Recent Federal Court Decisions on Discoverability of Employee Email Communications Highlight Need for Employers to Implement and Enforce Electronic Communications Policies

Two recent federal court decisions addressing the discoverability of employee emails demonstrate the importance of employers implementing and enforcing electronic communications policies and training their employees on the policy and appropriate use of company email systems. In Kaufman v. SunGard Invest. Sys., 2006 WL 1307882 (D.N.J. May 10, 2006) and Curto v. Medical World Communications, 2006 WL 1318387 (E.D.N.Y. May 15, 2006), federal district court judges in the District of New Jersey and the Eastern District of New York reached opposite conclusions in cases addressing the same question — does an employee have a reasonable expectation of privacy in emails exchanged with his or her attorney using the employer’s email system based on the attorney-client privilege. In both cases, the court’s decisions turned on whether the employer had implemented, advised employees of, and, most importantly, enforced an electronic communications policy that states that employee email is the property of the company and subject to search and monitoring.

In Kaufman v. SunGard Invest. Sys., 2006 WL 1307882 (D.N.J. May 10, 2006), Judge Linares affirmed a letter order of Magistrate Judge Hedges holding that plaintiff had no reasonable expectation of privacy in emails exchanged with her attorney using SunGard’s network. The case arose out of defendant SunGard’s 2002 purchase of substantially all of the assets of OSI, a financial software company. As part of this deal, SunGard hired Kaufman, OSI’s President and shareholder, as the head of the new business unit acquired from OSI. The relationship between Kaufman and SunGard deteriorated over the next two years, and Kaufman’s employment was terminated in December 2004. Several weeks later, plaintiff returned two laptop computers she had used for SunGard business, having previously deleted from the computers privileged email communications with her attorney. SunGard obtained an Order to Show Cause several months later for relief against plaintiff relating to SunGard confidential information. In opposition to the Order to Show Cause, plaintiff raised the issue of her privileged communications when SunGard’s expert indicated that he had restored the files plaintiff had deleted from the laptops. Motion practice relating to the discoverability of plaintiff’s communications with her attorney followed.

In his May 10, 2006 opinion, Judge Linares held that plaintiff waived any privilege that would have otherwise attached to her post-closing communications with her attorney because she “knowingly utilized SunGard’s network with the knowledge that company policy provided that SunGard could search and monitor email communications at any time.” Specifically, SunGard’s “Use of Company Property and Services” policy stated that company property included “information stored on computers” and “e-mail.” In addition, the policy warned that employees had no expectation of privacy in “any items created with, stored on, or stored within Company property” and that e-mails were “subject to monitoring, search or interception at any time, with or without notice to the sender or recipient.” Finding that plaintiff’s agreement to abide by company policy was not in dispute, the Court held that “all information and emails stored on SunGard’s computer systems were SunGard property” and therefore, plaintiff had no reasonable expectation of privacy in her communications with her attorney.

In Curto v. Medical World Communications, 2006 WL 1318387 (E.D.N.Y. May 15, 2006), Judge Hurley of the Eastern District of New York reached the opposite conclusion on this issue, holding that plaintiff did not waive her right to assert the attorney-client privilege in connection with email correspondence with her attorney that was retrieved from laptop computers owned by her former employer that she used during her employment. The Court reached this holding despite the fact that the employer, Medical World Communications (“MWC”), had an “E-mail/Computer Privacy Policy,” the receipt and understanding of which plaintiff acknowledged on two occasions. As in SunGard’s case, MWC’s policy specifically provided that employees had no expectation of privacy in anything that is “create[d], store[d[, sen[t], or receive[d] on the computer system” and that MWC may “monitor use of computer resources.”

The Court’s opinion finding that plaintiff had not waived the attorney-client privilege was highly fact-sensitive and relied heavily on the following factors: (1) plaintiff worked primarily from home, using employer-owned laptop computers that were not connected to the employer’s server; (2) the employer here rarely, if ever, enforced its computer usage policy, and in any event, could not have monitored plaintiff’s email without physically going to plaintiff’s home, or having her bring the laptop computers to the office; (3) plaintiff took precautions to protect her privileged communications, sending the emails at issue through her personal AOL account, not her work email account, and attempting to delete the emails before turning in her laptops. In reaching this decision, the Court indicated that it would examine cases involving whether an employee has a reasonable expectation of privacy on a case-by-case basis, even where the attorney-client privilege is at issue.

Although the Kaufman and Curto cases focus on the narrow issue of discoverability of electronic communications exchanged by an employee and his or her attorney, they offer broader lessons for all employers.

• • Every employer should have an electronic communications policy in place. In addition to stating that employee email is the property of the company and subject to search and monitoring, employer policies should make clear that the company’s right to search and monitor does not end when the employee leaves the office. Rather, electronic communications policies should clearly state that they cover any and all use of the company’s electronic systems — whether these systems are used in or out of the office and regardless of whether they are connected to the company’s server.

• • Although having a comprehensive electronic communications policy is the first step, it may no longer be enough to protect the employer’s interests in every case. Employers also need to ensure that employees are aware of and fully understand the policy. Employers — particularly those who rely extensively on employees’ electronic communications outside the office — should seriously consider training their employees on the company’s electronic communications policy. As part of this training, the policy should be reviewed in detail and reissued to employees, and employees should be required to sign an acknowledgement stating that they have received and understand the policy.

• Finally, employers that do not currently monitor employee electronic communications on a routine basis should consider doing so. As the Curto decision indicates, an employer’s failure to enforce its own electronic communications policy may inadvertently lull employees into a “false sense of security,” undermining the company’s policy. Moreover, if the employer later searches and monitors email communications out of the ordinary course and is challenged, the company’s failure to routinely monitor may be considered against the employer by a court analyzing whether the employee had a reasonable expectation of privacy.