Michael R. Palumbo
Introduction: This is the ninth article in a continuing series of short informational pieces relating to one of the hottest topics in litigation, e-discovery. The purpose of these articles is to provide your business with some guidelines on how to most efficiently prepare for e-discovery. If you are new to our distribution, or if you would like to view previous articles in this series, please visit our website.
Employers who provide computers to employees for company business should not assume that they have unlimited rights to inspect or conduct wholesale discovery of an employee's personal data on company computers, even if they have a policy that states employees should not use the company computer for personal use.
City of Ontario, CA v. Quon, 130 S. Ct. 2619 (2010) involved a City of Ontario SWAT team member who used his employer-issued PDA for personal communications. The City's policy did not prohibit the personal use of the communications device, but did indicate that such use could be monitored; however, there was an unwritten practice that such use would not be monitored as long as the employee paid for excess charges. When Quon's supervisor asked to see the text messages on Quon's PDA, he refused and sued under various federal statutory and United States constitutional privacy theories. The Ninth Circuit Court of Appeals held that the employee had a "reasonable expectation of privacy" as defined in the Fourth Amendment of the Constitution, and that the supervisor's request to search the PDA was unreasonable.
The Supreme Court disagreed. Its opinion was narrowly based on Quon's reasonable expectation of privacy. The Supreme Court avoided the Fourth Amendment constitutional issue due to its concern that the implications of the emerging technology were still developing.
In Sprenger v. Rector and Board of Visitors of Va. Tech., -- F. Supp. 2d ---, 2008 WL 2465236 (WD Va. 2008), Sprenger, a state employee, sued her employer, Virginia Polytechnic Institute and State University (Virginia Tech), claiming violations of the Americans with Disabilities Act (ADA) and Family Medical Leave Act (FMLA). During discovery, the University subpoenaed the "electronically stored information" on the computer used by Sprenger's husband. The defense was specifically interested in obtaining e-mails concerning the lawsuit and those sent between Sprenger and her husband. Sprenger was successful in quashing the subpoena, asserting that the information on her husband's computer was protected by marital privilege, even though the University had a computer policy that stated no user should have any expectation of privacy in any e-mail sent or received, and that all e-mails were subject to monitoring. The Court found that Virginia Tech failed to present evidence that the policy was regularly enforced and that the Sprengers had received notice of the policy.
This was not the case in United States v. Etkin, 2008 WL 482281 (S.D.N.Y. 2008), where the United States District Court for the Southern District of New York held that the defendant did not have a reasonable expectation of privacy in e-mails sent from his office computer because each time he logged on, a "flash screen warning" appeared stating that the employer may monitor or inspect the computers at any time; therefore, an expectation of privacy was "entirely unreasonable."
Other notable cases include, Curto v. Med. World Communications, Inc., 2006 WL 1318387 (E.D.N.Y. 2006)(plaintiff could not claim an expectation of privacy, although e-mails with her attorney from a company computer were privileged); Leventhal v. Knapek, 266 F.3d 64(2nd Cir 2001) (investigatory searches on a state-owned computer did not violate an employee's fourth amendment rights, since the employer had reasonable grounds to believe that the searches would uncover evidence of the misconduct); United States v. Slanina, 283 F.3d 670 (5th Cir. 2002) (absence of a city policy placing the defendant on notice that his company computer usage was monitored, and the lack of any indication that other employees had routine access to his computer, provided the defendant with a reasonable expectation of privacy); Long v. Marubeni Am. Corp., 2006 WL 2998671 (S.D.N.Y. 2006) (plaintiff waived the attorney-client privilege even though he, in communicating with his counsel, used a personal, password-protected email account).
In Stengart v. Loving Care Agency, Inc., 990 A. 2d 650 (NJ 2010), Marina Stengart filed suit against her former employer, after her employer performed a forensic image of the hard drive from the laptop that she had returned, discovering privileged, password-protected correspondence between Stengart and her attorney made through her web-based e-mail account.
The employer argued that the e-mail messages were not protected because its written policy stated that the company may access "all matters on the company's media systems and services at any time." The trial court found in favor of the employer; but was reversed on appeal because of ambiguities in the employer's electronic communications policy that supported a reasonable expectation of privacy. In addition, the court concluded that the defense had violated professional conduct rules by failing to alert plaintiff's counsel that it had discovered the messages prior to reading them. The decision was affirmed by the New Jersey Supreme Court, but it should also be noted that, unlike most states, New Jersey's constitution recognizes a right to "informational privacy."
A similar issue was raised in a California case, Holmes v. Petrovich Development Co., 119 Cal. Rptr. 878 (App. 2011), which involved employment discrimination as defined by California law. Contrary to the New Jersey decision, the California Court of Appeals held that e-mails between an employee and her personal attorney, sent from a company-owned computer using a private, password-protected account, were not "confidential," thus, no reasonable expectation of privacy existed and the communications were not protected by the attorney-client privilege. The court's decision was influenced by the fact that the messages were in violation of the company policy prohibiting personal use of company computers, stating that the computers are for business purposes only and subject to monitoring. The employer also had procedures in place to support the fact that employees are made aware of such policies. The court commented that using the computer under the circumstances was "akin to consulting her attorney in one of [the employer's] conference rooms, in a loud voice, with the door open, yet unreasonably expecting that the conversation overheard by [the employer] would be privileged." California does not have a constitutional right to "informational privacy."
In conclusion, unless a state has a unique constitutional provision, employers must implement and reasonably enforce comprehensive policies concerning company computer usage, and ensure procedures are in place to document that employees are aware of such policies in order to access and/or use an employee's personal data.
If your company needs assistance in formulating a company computer usage policy, or would like to further discuss issues related to e-discovery in the work place, please contact Michael Palumbo, 602-262-5931 or Valerie Walker, 602-262-5844.
About the Author
For more information or questions regarding E-Discovery and the Rules for Electronically Stored Information Management, contact Michael R. Palumbo.
Michael R. Palumbo focuses his practice on commercial and real estate litigation. Particular areas of experience include banking (UCC Articles 3 & 4) litigation; title insurance, escrow agent and Deed of Trust litigation; and quiet title, adverse possession, homeowners' associations and real estate agent disputes. He has participated in more than 50 trials in the Superior Courts of Arizona and District Court of Arizona, in most of which he was lead counsel. Mr. Palumbo can be reached at 602.262.5931 or email@example.com.