Current Rules of Engagement: Employee Attorney-Client E-mail Privacy on Company Computers

“Out of the facts arises the law”, is an old adage that comes to mind every time I see a new case grappling with employee privacy rights in the context of email on a company computer.  We live during an age of technological explosion.  Devices and gadgets that were the stuff of science fiction when I was a child are now in every school kid’s backpack.  It is safe to say that very few people could have predicted how quickly things would change technologically in our lifetimes.  Where it interests me as an employment attorney, is the fact that for every major technological advance, the law has had to play a game of ‘catch-up’.  This can cause great uncertainty for employees and employers alike.  Nowhere is this more apparent than on the topic of company email.  This post deals with a subset of employee emails: emails between an employee and his/her attorney.  Here’s a quick and dirty summary of where it stands now.

Summarizing the various court decisions in a short blog entry isn’t practical, so what I’ll try here is to highlight the salient points that have emerged from the case law.  Again, these cases focus on email communications between an employee and his/her attorney sent on company computer equipment.  Thus, they deal with a type of communication that typically is afforded the highest confidentiality and privacy protection (attorney-client communications), clashing with conventional notions of employer property rights.  I will break the rules up according to some of the factors the various courts have deemed relevant.

Cases Involving Employees Sending Emails to their Attorney on a Company Computer

a.       On Company-based Email System:

i.      Where Company Policy Clearly Bans Personal Use:  Courts have held that, where the company policy clearly prohibits excessive use of the company email system for personal emails, and indicates that the company can and may periodically review employee emails for compliance, the employee cannot have any reasonable expectation of privacy with respect to those emails, and thus any emails to her attorney would not be deemed private and privileged[i].

ii.      Where Company Policy Not Clear on Prohibition of Personal Use: Where employees sent attorney-client email through the company email system, but the company policy was less than clear in banning personal use, and didn’t make clear that data was stored and able to be read the emails were deemed privileged and private[ii].

b.      On Web-based Email System via Company Computer:

i.      At Home: Where the company email policy bans personal use, but does not clearly prohibit web-based email account usage (like Yahoo, Hotmail, Gmail, etc), and the employee sends the emails from home to her attorney on a company laptop, the emails have been deemed privileged[iii].

ii.      At Work: Where the company email policy bans personal use, but does not clearly prohibit web-based email account usage, and the employee sends the emails from work and/or home to her attorney on a company laptop, the emails have been deemed privileged[iv].

The Stengart decision issued by the New Jersey Supreme Court in March, 2010 contains some interesting guidance from the court on issues that while related to their ultimate decision in the case, were perhaps not central to it.  For instance, the emails at issue in that case contained the following warning at the end of each email from the attorney:

THE INFORMATION CONTAINED IN THIS EMAIL COMMUNICATION IS INTENDED ONLY FOR THE PERSONAL AND CONFIDENTIAL USE OF THE DESIGNATED RECIPIENT NAMED ABOVE. This message may be an Attorney-client communication, and as such is privileged and confidential.  If the reader of this message is not the intended recipient, you are hereby notified that you have received this communication in error, and that your review, dissemination, distribution, or copying of the message is strictly prohibited.  If you have received this transmission in error, please destroy this transmission and notify us immediately by telephone and/or reply email.

I, along with most other attorneys, have a similar notice at the foot of our emails.  However, the Stengart Court (and the Scott case) said that such a “pro forma warning” notice might not, on its own, protect a communication.  As if by instinct, I, along with many other attorneys, have long added more warning notices at the top of sensitive attorney-client emails in an attempt to further emphasize the privileged nature of the email and to warn anyone before they even start to read the email.  Those added warnings typically include some combination of the following:






Would this make a difference to the NJ Supreme Court in the Stengart case? It is not clear.  On the other hand, in the same decision, the NJ Supreme Court also warned that even a bullet-proof company policy that clearly banned all personal use of web-based email sent via company computer, and made it clear that the data is stored and subject to being read, would not be enforceable as pertains to attorney-client emails, due to the important public policy underlying the attorney-client relationship.  It is hard to tell from that statement what the court found most significant: The fact that the email was sent through a web-based personal email account, or that the email was an attorney-client communication and included some warnings?  By process of elimination, the California Appellate court in Holmes suggests to us that the most significant factor is the difference between web-based and company system emails.  Does that mean even web-based personal emails that are not between employee and attorney can expect to be protected?  Again, it is not clear from these decisions.

All of the courts in these decisions have been careful to note that each case must be evaluated on its specific facts, and that no single factor is necessarily dispositive.  To make matters worse, I must mention that since these decisions come from courts in different jurisdictions and States, it’s not quite clear which rules would apply to an email sent from one jurisdiction to another!

Any Takeaways for Employee Email Privacy in General?

For regular personal non-attorney-client emails sent from employees on company computers, the amount of protection, if any, will depend on the specific company policy in any given case.  The courts start their inquiry there to determine if, based on what the company email policy says, the employee in question could have had a reasonable expectation that the emails would be treated as private.  If the policy makes clear that no personal use is permitted, includes company and web-based email, and describes clearly that the emails may be stored/accessed and read by the company, chances are a court will find that the employee could have no reasonable expectation of privacy in those emails.   Unless of course they are attorney-client emails sent over web-based email systems, in which case I would counsel my business clients engaged in litigation to err on the side of caution and ask the court for guidance before reading any such email.  Either way, employers would be well advised to have employment counsel review and revise their email/internet/computer use policies.  A robust policy is still the best way to protect the company from employee misuse in most cases.

One last thing.  Apparently it is Social Media Week in NYC.  So, it is as good a time as any to mention that the NLRB settled its much publicized Facebook termination case yesterday.  I have the press release posted here. I will post my thoughts on it shortly.

DISCLAIMER: This site and any information contained herein, including this Blog, are intended for informational purposes only and should not be construed as legal advice. Seek competent counsel for advice on any legal matter.

[i] Smyth v. Pillsbury,914 F.Supp. 97 (E.D. P.a. 1996); Scott v. Beth Israel Med Ctr., N.Y.S.2d 436 (N.Y. Sup. Ct. 2007); Holmes v. Petrovich Development Co., (Cal. Ct. App. – Jan. 13, 2011).


[ii] In re Asia Global Crossing, Ltd., 322 B.R. 247 (Bankr. S.D.N.Y. 2005).

[iii] Curto v. Medical World Communications. 2006 WL 1318387 (E.D.N.Y. 2006).

[iv] Stengart v. Loving Care Agency, 990 A.2d 650 (N.J. 2010); National Economic Research Assoc. v. Evans, 2006 WL 2440008 (Mass. Super. Ct. 2006).

Be Sociable, Share!
This entry was posted in Blog. Bookmark the permalink.

One Response to Current Rules of Engagement: Employee Attorney-Client E-mail Privacy on Company Computers

  1. Pingback: Demystifying the Facebook Firing Case |