The precise wording of an employer's computer usage policy could have a significant impact in a lawsuit with a former employee. That is one lesson from a recent decision out of California. In Holmes v. Petrovich Development Co., LLC, an employee sued her employer for, among other things, discrimination and retaliation. While defending the case, the employer discovered emails that the employee sent to her attorney from her work computer using her personal, password-protected email account. The employee argued that the emails were protected by the attorney-client privilege and should not be used in the case.
The employee handbook, which the employee received and had the opportunity to review, stated that (1) company computers were to be used only for company business; (2) employees were prohibited from accessing personal email on company computers; (3) the company would monitor its computers for compliance with the policy and thus might "inspect all files and messages . . . at any time"; and (4) employees using company computers to create or maintain personal information or messages "have no right of privacy with respect to that information or message."
The court found that, in light of the explicit policy in the handbook, the employee did not have a reasonable expectation that her emails would remain private, despite being sent and received through a personal, non-work account. Thus, the court ruled the emails were not privileged and that the employer was permitted to use them in its case.
The court distinguished the New Jersey case of Stengart v. Loving Care Agency, Inc. (which we blogged about last year) in its decision. In Stengart, the court found that an employee had a reasonable expectation of privacy with respect to emails to and from her personal, password-protected email account, despite those emails being created or accessed on the employee's work computer. But the language of the policy the court considered in Stengart (1) did not explicitly prohibit employees from accessing personal email accounts from work, and (2) did not explicitly state that emails on non-work email accounts were not private. Holmes involved a more explicit, more prohibitive policy, and the court in Holmes found that the policy put the employee on notice that any emails she sent on her work computer would not be private.
As the use of computer forensic analysis becomes increasingly common in litigation, this issue should continue to arise. The case law is still developing, but both Holmes and Stengart suggest that a detailed and thorough computer usage policy will be a benefit to employers.