Traps for the Unwary – Employer email systems

I like to think I am “warier” than the average attorney.  But a recent attorney-client privilege opinion out of New York was a good reminder that being “wary” can be much like being “woke.”  Even if you think you are, you probably aren’t as much as you think you are, and you can always be a bit more.

I’ve spoken and written in the past about the risk for lawyers’ clients to using an email system provided by an employer to communicate with them but my focus in doing so has largely involved assumptions about ways in which the nature of the representation could be one in which the client wouldn’t actually want to the employer to be able to access the communications.  For example, where the client and the employer would actually have contrary interests.

That type of scenario was the focus of the kind of warning ABA Formal Ethics Opinion 11-459 provided to lawyers who handle employment law matters:

This opinion addresses this question in the following hypothetical situation.
An employee has a computer assigned for her exclusive use in the course of her employment. The company’s written internal policy provides that the company has a right of access to all employees’ computers and e-mail files, including those relating to employees’ personal matters. Notwithstanding this policy, employees sometimes make personal use of their computers, including for the purpose of sending personal e-mail messages from their personal or office e-mail accounts. Recently, the employee retained a lawyer to give advice about a potential claim against her employer. When the lawyer knows or reasonably should know that the employee may use a workplace device or system to communicate with the lawyer, does the lawyer have an ethical duty to warn the employee about the risks this practice entails?

[snip]

The situation in the above hypothetical is a clear example of where failing to warn the client about the risks of e-mailing communications on the employer’s device can harm the client, because the employment dispute would give the employer a significant incentive to access the employee’s workplace e-mail and the employer’s internal policy would provide a justification for doing so. The obligation arises once the lawyer has reason to believe that there is a significant risk that the client will conduct e-mail communications with the lawyer using a workplace computer or other business device or via the employer’s e-mail account. This possibility ordinarily would be known, or reasonably should be known, at the outset of the representation. Given the nature of the representation–an employment dispute–the lawyer is on notice that the employer may search the client’s electronic correspondence. Therefore, the lawyer must ascertain, unless the answer is already obvious, whether there is a significant risk that the client will use a business e-mail address for personal communications or whether the employee’s position entails using an employer’s device.

With hindsight it certainly seems an obvious extension of the same point to be worried that the privilege is in jeopardy even when the underlying matter is not one in which client and the employer are adverse, yet I’ll admit that I was initially surprised to hear about through this (as always) quite good write up in the ABA/BNA Lawyers’ Manual on Professional Conduct and then dig in and read the Peerenboom v. Marvel Entertainment opinion itself (which is remarkable for its brevity) which found that Marvel’s CEO’s emails to his personal attorney on Marvel’s email system could not be shielded from discovery by a third party pursuing litigation against Marvel based on attorney-client privilege.  (Simultaneously also saying that no marital privilege existed either.)

The New York court explained that Marvel’s email policy provided that it “‘owned’ all emails on its system, and that the emails were ‘subject to all Company rules, policies, and conduct statements.’ Marvel ‘reserve[d] the right to audit networks and systems on a periodic basis to ensure [employees’] compliance’ with its email policies. It also ‘reserve[d] the right to access, review, copy and delete any messages or content,’ and ‘to disclose such messages to any party (inside or outside the Company).'”  Based on that, the court considered it easy to conclude that the CEO had no reasonable expectation of privacy in email communications to others using his Marvel email address.

Interestingly, but not surprisingly, the opinion does not reference or discuss in any fashion whether the CEO’s lawyer would still be obligated to treat all of the communications as confidential under the relevant ethics rules in New York(spoiler alert: he would).

Since I’ve got your webcam turned on remotely, show of hands if you’ve 100% of the time been making sure your clients’ email communications with you are only happening on a platform provided by someone other than their employer – like gmail, Yahoo, Bellsouth, or Comcast, or some other personal source of email access.

Yeah, me neither.

It certainly feels like a harsh result — particularly when you stop and think about how much email traffic takes place on email platforms that are company provided to all involved — but it can be a difficult outcome to argue against given the traditional strict construction of the privilege and how readily it can be waived as a result of exposure to anyone who is a stranger to the relationship.

The Peerenboom opinion also serves, however, as a good reminder of just how different the attorney-client privilege and the attorney work-product doctrine are and how differently they are waived.

Given the lack of evidence that Marvel viewed any of Perlmutter’s personal emails, and the lack of evidence of any other actual disclosure to a third party, Perlmutter’s use of Marvel’s email for personal purposes does not, standing alone, constitute a waiver of attorney work product protections (see People v Kozlowski . . .898 N.E.2d 891 . . . .

That point is one I’ve always found easiest to explain to lawyers with reference to another New York case (albeit one in federal court) involving a different very famous brand, Martha Stewart, United States v. Stewart, 287 F. Supp. 2d 461 (S.D.N.Y. 2003).  That was the case in which a New York federal court explained the different ramifications as to privilege waiver versus work product waiver flowing from Martha Stewart sharing her lawyer’s communications with her daughter.  While, because she was a stranger to the attorney-client relationship Stewart had with her lawyer and thus eviscerated the attorney-client privilege, as to work product:

By forwarding the e-mail to a family member, Stewart did not substantially increase the risk that the Government would gain access to materials prepared in anticipation of litigation. Martha Stewart stated in her affidavit that “Alexis is the closest person in the world to me. She is a valued confidante and counselor to me. In sharing the e-mail with her, I knew that she would keep its content strictly confidential.” Martha Stewart Aff. ¶ 6. Alexis Stewart stated that while she did not recall receiving the June 24 e-mail, she “never would have disclosed its contents.” Alexis Stewart Aff. ¶ 2. The disclosure affected neither side’s interests in this litigation: it did not evince an intent on Stewart’s part to relinquish work product immunity for the document, and it did not prejudice the Government by offering Stewart some litigation-based advantage. Accordingly, I hold that Stewart did not waive work product protection over the June 23 and 24 e-mails.

And, it seems fair to say that the more robust ability of the work-product doctrine to withstand waiver in a world in which people use their work email for a lot of things, allow me to echo Ms. Stewart to say.

That’s a good thing.