Quirky Question # 144:

I'm confused. I thought we could review our employee's email communications when sent out on our company's equipment. Our electronic communications policy states clearly that we reserve the right to do so.

I also thought we could review even privileged communications between our soon-to-be ex-employee and his attorney, if these communications were sent on our email system. I'm now being advised that we cannot do so. Can you offer any guidance?

My Analysis:

Your question illustrates the ongoing legal evolution in areas where advancing technology intersects employment law or affects other facets of legal analyses – here, the attorney-client privilege. Like technology itself, the law is developing and changing quickly in areas affected by technological advancements.

With respect to the issue of whether a company may review email communications of its employees, including even email communications between your employee and his/her outside counsel, I have written on this subject twice before. (To find the earlier analyses, use the “View by Topic” bar on the upper left-hand side of this page and scroll down to the topic, “Attorney-Client Privilege.” There, you will see two articles, QQ # 111 and QQ # 18, both addressing this issue.) Happily, I am pleased to report that the advice I gave two years ago has been validated and reinforced by a recent decision from the Supreme Court of New Jersey.

The “confusion” you may be experiencing regarding this issue likely reflects the fact that this continues to be an area of the law where courts are providing mixed messages to litigants and their lawyers alike. Unsurprisingly, not all judicial decisions have adopted a uniform approach to the question of whether email communications to counsel, when sent on a company’s communications systems or computers, are protected by the attorney-client privilege.

One case that has received considerable recent attention and commentary is Stengart v. Loving Care Agency, Inc., et al., decided by the Supreme Court of New Jersey on March 30, 2010. (I previously discussed the intermediate appellate decision in this case – see QQ # 111.) Stengart is a thoughtful opinion and highlights many of the issues that you should consider in evaluating your unique fact pattern.

The Stengart facts were relatively straightforward. Stengart, an Executive Director of Nursing for Loving Care, had been with the organization since 1994. During her tenure with the organization, she had been provided a laptop computer for company business. With the computer she could send emails on the company’s email system. She also could access the Internet and access her own, password protected email account at Yahoo. Unbeknownst to Stengart, however, Loving Care had installed certain browser software on her computer that automatically copied each web page she viewed, and stored all of her web-based communications on her hard drive.

In late 2007, Stengart used her computer to access her private Internet email account to communicate with her counsel about her situation at work. Her lawyers also communicated with her using that Yahoo email account. Stengart later resigned her employment, at which time she turned in her company computer. She subsequently brought claims for constructive discharge, hostile work environment, retaliation, and gender, religion and national origin discrimination. In connection with her lawsuit, her former employer hired a computer forensic firm to image the computer’s hard drive. The computer forensics firm retrieved the information on the hard drive, including the email messages between Stengart and her attorneys.

Despite the fact that the retrieved files contained the communications between Stengart and her counsel, the law firm representing Loving Care reviewed the information obtained from the computer forensic firm. Further, it was not until they received discovery requests from Stengart’s counsel several months later that they even acknowledged they were in possession of the communications Stengart had had with her lawyers.

Loving Cove’s counsel attempted to justify their withholding and review of the attorney-client communication on several grounds, including the company’s electronic communications policy. That policy, provided in part that: a) the company reserved the right to access and review all information on the company’s media systems at any time; b) email messages, internet use and communication, and computer files were considered part of the company’s business; and c) these types of communications were not to be considered personal or private to any individual employees.

The policy, however, also permitted “occasional personal use,” and the types of activities the company proscribed had nothing to do with the conduct in which Stengart had engaged. Moreover, the policy was silent on the use of the company’s computer system to access private Internet-based email systems (e.g., Yahoo, Gmail, AOL, etc.). Similarly, the policy did not apprise the employees that all Internet communications were automatically stored by the company on the computer hard drive and later would be accessible to Loving Care.

The trial court found that Loving Care’s counsel had acted properly, holding that the company’s policy had put Stengart on notice that her emails would be considered company property. The intermediate appellate court reversed this holding. The New Jersey Supreme Court affirmed the holding of the intermediate appellate court, remanding to the trial court the question of what sanctions should be imposed on defense counsel, including potential disqualification from the case.

The Supreme Court of New Jersey focused on two primary areas in reaching this result – the adequacy of notice provided by the company’s communications policy and the important public policy considerations implicated by the attorney-client privilege.

