Exploring Tough Questions on E-Mail Confidentiality

I found a couple of other blog posts today linking to the story (“GCs to Employees: Think Before You Send“) I posted about yesterday.

First, the White Collar Crime Prof Blog has an interesting post (“The Three Most Dangerous Buttons: Send, Forward, and Reply All“) where they segue from the article to the the indictment of Department of Homeland Security Bernie Kerik. The link appears in the indictment where it’s revealed that Kerik sent e-mails complaining how he felt like he was on “welfare.”

Next, Sean Doherty (Editor of Law.com’s Legal Technology Center) posts a few paragraphs on the EDD Update blog entitled “The Good and Bad News About E-mail.” Sean asks why we see so many problems with employees sending e-mails with the belief that they are private and confidential. He concludes:

“It comes down to policy and training, or lack thereof.”

Not only does he link to the article referenced above, but Sean points to a couple of other excellent stories on how to handle e-mail confidentiality.

Christopher Caparelli of Torys LLP authors an excellent short treatise entitled “Employee e-mail and the attorney-client privilege.” It may sound like another article beating a dead horse topic, but Caparelli makes some excellent contemporary points such as:

“Before e-mail, it was well-settled that an attorney-client communication was not confidential — and, therefore, not privileged — if it was made in the presence of a third party who was not an agent of the attorney or client. But in the electronic age, does the employer’s computer system serve as the third party that eliminates the privilege?”

Caparelli explains that there is both a subjective test (was the message intended to be confidential) and an objective test (was there a reasonable expectation of privacy) for determining the confidentiality of an e-mail message. It’s regularly accepted that an e-mail (even unencrypted) sent from a client to their lawyer is subjectively intended to be confidential, so the objective question remains whether an employee holds a reasonable expectation of privacy in an e-mail that resides on a company’s e-mail server or backup tape.

Caprelli provides an excellent legal analysis of the issue based on the 4 factors outlined in the New York City Bankruptcy Court opinion In re Asia Global Crossing Ltd 322 B.R. 247 (Bankr. S.D.N.Y. 2005). The factors basically revolve around whether or not the company has an e-mail usage policy and to what extent they actively enforce that policy.

Caprelli concludes:

“Employees … should assume that any e-mail sent through an office computer to his or her personal lawyer will not be privileged. … [T]he court in the Asia Global Crossing said it best when it observed that ‘sending a message over the [company’s] e-mail system was like placing a copy of that message in the company files.'”

Link to article.

For additional guidance on creating an effective e-mail policy, turn to “Make Sure Reading Employee’s Personal E-Mail is OK” by Barbara A. Lee of Edwards Angell Palmer & Dodge LLP.

After exploring the relevant case law on the subject, Ms. Lee offers some specific tips:

“To ensure their electronic monitoring is proper, employers should establish a policy that any message created on or sent through the company’s computer network and/or company-owned computers is subject to monitoring, and that employees have no expectation of privacy in such communications.”

Ms. Lee also suggest regular and consistent reminders of the policy to employees and obtaining their signatures acknowledging their receipt or even a “read” receipt if the notice is sent to employees via e-mail. Further, “employers should consider creating a similar message that appears each time the employee logs onto the company’s Internet or e-mail system.”

Link to article.