favour of the employee, taking a position opposite to a similar New York case from a few years ago in Scott v Beth Israel Med. Ctr. Inc., which also dealt with attorney-client privilege. Other American courts have found no reasonable expectation of privacy in unprofessional e-mails sent through an internal system to a supervisor, and alternatively that a reasonable expectation of privacy did exist for attorney-client e-mails when
sent through the employer’s e-mail system.
The court adopted the fact-specific test from re Asia Global Crossing, Ltd. The employer in Stengart did not have an explicit policy in place to deal with personal communications,
The company reserves and will exercise the right to review, audit, intercept, access, and disclose all matters on the company’s media systems and services at any time, with or without notice…
E-mail and voice mail messages, internet use and communication and computer files are considered part of the company’s business and client records. Such communications are not to be considered private or personal to any individual employee.
The principal purpose of electronic mail (e-mail) is for company business communications. Occasional personal use is permitted; however, the system should not be used to solicit for outside business ventures, charitable organizations, or for any political or religious purpose, unless authorized by the Director of Human Resources.
[emphasis added]
Rabner C.J. notes that the employee took steps to protect her personal e-mails from the employer, including a personal e-mail account instead of her company e-mail, utilized password protections, and did not save the account password on the computer. She did not know that pages viewed were saved on the computer cache. Consequently, she had a subjective expectation of privacy in discussing her future lawsuit, especially since the company policy does not address personal e-mail accounts at all.
The employee did not waive privilege by using the company laptop, and the company violated the privacy interests by accessing the e-mails, and for failing to alert the employee’s lawyer that they possessed them before reading them. The New Jersey Rules of Professional Conduct (RPC) do provide some guidance in these situations,
4.4 (b) A lawyer who receives a document and has reasonable cause to believe that the document was inadvertently sent shall not read the document or, if he or she has begun to do so, shall stop reading the document, promptly notify the sender, and return the document to the sender.
The New Jersey Rules are based on the the ABA Model Rules, which the court said defines the term document to include e-mails and electronic modes of transmission.
The conduct expected of the employer was clarified in the decision,
To be clear, the Firm did not hack into plaintiff’s personal account or maliciously seek out attorney-client documents in a clandestine way. Nor did it rummage through an employee’s personal files out of idle curiosity. Instead, it legitimately attempted to preserve evidence to defend a civil lawsuit. Its error was in not setting aside the arguably privileged messages once it realized they were attorney-client communications, and failing either to notify its adversary or seek court permission before reading further. There is nothing in the record before us to suggest any bad faith on the Firm’s part in reading the Policy as it did. Nonetheless, the Firm should have promptly notified opposing counsel when it discovered the nature of the e-mails.
[emphasis added]
I would guess (i.e. I’m not doing the research) that the result would be the same in Canada, i.e. no access to the privileged material. The SCC in Blood Tribe held that an express inspection power in a state agency did not extend to privileged documents unless the statute expressly said it did. Other cases have disqualified law firms for not being diligent enough in sorting out the privileged information from other material properly seized.
The position of an employer with respect to an employee’s computer leavings must be weaker either than a legislative power to inspect or a judicial order to seize and preserve.
In short, I think the decision noted here is right and it should not be surprising. It’s a bit surprising that someone in these circumstances might be held to have waived privilege – even with fewer precautions than the employee took.
It’s slightly dated now, but see some of my previous posts on privacy expectations for unionized and non-unionized employees.
Check out this Ontario case for a more permissive take on employers who stumble across employee e-mails to their counsel on work systems: Eisses v. CPL Systems Canada Inc., 2009 CanLII 45440 (ON S.C.).
It’s a waiver case – with waiver being found based on some pretty extreme facts. The Court does comment, however, that employer’s counsel was blameless in reviewing and producing the suspect e-mails subject to a waiver claim. This is a surprisingly aggressive position, but I like the idea of showing employers and their counsel some latitude because stumbling on employee e-mails to counsel happens more than you’d imagine. Even cautious employer counsel can end up gaining knowledge of privileged communications inadvertently. The very interesting substantive issue about whether there’s a sufficient expectation of privacy to support a privilege claim aside, it doesn’t make sense to penalize counsel in circumstances which are so different from those that marked the leading Celanese case.
On the substantive issue itself, the case I’m aware of with the most detailed reasoning is the Daniel Potter case from Justice Scanlan, who finds that certain e-mail communications on an employer’s system are privileged. The argument and reasoning, however, seems to be more about the use of e-mail systems in general and not the specific circumstances in which the suspect communications were sent. The issue should ordinarily be resolved on the facts. Interestingly, the Stengart court said otherwise in suggesting that perfect notice wouldn’t be enough to defeat a privilege claim for a communication sent on an employer’s computer through a password-protected web based e-mail account for public policy reasons. Seems pretty bold.
My views only.
Thanks for those cases Dan – definitely a useful addendum.