The attorney-client privilege has long been one of the most sacrosanct principles of law in this country. The privilege is codified in the Federal Rules of Evidence and in New York’s Civil Procedure Law and Rules. The test for determining whether a communication is protected by that privilege is whether the client communicates with an attorney, in confidence, for the purpose of obtaining legal advice. However, a recent case of first impression interpreting New York law from the Commercial Division of New York’s Supreme Court should cause clients and their counsel to consider carefully whether email communications to each other are in fact privileged when the email is sent to or from the client at his or her workplace.
In Scott v. Beth Israel Medical Center, Inc., 17 Misc. 3d 934, 847 N.Y.S.2d 436 (Sup. Ct. N.Y. Co. 2007), a doctor who was involved in an employment dispute with the defendant hospital had been communicating by email with his attorneys from a computer located in his hospital office. The hospital learned of and obtained possession of the emails. Its attorneys argued that the emails were not protected by the attorney-client privilege because the doctor could not have made the communications with the expectation of confidentiality when he used his hospital employee email address and sent the emails through the hospital’s server in violation of the hospital’s email policy.
The hospital’s email policy was maintained in an employee handbook which was distributed to every employee. It provided that all computer systems are the property of the hospital and should be used for business purposes only. In addition, the policy stated that all information and documents created and sent on the hospital’s computer systems are the property of the hospital and that employees have no personal privacy right in any material created, received or sent using such systems.
The key inquiry for the court was whether the employee had a reasonable expectation of privacy when his emails were sent. The court found the hospital’s email policy critical to its decision rejecting the doctor’s contention that the emails were sent and received in confidence. It equated an employer email policy, such as that of the hospital in this case, to having the employer looking over the employee’s shoulder each time an email is sent, which destroys the confidential nature of what otherwise would be a privileged communication.
Finding no New York case on point, the court looked for guidance to a federal bankruptcy case with similar facts. In In re Asia Global Crossing, Ltd., 322 BR 247 (S.D.N.Y. 2005), the court concluded that the attorney-client privilege would not be applicable if:
(1) the corporation maintains a policy banning personal or other objectionable use, (2) the company monitors the use of the employee’s computer or email, (3) third parties have a right of access to the computer or emails, and (4) the corporation notifies the employee or the employee was aware of the use and monitoring policies.
Applying the above factors, the court in Scott found that the employee should had no reasonable expectation of privacy when sending emails from his office, and ruled that the emails to his attorney were not privileged.
If employees want to insure that email communications are protected by the attorney-client privilege, they should take measures to segregate and secure personal emails and files. They should send emails from a personal, rather than a business email account, and use a home computer, instead of an office computer, to store such emails or other files. On the other hand, if an employer wants to maximize its ability to access employee emails, it should take necessary steps to notify and make sure employees understand that the office computer systems are corporate property and that employees should expect no privacy in their email communications from the office.