The In re Asia Global Crossing Ltd., 322 B.R. 247 (Bankr., S.D.N.Y. 2005) decision sets forth the standard four-factor test for determining whether an employee’s communication via work computer or email network can be withheld from discovery as privileged, private or confidential. A federal court in Brooklyn recently became the first to apply the Asia Global factors to a police search, holding that this same test governs materials obtained via search warrant. United States v. Nordlicht, 2018 U.S. Dist. Lexis 17630 (E.D.N.Y. Feb. 2, 2018).
The Nordlicht case involved the Platinum Partners hedge fund, which has been described as “perhaps the largest fraud since Bernard L. Madoff’s Ponzi scheme.” Wall Street Journal, Dec. 19, 2016. At the center of the alleged fraud was the fund’s founder, Mark Nordlicht, who along with the fund’s former president and four others, was arrested and charged with faking the firm’s performance figures for personal gain. According to the indictment, Nordlicht and cohorts openly discussed, over the corporate email system, fleeing the country.
Nordlicht et al. moved to suppress the emails and other evidence that the police obtained via search warrant, arguing that, as Platinum employees, “they expected that their Platinum-provided computer, email account, and other electronic information would not be reviewed by law enforcement absent proper legal authority to do so.” Applying the four-factor Asia Global test, however, the District Court denied the motion to suppress the emails.
In Asia Global, the Court acknowledged that the “use of the company’s e‑mail system does not, without more, destroy the privilege.” Indeed, that is existing New York and California law. New York CPLR 4548, for example, provides: “No communication … shall lose its privileged character for the sole reason that it is communicated by electronic means or because persons necessary for the delivery or facilitation of such electronic communication may have access to the content of the communication.” Accord Cal. Evid. Code § 917(b).
But the Court in Asia Global held that an employee’s expectation of privacy in his or her email and computer files can be overcome if the answer to the following four questions is “yes”: “(1) does the corporation maintain a policy banning personal or other objectionable use, (2) does the company monitor the use of the employees computer or e-mail, (3) do third parties have a right of access to the computer or e-mails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?”
Asia Global involved an assertion of attorney-client privilege, but it has since been extended to other disclosure contexts, including the marital communications privilege that protects private and confidential communications between spouses. E.g., In re Reserve Fund Sec. & Derivative Litig., 275 F.R.D. 154 (S.D.N.Y. 2011).
The thread connecting many of these later cases is the financial services industry. A strict regulatory inspection regime governs much of the industry, causing many Courts to question the reasonableness of any privacy expectation by employees.
In the Nordlicht case, however, the issue was not a common law privilege – which courts tend to construe narrowly – but rather the Fourth Amendment right to privacy – which courts have traditionally viewed more liberally. While acknowledging the issue to be one of first impression, the Court still applied the four Asia Global factors to Constitutional privacy analysis.
In the Court’s view, all four Asia Global factors had been met. First, while Platinum’s compliance manual did not prohibit outright the use of company electronic devices for personal purposes, it did advise employees to “minimize the use of the Firm’s system for personal matters.” Second, the manual expressly reserved a monitoring right: “[t]he Firm has the right to monitor all activities involving its computers and the computer system.” Third, the manual detailed that Platinum, as a regulated entity, was subject to inspection “at any time” by the SEC’s Office of Compliance Inspections and Enforcement. Fourth, Platinum provided its compliance manual to all of its employees, as it was required to do by law.
It could be argued that these decisions are somewhat divorced from reality. In Asia Global, the principal movant was the company’s CEO; in Reserve Fund, the Vice Chairman, President and part owner; and in Nordlicht¸ the founder and majority owner. It is difficult, if not impossible, to believe that anyone in any of these companies would have felt that he or she had the authority to inspect the boss’s emails without the boss’s permission. Yet, in each of these cases, the Court looked only to the words on the page and not to actual practice.
Nordlicht thus reinforces that, even when Constitutional rights are at stake, Courts will usually accept a company’s email and electronic device policy at face value, particularly in the financial services sector. Senior management-level employees should therefore be made aware that they face the same risks from the use of corporate email as would any other employee.