Frazzled by the incessant demands for her company Acne Brick’s financial records from her husband’s divorce lawyer Ditcher Quick, company president Annie Acne was wondering what her next maneuver might be when her Information Technology officer walked into her office. The subpoena that he was holding demanded production of all Acne email communications between Annie and (i) her divorce lawyers and (ii) her attorney brother who helped her rearrange just a few things. Annie immediately called her attorney Elle O’Quent to ask, “Can Acne Brick be ordered to produce Annie’s emails from Acne’s computer?”

Maybe, depending upon what the Acne employee handbook says. If Acne has an explicit policy on lack of privacy, any attorney-client privilege that Annie may claim with her attorney Elle O’Quent is waived, including any claim of an attorney-client relationship with her brother. If the company has no email / computer policy, both the attorney-client privilege and Annie’s expectation of privacy are likely to be honored unless the company takes actions to make its employees’ lack of privacy obvious. For anything in between, a fact-intensive analysis is required.

Pulling out the Acne employee handbook which was generated from the internet, the IT officer points to “Corporate Email Usage” which provides “Our employees represent our company whenever they use their corporate email address… Our company has the right to monitor and archive corporate emails.”

When analyzing whether an individual has waived attorney-client privilege through the use of company email, courts have analogized the reasoning to an employee’s Fourth Amendment right to privacy in the contents of their office computer – was there (i) a “subjective expectation of privacy” (ii) that “society accepts as objectively reasonable?”

To decide whether Annie has a reasonable expectation of privacy in e-mail communications sent and received over a company network that would be protected by the attorney-client privilege Texas courts have asked if:

(i) the company had a policy banning personal use,

(ii) the company monitored employee’s computer or e-mail,

(iii) third parties have a right to access the employee’s computer or e-mails, and

(iv) the company notified the employee, or if the employee was aware, of the company’s use and monitoring policies.

Considering the language of the Acne employee handbook, Annie was on notice of the company’s right to monitor and to keep Annie’s emails. It is probable that Acne Brick’s IT officer must produce to Ditcher Quick all of Annie’s personal emails on her corporate Acne Brick account, including those to her attorney Elle O’Quent and to her attorney brother. In fact, language as apparently innocuous as “Employees should limit their use of the e-mail resources to official business” was held by a Delaware bankruptcy court to eliminate an employee’s expectation of privacy.

Tilting the Scales in Your Favor

Protecting Acne Brick is not as simple as implementing a sweeping computer use policy announcing that the company owns and has the right to monitor all company computers and emails. Yes, Acne Brick has its own interests to protect. Yet, an overly broad policy creates a risk both to the company and to its employees that any litigant can successfully procure all email communications – including those generally believed to be protected by the attorney-client privilege. The risk is that any company with such a broad policy may find that its IT group is responding to more and more third-party email and computer document demands affecting its employees.

At a minimum, companies with a computer use policy allowing company access to monitor an employee’s computer or email account should also consider advising their employees:

  • Strongly consider maintaining and using a separate email account, and likely, separate mobile phone;
  • Do not use the company computer / telephone / email account to communicate any personal, non-company information that you do not want to share outside of the company.