A recent decision of the U. S. District Court for the District of Columbia has cast doubt on the view that employees have no reasonable expectation of privacy in work email accounts. Specifically, in Convertino v. United States Department of Justice, Judge Royce C. Lamberth held that an employee’s communications with his attorney, sent to and received on the employee’s work email account, were protected from disclosure by the attorney-client privilege, even though the employer regularly accessed and saved such email communications.

In Convertino, the plaintiff, Assistant U. S. Attorney Richard Convertino, filed suit against his employer, the U. S. Department of Justice (“DOJ”), and against Eastern District of Michigan First Assistant U. S. Attorney Jonathan Tukel. The complaint alleged that Convertino was retaliated against for certain testimony before Congress and that, in violation of the Privacy Act, the DOJ improperly leaked information regarding an investigation into Convertino’s potential prosecutorial misconduct. The retaliation claim (the only claim alleged against Tukel) ultimately was dismissed for lack of subject matter jurisdiction; however, the parties conducted discovery related to the Privacy Act claim.

Although the claim against Tukel was dismissed, a discovery dispute resulted in the Court’s review of 36 emails between Tukel and his personal counsel, sent and received using Tukel’s DOJ email account, to determine whether they were protected by the attorney-client privilege. Tukel intervened in the discovery dispute to assert privilege over the email communications. Plaintiff Convertino took the position that Tukel waived his right to assert the attorney-client privilege because the communications were made using the DOJ’s email account.

Judge Lamberth upheld the privilege. In so doing, he articulated that application of the privilege requires a case by case analysis to determine whether there is a subjective expectation of confidentiality that is objectively reasonable, based on the following: (1) whether the employer maintains a policy banning personal or other objectionable use; (2) whether the employer monitors the use of the employee’s computer or email; (3) whether third parties have a right of access to the computer or email; and (4) whether the employer notified the employee, or whether the employee was aware, of the employer’s use and monitoring policies. The Court found that Tukel’s expectation of privacy was reasonable because, according to the opinion, the DOJ does not ban personal use of its email system, Tukel attempted to delete the email, and Tukel was unaware the DOJ “would be regularly accessing and saving e-mails sent from his account.”

This opinion highlights why employers should develop, maintain, disseminate, and periodically update clear policies regarding acceptable practices for company information technology. Such policies should include, among other things, guidelines governing personal and prohibited uses and statements related to privacy and confidentiality. Taking such steps can reduce any arguable expectation of privacy and prevent employees from shielding their personal use of company resources from discovery in litigation against the company.