Get Personal With A Computer Usage Policy

Most businesses have a computer and e-mail usage policy that advises employees of their rights—or lack thereof—when using company systems. For example, these policies may advise employees that e-mails or other messages they send through work computer systems are not private. How do these policies affect a claim of attorney-client privilege? The majority of courts that have addressed the issue have found that employees who e-mail their personal attorneys through business e-mail accounts or using work computers waive the protections afforded by the attorney-client privilege. In Chechele v. Ward (W.D. Okla. Sept. 28, 2012), the court noted the existence of the company’s computer and e-mail usage policy in finding that an employee waived the privilege with respect to e-mails he sent to his attorney from his work computer. Although the company allowed employees to use its computer systems for personal business, it issued a policy that e-mails were “not guaranteed to be private or confidential.” The company also “reserve[d] the right to examine, monitor, and regulate e-mail messages, directories and files, as well as any Internet usage.” Despite these warnings, the employee sent numerous messages to his personal lawyer.

In evaluating whether the employee waived the privilege, the court considered four factors: “(1) Is there a company policy banning personal use of e-mails?; (2) Does the company monitor the use of its e-mails?; (3) Does the company have access to all e-mails?; and (4) Did the company notify the employee about these policies?” Based on its analysis, the court found the defendant “had no objectively reasonable expectation of privacy or confidentiality regarding his attorney-client communications and effectively waived the attorney-client privilege.”

Usage policies can help avoid discovery disputes in employment-related litigation like Chechele, but used proactively, they can also help facilitate early risk assessment. With tools like keyword searching companies can mine the personal accounts most likely to contain evidence that establishes patterns of wrongdoing or noncompliance.

While computer use policies may be powerful enough to defeat a claim of privilege, companies should be mindful that these policies do not provide carte blanche to rummage through employees’ private data. Personal e-mail accounts accessed via work systems are likely covered by usage policies, but it is less clear whether such policies apply to personal mobile devices used for work purposes. (In a recent case, Lazette v. Kulmatycki (N.D. Ohio June 5, 2013), a supervisor violated the Stored Communications Act when he accessed a former employee’s unopened Gmail through a company-issued Blackberry she had returned to the company.) Companies should be particularly wary of browsing social media accounts that are not used for work purposes, as many states’ privacy statutes restrict employer rights in this regard. Before plundering private employee accounts and potentially violating the law, companies should solicit guidance from discovery experts on the proper scope of these internal searches.

Gabriela P. Baron is senior vice president at Conduent. She can be reached at info@conduent.com.