Federal Courts' Disagreement Over E-Mail Privacy Highlights Employers' Need to Revisit E-Mail Policies

Posted on December 21, 2009 by Privacy and Data Protection Practice Group

As the Supreme Court prepares to address the question whether public employees can expect privacy in text messages sent by government-issued phones through a service provider under contract with the government, federal district courts continue to reach conflicting results when addressing whether private employees waive the attorney-client privilege by communicating with a personal attorney using their employer’s electronic resources. With yet another federal court recently finding no waiver, employers should revisit and revise their electronic resources policies to increase their chances of winning the waiver battle.

In Convertino v. United States DOJ, 2009 U.S. Dist. LEXIS 115050 (D.C. Dec. 10, 2009), a case decided last week, a former federal prosecutor suing the Justice Department for an allegedly improper leak concerning an investigation into charges that he engaged in prosecutorial misconduct, sought to compel production of e-mails exchanged through the Justice Department’s e-mail system between Jonathan Tukel, a federal prosecutor involved in the investigation, and Tukel’s personal attorney. The federal District Court for the District of Columbia held that Tukel had not waived the privilege. The court determined that Tukel reasonably could expect privacy in the communications with his attorney because the Justice Department’s e-mail policy permitted personal use of its e-mail system, and Tukel stated in an affidavit that he was unaware that the Department regularly monitored his e-mail.

In contrast to this result, a federal district court in Idaho, in Alamar Ranch, LLC v. County of Boise, 2009 U.S. Dist. LEXIS 101866 (D. Idaho Nov. 2, 2009), held just six weeks earlier that an employee had waived the attorney-client privilege by exchanging e-mail with her attorney using her employer’s e-mail system. The court relied on the employer’s e-mail usage policy, which notified the employee that: (1) all e-mail was the employer’s property; (2) the employer reserved the right to monitor e-mail; and (3) employees should not assume that e-mail would be confidential. The court gave no weight to the employee’s testimony, almost identical to Tukel’s in the D.C. case, that she was unaware of the monitoring. The court found her subjective belief “unreasonable . . . in this technological age.”

Although not mentioned in the D.C. court’s opinion, the Justice Department’s e-mail usage policy most likely contains the same language that the Idaho court relied upon to find a waiver. Thus, the principal difference between the two cases appears to be the Justice Department’s express permission of some non-business use of its e-mail system. That said, employers would be short-sighted to think that prohibiting all non-business use in an e-mail policy would ensure a finding of waiver. Courts are likely to look to the employer’s de facto policy regarding non-business use, which, for virtually all employers, will be tacit permission of non-business e-mail despite an express ban on non-business use in the employer’s e-mail policy.

Given the above, employers can strengthen their position in the waiver battler by expressly stating the following in an e-mail policy with respect to non-business use of the employer’s e-mail system:

  • Non-business e-mails are not private and are subject to the employer’s electronic resources policy in its entirety, including the employer’s policy on monitoring;
  • Employees are prohibited from using the employer’s electronic resources to communicate with a personal attorney;
  • Employees who use the employer’s electronic resources to engage in non-business e-mail communications through a personal web-based e-mail account should be aware that duplicates of such e-mail may be stored on the employer’s electronic resources and will be subject to review by the employer in accordance with its electronic resources policy.

This entry was written by Philip L. Gordon.
Tags: , , , , , , , ,

Who Said Employees Have No Right To Privacy In Their Corporate E-Mail And Internet Access?

Posted on July 11, 2007 by Philip Gordon

“You have no right to privacy in your e-mail using corporate resources”
“The Company reserves the right to monitor your Internet access at any time”
So chimes policy after policy after policy. But, is the mantra really true?

Several recent cases suggest that answer is “not always.” In United States v. Long, the highest military court (not exactly a known bastion of privacy protection), recently held that a Marine Corps investigator violated a soldier’s privacy rights by obtaining inculpatory e-mail from the system administrator. The Department of Defense had an e-mail policy that was as draconian as any private employer’s, but the policy said nothing about turning over e-mail to criminal investigators, and the system administrator admitted that he did not read individual e-mails when monitoring the system because he felt they were private. Sound familiar?

At the start of 2007, the Ninth Circuit Court of Appeals in United States v. Ziegler held that an employee caught viewing child porn on his work computer had a reasonable expectation of privacy in the computer because it was stationed in his locked office. The court stated more generally, “in the private employer context, employees retain at least some expectation of privacy in their office,” which, for most employees in today’s working world includes a computer with stored e-mail.

In yet another example, a federal district court in California held that a police officer had a reasonable expectation of privacy in salacious text messages exchanged with his girlfriend using a department-issued pager. In that case, Quon v. Arch Wireless Operating Co., the fact that the department had a written policy singing the same song as most electronic resources policies was irrelevant since the department had communicated an unwritten policy of not auditing the text messages except when an officer disputed charges for overages.

Perhaps judges are starting to worry about the privacy of their own e-mail? Perhaps it is time to revisit and revise your electronic resources policy?
Tags: , , , , ,

Want To Get Rid Of Tag-Along State Law Claims? Try The Communications Decency Act

Posted on June 27, 2007 by Philip Gordon

For years now, employers have been warned that a detailed, electronic resources policy is the best defense against vicarious liability for the actions of employees who use corporate e-mail or Internet access like a bully in a sandbox. A recent decision from the California Court of Appeals highlights a potentially more potent defense that has received little attention in employment law circles.

The Communications Decency Act of 1996, 47 U.S.C. §230 [CDA] immunizes any “provider . . . of an interactive computer service” from liability under any state law for information published on the service by someone else. In Delfino v. Agilent Technologies, the plaintiffs sued Agilent for intentional infliction of emotional distress because a former Agilent employees had used Agilent’s e-mail system and Internet access to communicate numerous threatening messages to the plaintiffs. The California Court of Appeals affirmed summary judgment for Agilent based on the CDA.

As a matter of first impression, the court held that a corporate employer, like Agilent, who offers e-mail and Internet access is an interactive computer service provider for purposes of the Act. Because the employee, not Agilent, provided the threatening messages, and the plaintiffs sought relief only under state tort law, the CDA immunized Agilent from liability. By analogy, the CDA can be used to get rid of those pesky state law claims, like negligent hiring, negligent supervision, intentional infliction of emotional distress, and defamation, that tend to accompany Title VII claims alleging harassment through an employee’s use of corporate electronic resources.

Tags: , , , , , ,