This will likely be my last post before Christmas, and so, in the spirit of the season, I am leaving you with a few images of the December 19 blizzard in Philly — and one small workplace electronic privacy morsel.
The Christmas blizzard
Shake the snow from your boots, pull a chair up by the fire, and let’s touch briefly on Convertino v. U.S. Dep’t of Justice, Civ. No. 04-236 (D.D.C. Dec. 10, 2009). This ruling by a federal district court in Washington, D.C. is being hailed as the next in the Stengart v. Loving Care Agency, Inc. line of cases that supposedly vindicate an employee’s right to electronic privacy in the workplace.
Richard Convertino is a former federal anti-terrorism prosecutor who was forced out by an investigation of prosecutorial misconduct during the Bush administration. Information about the investigation was leaked to the Detroit Free Press. In his action against the Justice Department for whistleblowing retaliation and other claims, Convertino sought discovery of e-mails between Tukel, another prosecutor involved in the investigation, and his private attorney, e-mails that were sent from a Justice Department computer using Tukel’s DOJ account (not even a web-accessed personal e-mail account, as in Stengart). The court refused to grant access to the e-mails, holding that Tukel had a reasonable expectation of privacy which supported his assertion that the e-mails were still protected by the attorney-client privilege.
In finding for Tukel, the court specifically examined the Justice Department’s Internet use policy and determined that, in view of the policy, he was not on notice that his personal e-mails were being monitored and, therefore, his actions in deleting the e-mails from his account in an expeditious manner amounted to a non-waiver of the attorney-client privilege:
“Mr. Tukel reasonably expected his e-mails with his personal attorney to remain private…. Case law in this jurisdiction in not directly on point but New York gives the Court some direction. ‘[T]he question of privilege comes down to whether the intent to communicate in confidence was objectively reasonable.’ … In order for documents sent through e-mail to be protected by the attorney-client privilege there must be a subjective expectation of confidentiality that is found to be objectively reasonable…. [Four factors to determine reasonableness are] ‘(1) does the corporation maintain a policy banning personal or other objectionable use, (2) does the company monitor the use of the employee’s computer or e-mail, (3) do third parties have a right of access to the computer or e-mails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?’ … Each case should be given an individualized look to see if the party requesting the protection of the privilege was reasonable in its actions….
“On the facts of this case, Mr. Tukel’s expectation of privacy was reasonable. The DOJ maintains a policy that does not ban personal use of the company e-mail. Although the DOJ does have access to personal e-mails sent through this account, Mr. Tukel was unaware that they would regularly access and save e-mails sent from his account…. Because his expectations were reasonable, Mr. Tukel’s private e-mails will remain protected by the attorney-client privilege.”
As with Stengart (which was recently argued before the New Jersey Supreme Court), I am unconvinced that rulings like this create a broad right of privacy in personal communications sent through an employer’s IT resources. For one thing, the Internet use policy in Stengart as well as the DOJ’s policy in Convertino explicitly permitted personal use but were less than clear that ALL communications (personal as well as work-related) were subject to monitoring. Had the policies contained language like the following, the results might have been different: “We reserve the right to monitor, and periodically monitor, ALL communications sent using our computers and Internet access, whether personal or work-related, and including personal e-mails sent using your web-accessed e-mail (e.g., gmail, hotmail) account. You agree that you have no expectation of privacy in these e-mails and other communications. You should NOT send sensitive personal e-mails from a work e-mail account or a work computer.”
Secondly, I maintain that the attorney-client privilege is something special. If it’s held to be waived, the legal effect on a litigant — loss of or inability to implement legal strategy or exercise legal rights — is potentially catastrophic. Privileged e-mails are different from, say, embarrassing e-mails or e-mails that could get you into trouble with your boss. My sense is that courts will strain to avoid piercing such a hallowed privilege, except where a litigant has acted in a totally cavalier manner with regard to secrecy. I don’t agree with those legal commentators who claim the Convertino case actually reflects a dawning recognition that, due to the timing constraints in our harried modern lives, personal e-mails MUST be sent from work and should be shielded for that reason (regardless of how an employer’s computer/Internet use policy is worded or distributed). The court didn’t say this. In its own words, the case was about what the employee did and did not know about monitoring, pure and simple.
This battle will continue, of course. In the meantime, employers should think carefully about what personal uses of company Internet access and IT resources they wish to permit and make sure their approach to monitoring is clearly explained, particularly when read together with the sections of the policy detailing any approval of personal use.