When a person uses a company-supplied laptop, it's well understood the company
maybe may be monitoring your email messages. The company has an interest in ensuring that company intellectual property or other privileged information s not public. So far the courts have decided two cases with different outcomes. In Boise, Idaho, U.S. District Judge Shira A. Scheindlin rejected a claim that attorney - client privilege should NOT apply when using an employer's laptop to email an attorney, even when using a third party email provider, which in this case was Yahoo.
In Discovery Law's website, the analysis and report of the court's finding in this case summarizes the crux of the issue;
Quickly dismissing any work product protection because Charney represented only non-parties to the action, the court turned to the question of whether the emails were protected by attorney-client privilege. Specifically, the court presented the question: "Does the use of work e-mail waive any privilege?" To answer the question, the court turned first to the four factor test established by other jurisdictions:
(1) Is there a company policy banning personal use of e-mails?; (2) Does the company monitor the use of its e-mail?; (3) Does the company have access to all e-mails?; and (4) Did the company notify the employee about these policies? See In re Asia Global Crossing, LTD., 322 B.R. 247, 257 (S.D.N.Y.2005).
The court rejected Kirkpatrick's "bare assertion" that she did not "subjectively intend to waive the privilege" of the emails as "insufficient" in the face of her employer's policies regarding electronic communications. Specifically, her employer's policies stated that employee emails would: "(1) become company property, (2) be monitored, stored, accessed and disclosed by [the employer], and (3) should not be assumed to be confidential." Additionally, the court reasoned: "It is unreasonable for any employee in this technological age--and particularly an employee receiving the notice Kirkpatrick received--to believe that her e-mails, sent directly from her company's e-mail address over its computers, would not be stored by the company and made available for retrieval."
Accordingly, the court found that Kirkpatrick had waived the privilege as to those messages sent from work. Addressing emails sent from Charney to Kirkpatrick's work address, the court found that they were also unprotected:
[T]here is no question that her address--"xxxx@IHFA.org"--clearly put Charney on notice that he was using her work e-mail address. Employer monitoring of work-based e-mails is so ubiquitous that Charney should have been aware that the IHFA would be monitoring, accessing, and retrieving e-mails sent to that address. Given that, the Court finds that Charney's e-mails sent to Kirkpatrick's work e-mail are likewise unprotected by any privilege.
But yesterday, the New Jersey Supreme Court in a unanimous decision declared in a similar case involving email sent using an employer's computer and sent to an attorney is considered privileged. In this case, it was damning since the case involved the employer purposely tracking the employees email because it had found out that the employee was going to file a discrimination complaint against the company and promptly planned a defense using the contents of the email as a source of information.
HELD: Under the circumstances, Stengart could reasonably expect that e-mail communications with her lawyer through her personal, password-protected, web-based e-mail account would remain private, and that sending and receiving them using a company laptop did not eliminate the attorney-client privilege that protected them. By reading e-mails that were at least arguably privileged and failing to promptly notify Stengart about them, Loving Care's counsel violated RPC 4.4(b).
1. To determine the reasonableness of Stengart's expectation of privacy, the Court first examines the meaning and scope of the Policy. It does not give express notice to employees that messages exchanged on a personal, password protected, web-based e-mail account are subject to monitoring if company equipment is used. Although the Policy states that Loving Care may review matters on "the company's media systems and services," those terms are not defined. The prohibition of certain uses of "the e-mail system" appears to refer to company e-mail accounts, not personal accounts. The Policy does not warn employees that the contents of personal, web-based e-mails are stored on a hard drive and can be forensically retrieved and read. It also creates ambiguity by declaring that e-mails "are not to be considered private or personal," while also permitting "occasional personal use" of e-mail. (pp. 12-14)
2. The attorney-client privilege encourages free and full disclosure of information from the client to the attorney.
To be protected, a communication must initially be expressed by a client in connection with receiving legal advice, with the expectation that its contents remain confidential. The e-mails between Stengart and her lawyer contain a standard warning that their contents are personal and confidential and may constitute attorney-client communications. The subject matter of those messages appears to relate to Stengart's anticipated lawsuit against Loving Care. (pp. 14-15)
3. In this case, the source of the reasonable-expectation-of-privacy standard is the common law tort of "intrusion on seclusion." Under the Restatement (Second) of Torts, a person who "intentionally intrudes" upon the "seclusion of another or his private affairs" is liable for invasion of privacy "if the intrusion would be highly offensive to a reasonable person." Reasonableness has both subjective and objective components. Whether an employee has a reasonable expectation of privacy in a particular work setting must be addressed on a case-by-case basis. (pp. 15-17)
4. No reported New Jersey decision offers direct guidance for this case. A Massachusetts decision, National Economic Research Associates v. Evans, is most analogous to the facts here. In Evans, an employee used a company laptop to communicate with his attorney through his personal, password-protected Yahoo account. The emails were automatically stored in a temporary Internet file on the laptop's hard drive and were later retrieved by a forensic expert. A company manual permitted personal use of e-mail, to "be kept to a minimum," but warned that computer resources were the "property of the Company" and that e-mails were "not confidential" and could be read "during routine checks." The court denied the company's request to use the e-mails. The court reasoned that, while the manual warned that e-mails sent on the network could be read, it did not expressly state that the company would monitor the content of e-mail communications made from an employee's personal e-mail account when they were viewed on a company-issued computer. Also, the company did not warn employees that the content of such e-mails is stored on the hard drive and capable of being read by the company. The court found that the employee had a reasonable expectation of privacy in e-mails with his attorney. (pp. 17-19)
The New Jersey Court's decision in its entirety is available here. The Supreme Court of the United States is set to consider employee privacy in City of Ontario v. Quon, in which EPIC submitted a "friend of the court brief."