With respect to Loving Care’s electronic communications policy, the court found that the policy was imprecise, failing to define a number of critical terms. Equally important, as referenced above, the policy did not apprise the employees that the company reserved the right to review communications sent on private, password protected Internet email systems. And, the company did not inform employees that these communications were being automatically archived and stored. Further, the court felt that the company’s grant of permission for “occasional personal use” made the policy ambiguous.

As for the attorney-client privilege, the court emphasized that it is a “venerable privilege . . . enshrined in history and practice.” The New Jersey high court noted that the attorney-client privilege is designed to foster “free and full disclosure of information,” based on “full, candid and confidential exchanges” between a client and counsel.

Given these perspectives, the court found that Stengart had a “reasonable expectation of privacy in the e-mails she exchanged with her attorney . . ..” She had not used the company’s email communication system, but rather had used a password protected Internet email account to send her messages. She had not saved her password to access her Yahoo email account anywhere on her computer. Further, the communications from counsel bore a standard confidentiality notice that emphasized the communication was confidential, personal, and covered by the attorney-client privilege. In light of all of these facts, the court concluded that Stengart had a reasonable expectation that her communications, despite having been sent on a company issued computer, would remain private.

In reaching this conclusion, the court emphasized that these types of situations were highly dependent on the individual facts of each case. Some of the variables the court referenced in its analysis included the following:

the language of the company’s electronic communications policy whether a company’s electronic communications policy prohibited all personal email use whether the computer was used for conduct specifically prohibited by the policy (e.g., communicating sexually explicit material) whether the computer was used for illegal conduct (e.g., transmitting child pornography) whether the communications described illegal conduct (e.g., embezzlement of a company’s funds or other illegal schemes) whether the employee used the company’s email system to communicate with counsel or whether, as in Stengart, the employee used a separate Internet based email system whether the system used by the employee was password protected whether the employee had carefully protected the password used to access the Internet email account where the computer was located (e.g., an employee working from a home office), and whether the messages sent on a company computer through an Internet account even used the company’s communications systems. Notwithstanding the court’s discussion of these factors, it is clear that in New Jersey, the employee’s expectations of privacy and the priority given to preserving carefully the attorney-client privilege will be weighed heavily in any judicial analysis. Unless there are some unusual circumstances involved, communications between an employee and his/her counsel should not be reviewed by the company or its outside counsel. Conducting this review exposes the company and its outside counsel to the risk of sanctions, including, without limitation, disqualification from the representation.

As noted above, the law in this area continues to evolve. The Stengart court referenced a number of other recent decisions from other courts in other jurisdictions, not all of which have analyzed the issues in the same way. In my view, however, the prudent course for a company’s in-house lawyers and its outside counsel alike is to give the attorney-client privilege the deference it deserves and stay clear of communications potentially covered by the attorney-client privilege.

As I described in my prior analysis of this case, this does not mean that a company is precluded from reviewing carefully the contents of a current or former employee’s computer. This review may be critical in a variety of factual contexts and the information contained on the computer may prove very important (e.g., in a sexual harassment case where the computer contains numerous bawdy and inappropriate email communications). To the extent a company has any reason to believe at the inception of the review that the computer also may contain communications between an employee and counsel, however, special precautions should be put into place. This could involve utilizing a separate law firm to review the arguably privileged materials, with strict, written instructions that the privileged materials are not to be shared with the company. Or, the computer forensic firm could be given clear instructions not to provide any privileged communications to the company that retained it. (Again, in my view, that instruction should be in writing, and must be scrupulously followed once given.) Taking these precautions will insulate both the company and its inside and outside counsel from potentially embarrassing sanctions. Likewise, even if the company did not anticipate these types of communications at the inception of the computer review, if discovered during the course of an analysis of the computer, these communications should not be reviewed. When appropriate, consider full disclosure to opposing counsel and judicial involvement.

Finally, a review of the Stengart opinion does highlight some measures companies could take if they want to try to preserve their rights to review even privileged communications. For example, the electronic communications policies would have to be clear and explicit. They would have to inform the company’s employees that all communications, including otherwise privileged communications, are subject to review. They would have to advise the employees that even Internet accessed and password protected email communications may be preserved and reviewed. They would have to prohibit personal use of the company’s email systems by the employees.

From my perspective, however, these types of policy provisions likely are not worth it. They may generate resentment by the employees. They will be difficult to enforce (and the failure to enforce them may itself undermine the policies). And, even if these steps are taken, a court still may repudiate the company’s approach because of the paramount importance of the attorney-client privilege.