Many employees, even high ranking ones, use their work email for personal purposes. Such was the case with Zara USA, Inc.’s general counsel, who sued Zara for employment discrimination and wrongful discharge and used his work email to communicate with his partner and even his attorney. In Miller v. Zara USA, Inc., 151 A.D.3d 462 (N.Y. App. Div. 2017), the court determined that Miller had no reasonable expectation of privacy in his personal use of the laptop computer supplied by his employer or in his business email account. The employee handbook, which, as general counsel, Miller had “at least constructive knowledge” of, restricted the use of company-owned electronic resources to business purposes.

Specifically, the employee handbook provided that

  • Any data collected, downloaded and/or created was the exclusive property of Zara
  • Zara could access that information at any time without prior notice
  • Employees do not have an expectation of privacy or confidentiality in any information transmitted and stored on Zara’s electronic communications resources

The court accordingly found Miller did not have an expectation of privacy in his business email or laptop computer.

Attorney work product confidentiality, however, was another matter. The court ruled that Miller simply having attorney work product on his business laptop did not automatically waive the protection. Zara acknowledged it had never viewed those documents and because there was no actual disclosure to a third party, storage of the documents on the laptop did not alone waive the protection.

Many of the documents were created after Miller was terminated and the court was concerned that “[i]t appears defendant is merely trying to gain litigation advantage by accessing documents that may be privileged.”

The stakes are even higher where criminal charges are at issue. Indeed, at least one court has found emails between an attorney and client on the client’s work computer can be used as evidence in a criminal case.

In United States v. Finazzo, No. 10-CR-457 (E.D.N.Y. Feb. 19, 2013), aff’d in part, 682 F. App’x 6 (2d. Cir. 2017), the Eastern District of New York allowed the federal government to introduce a lengthy email sent to an employee of Aéropostale, Christopher Finazzo, from his personal attorney. The email discussed Finazzo’s will, and included a list of assets that identified several entities Finazzo owned named “South Bay.” Following an investigation by Aéropostale, Finazzo was charged with using the South Bay entities to perpetuate a fraudulent kickback scheme in which he caused Aéropostale to purchase product from South Bay while Finazzo secretly received a portion of South Bay’s profits.

The court allowed the email to be used as evidence, finding that Finazzo had no reasonable expectation of privacy in his work email because Aéropostale had a “clear and long-consistent policy” limiting an employee’s personal use of the email system and informing its employees they had “no right to privacy” while using them.

The takeaway for employees is to be very careful what you use your work email account and systems for. The takeaway for employers is to have clear, consistent policies limiting personal use and privacy expectations in your business systems. Jeanine Kerridge is a partner in the Barnes & Thornburg’s Indianapolis office and a member of the Litigation Department and the Government Services and Finance Department. Jeanine focuses her practice on representing corporate, governmental, and individual clients in complex civil litigation, often involving high-stakes commercial claims or civil enforcement of criminal liability. Jeanine also has an extensive background in government and public policy and regularly represents government agencies and private entities in constitutional and regulatory disputes.