Employees use their work e-mails for all kinds of communications, from the business-related to the personal and private. When a dispute arises, however, it’s getting more difficult to keep those private e-mails from seeing the light of day.
For example, last week’s Inbox highlighted one recent decision in which a New York federal court ruled that an executive had “no reasonable expectation of confidentiality or privacy” in his work e-mail. United States v. Finazzo, No. 10-CR-457 (E.D.N.Y. Feb. 19, 2013).
Finazzo is different from most of the cases we cover on this blog (with the exception of this post last week) because it is a criminal case. The defendant is Christopher Finazzo, a former executive at Aeropostale, who was indicted on charges of mail fraud and false statements to the SEC. The government based the charges on Finazzo’s undisclosed interest in one of Aeropostale’s vendors, a company called South Bay. Aeropostale found out about Finazzo’s role in South Bay when its investigator uncovered an e-mail that Finazzo’s personal attorney sent to his work account, in which the attorney listed assets to be considered for the drafting of Finazzo's will.
In the criminal case, Finazzo moved to keep the government from using the e-mail at trial, arguing that it was a privileged attorney-client communication. The court denied his motion, finding that the e-mail was not a confidential or private document. In assessing the privacy of the document, the court weighed a number of factors.
First, it examined Aeropostale’s policies for employee e-mail. The company’s employee handbook stated that employees “should have no expectation of privacy when using Company Systems. All information on the Company Systems may be monitored, accessed, deleted or disclosed at any time without . . . permission.” This language weighed against a finding of privacy.
Second, the court looked at Finazzo’s actions when he received the e-mail. Finazzo argued that he deleted the e-mail after forwarding it to his personal account. But this fact did not help him, because he did not show that he believed the deletion would keep Aeropostale from accessing either the e-mail sent to him or his forward of that e-mail.
Third, the court reviewed Finazzo’s awareness of Aeropostale’s policies, and found that he had signed acknowledgements of them over the years. Thus, he knew that Aeropostale reserved the right to review his work e-mails, and on the whole, he had no expectation of privacy in them.
As the Finazzo court acknowledged, other courts have safeguarded attorney communications sent to an employee’s e-mail account. The Finazzo court distinguished those cases on the ground that Finazzo “both sent and received the privileged e-mail.” The court also suggested that by merely deleting the e-mail, Finazzo did not do enough to maintain his privacy interest in it. Further, the court ruled that even if Finazzo had initially preserved the privilege over the document, he waived the privilege when, after being confronted with the document, he openly discussed its contents with company personnel.
Finazzo shows that an employee should be careful to have a personal attorney send e-mails only to personal e-mail accounts, never to work accounts. However, even that may not be enough. For example, the corporate policy at issue in Finazzo applied to “internal and external e-mail.” Thus, if the attorney had sent e-mails to Finazzo’s personal e-mail account, and Finazzo had then accessed those e-mails on his work computer, the government could have argued that Finazzo had no expectation of privacy in any personal e-mails that were stored in the cache of his work hard drive. (However, for a discussion of a court's rejection of this type of argument, see L.V. Anderson's article last week in Slate about Harvard's search of faculty deans' e-mail accounts in connection with a cheating investigation.)
Finazzo and its ilk serve as an important lesson to employers and employees alike: what an employee does at work can stay at work, even if the employee doesn’t want it to.