The art of communication has changed considerably over the past few years. Rather than in-person or telephonic, the majority of communications in today’s business world are electronically transmitted. Likewise, professional advice, such as legal or accountant-related services, is often sought and rendered electronically.
The rise of technological advances has caused a clash with foundational legal cornerstones that have been established through decades of jurisprudence. Amongst those principles is the inviolate protection of the confidentiality between the attorney and client. Generally speaking, as long as a client reasonably expects that the communication with his/her lawyer is made in confidence, meaning that it will not be shared with third parties, for the purposes of receiving legal advice, the communication is privileged.
With the advent of electronic communications, the question arises as to whether the client should reasonably expect that an electronic communication be free from peering third party eyes. The question is compounded when the electronic communication is sent from a device owned or controlled by a third party, such as an employer, with no password protections or which may otherwise be monitored by a third party. Further complicating matters is a situation where an employee communicates with his/her private counsel, on a company computer, for matters pertaining to a dispute with the company. The courts are routinely tasked with deciding the expectation of confidentiality in these complex cases.
This is the situation addressed by the Delaware Court in In re Info. Mgmt. Services, Inc. Derivative Litig., 2013 WL 5426157 (Del. Ch. 2013). Drawing on the Supreme Court’s test of an employee’s expectation of privacy, the court found:
[A]n employee can have reasonable expectation of privacy in areas such as the employee’s office, desk, and files, but that the “employee’s expectation of privacy … may be reduced by virtue of actual office practices and procedures, or by legitimate regulation. … Although e-mail communication, like any other form of communication, carries the risk of unauthorized disclosure, the prevailing view is that lawyers and clients may communicate confidential information through unencrypted e-mail with a reasonable expectation of confidentiality.” [internal citations omitted].
The question thus turns to whether the client has “a reasonable expectation” to confidentiality. The court adopted the four factor test promulgated in the oft-cited In Re Asia Global Crossing, Ltd., 322 B.R. 247, 259 (S.D.N.Y.2005) decision, The Southern District of Florida has applied this test. See Leor Exploration & Prod. LLC v. Aguiar, 2009 WL 3097207 (S.D. Fla. 2009).
to determine whether there is an expectation of confidentiality:
(1) does the corporation maintain a policy banning personal or other objectionable use, (2) does the company monitor the use of the employee’s computer or e-mail, (3) do third parties have a right of access to the computer or e-mails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?
While no one factor is dispositive, “The question of privilege comes down to whether the [employee's] intent to communicate in confidence was objectively reasonable.”
Courts throughout the country have applied this test, or a derivation thereof, but generally center the analysis on the company’s explicit policies on electronic communications (or lack thereof), the manner in which this policy is communicated to the employees, and enforcement of such policies. Put simply, when the courts find an absence of corporate policies (or an absence of explicit communication of such policies), the courts will infer an expectation of confidentiality. However, where there is an explicit corporate policy duly communicated to the employee that provides that all emails (or other electronic data) used on company computers or stored on company servers may be monitored by the corporation, there can be no reasonable expectation of privacy.
In our ever-changing world, it is critical that every corporation ensure that it has a sound and clear policy on the rights to electronic information stored or transmitted on company computers and servers. The clarity of such a policy, duly communicated to the employees, may very well have far-reaching implications, from serving as the key to discovering, or concealing, the “smoking gun” in litigation, or perhaps uncovering, and preventing, an employee’s plan to misappropriate proprietary data to be used as a means of future competition. Regardless, corporate policies are becoming increasingly critical to ensure compliance with corporate goals and functions.