by Scott B. Garner

The ubiquitous use of email for professional and personal use has been both a boon and a headache for litigators. On the positive side, there is no better place to find the proverbial smoking gun document than in an email, where individuals tend to be far more frank and far less cautious than they are on paper. On the headache side, however, we often find ourselves defending the author of one of these emails. Moreover, from a practical perspective, the search for smoking guns or other relevant emails has driven up the volume of discovery and, consequently, the cost of litigation.

Not surprisingly, the increasing use of emails and other similar technologies has generated new law, as courts try to sort out which of the “old” rules can be applied to new technologies. The attorney-client privilege is one of those “old” rules that courts are having to apply to “less old” forms of communication. (It is hardly right to refer to email as a “new” technology, but case law often straggles far behind technological advancements.) One particularly thorny context in which courts must apply attorney-client privilege law is where an employee uses her employer’s computer to have otherwise confidential communications with her lawyer.

In Holmes v. Petrovich Dev. Co., 191 Cal.App.4th 1047 (2011), an employee considering a sexual harassment lawsuit against her employer used her work-issued computer and email address to communicate with her lawyer. Previously, the employee had acknowledged in writing her employer’s email policy, which, among other things, advised her that work computers were to be used only for company business, that the company would monitor its computers for compliance and might “inspect all files and messages,” and that she had no right of privacy with respect to her emails. Id. at 1051. When the employee ultimately sued the employer for sexual harassment, one of the issues the court had to address was whether the employee’s emails with her lawyer were protected by the attorney-client privilege. The court determined that they were not.

In its opinion, the court acknowledged that “‘[a] communication . . . does not lose its privileged character for the sole reason that it is communicated by electronic means or because persons involved in the delivery, facilitation, or storage of electronic communication may have access to the content of the communication . . . .’” Id. at 1065 (quoting Cal.Evid.Code §917(b)); see also Cal. Bar Opinion 2010–179 (discussing lawyers’ use of technology in general). Nonetheless, the court found that, in this instance, the employee did not have a reasonable expectation that her email communications would be confidential; thus, they were not protected by the attorney-client privilege. Id. at 1071. Influencing the court’s decision were the facts that the employee acknowledged in writing the company’s email monitoring policy, that the employee used the company’s email system (not just its computer), and that the communications were about a dispute with the employer itself. The court stated that, “This is akin to consulting her attorney in one of defendants’ conference rooms, in a loud voice, with the door open, yet unreasonably expecting that the conversation overheard by [the employer] would be privileged.” Id. at 1068.

Notwithstanding the court’s strong language, it acknowledged that its decision was based on the facts before it, and that “‘whether an employee had a reasonable expectation of privacy must be addressed on a case-by-case basis.’” Id. at 1070 (quoting O’Connor v. Ortega, 480 U.S. 709, 718 (1987)). It thus left the door open to situations where an employee in similar circumstances may have a reasonable expectation of privacy.

For example, rather than use the company’s email system, suppose the employee sent the same emails from her company-issued computer, but using her personal Yahoo account. That is precisely what happened in the New Jersey Supreme Court case, Stengart v. Loving Care Agency, Inc., 201 N.J. 300 (2010). There, the court held that the employee did have a reasonable expectation of privacy, and thus the communications between the employee and her lawyer were privileged. Id. at 321. In fact, the court left open the possibility that the employer’s law firm could be disqualified for reading these confidential emails. Id. at 327.

Stengart and other cases derive their discussions of “reasonable expectations of privacy” from the case law surrounding the Fourth Amendment (searches and seizures). In Holmes, however, the court rejected certain Fourth Amendment precedent as distinguishable. Id. at 1068 (discussing, among other authorities, Quon v. Arch Wireless Operating Co., 529 F.3d 892 (9th Cir. 2008), rev’d sub nom., Ontario v. Quon, 130 S.Ct. 2619 (2010)). In Quon, the Ninth Circuit found that a police officer had a reasonable expectation of privacy in his text messages sent from a company-issued device. Relying on what it called the “operational reality” of the police department, the court concluded that the department’s informal policy was such that the police officers would not have expected that the contents of their text messages would be read. 529 F.3d at 907.

The Holmes court, however, rejected both the Fourth Amendment analysis and the application of the “operational reality” standard to the facts before it. In particular, because the company’s policy explicitly stated that it may review employee emails, the court found that “it is immaterial that the ‘operational reality’ is [sic if] the company does not actually do so.” 191 Cal.App.4th at 1071. Thus, whether or not the employee actually believed that the company would review her emails, and whether or not it actually had in the past, was immaterial. The company had the right to review them.

What is the practical effect of Holmes and the other cases discussing these issues? If you obtain copies of your client’s employee’s emails with her lawyer, can you review them and use them in discovery? The answer, of course, is a definite “maybe.” Under the precise facts of Holmes—that is: 1) a strong company policy, acknowledged in writing by the employee, stating that employee emails may be reviewed; 2) use of the company’s computer and email system; and 3) communications about possible litigation with the employer (as opposed to a third party)—the emails likely will not be found to be privileged. The answer is less clear, however, if any of these facts are changed. Thus, for example, if the employee uses a personal email account from her company-issued computer, she may be found to have a reasonable expectation of privacy. Similarly, to the extent the employee’s communications with her lawyer are about a potential claim against a third party, and not the company itself, that could influence the court’s decision. And, the strength of the written email policy also will have an impact.

Given all of these uncertainties, the safest course is not to assume that the employee has waived the privilege by using her company-issued computer, but rather to seek court guidance before reviewing or using the emails. The potential penalties of guessing wrong on what a court might do on the issue are too severe—including possible disqualification.

Scott B. Garner is a partner at Morgan, Lewis & Bockius LLP. His practice focuses on complex business litigation, with an emphasis on attorney liability defense. Garner is co-chair of the OCBA Professionalism and Ethics Committee, and a member of the California State Bar’s Committee on Professional Responsibility and Conduct. He also serves on the OCBA’s Board of Directors. He may be contacted at sgarner@morganlewis.com.