Originally published in The Lawyers Weekly, January 29, 2010
If your client gives you his business e-mail address to communicate with him about his personal legal matters, how sure are you that those e-mails are privileged and immune from disclosure? The answer, it seems, is "it depends."
The United States District Court for the District of Columbia recently weighed it/on this issue in Convertino v. United States Department of Justice, et al., 2009 U.S. Dist. Lexis 115050. Convertino, an Assistant United States Attorney, brought a claim against the U.S. Department of Justice (DO J), alleging it had wilfully and intentionally disclosed information about him to a reporter in violation of the Privacy Act.
The information related to an investigation into allegations of prosecutorial misconduct made against Convertino, by, among others, the former First Assistant United States Attorney of the Eastern District of Michigan, Jonathan Tukel.
Tukel had met with Convertino to discuss Convertino's handling of cases, and had been involved in drafting allegations to the DOJ's Office of Professional Responsibility. It must have been a messy affair, because Tukel retained private counsel, Cadwalader, Wickersham & Taft LLP, in anticipation of litigation.
From his DO J-provided e-mail address, Tukel communicated with Cadwalader. No one else was copied on the e-mails, and Tukel took steps to delete them. However, apparently unknown to Tukel, the DOJ regularly accessed and saved e-mails sent from his account. Subsequently, when the action between Convertino and the DOJ went into the discovery phase, these e-mails became one of a number of production issues between the parties.
Tukel sought, and was granted, leave to intervene in the case for the purpose of asserting his attorney-client privilege. Tuket had to prove that he had taken reasonable steps to prevent disclosure of his privileged material. The court accepted that he had, noting that he had deleted his e-mails and sought leave to intervene in the production motion in a timely way.
Tukel also had to establish that disclosure of these e-mails to the DOJ was inadvertent. He argued he had no intention to allow his employer read the e-mails he was sending to his personal attorney through his DOJ -provided e-mail account.
The court, relying on an earlier New York case, In re Asia Global Crossing, Ltd, 322 B.R. 247 (S.D.N.Y. 2005) held that for documents sent by e-mail to be protected by attorney-client privilege, there had to be a subjective expectation of confidentiality that is objectively reasonable. Four factors determine reasonableness: (i) whether the corporation maintains a policy banning personal or other objectionable use of 3-mail; (ii) whether the company monitors the use of the employee's computer or e-mail; (iii) whether third parties have a right of access to the computer or e-mail; and (iv) whether the corporation notified the employee, or whether the employee was aware, of the use and monitoring of policies.
The court found each case needs to be looked at on its own facts to determine if the party requesting protection of the privilege was reasonable in its actions.
In Convertino, the court concluded Tukel's expectation of privacy was reasonable. The DOJ's e-mail policy did not ban personal use of company e-mail, and while the DOJ had access to personal e-mails, Turkel was unaware that it would regularly access and save e-mails from his DOJ account. The court held that Tukel's e-mails were to remain privileged.
A happy result for Tukel, no doubt, but one has to wonder at the reasoning. For example, in 2003, when the events at issue here began occurring, wouldn't Tukel have known, or easily learned through an enquiry to the DOJ's IT department, that e-mails reside on a server, and that back-ups are regularly made.
While it is possible that some companies still don't have Internet policies to deal with accessing and archiving electronic information, most do. It is reasonable that one's expectation of privacy could be affected by the content of that policy. But if an employee chooses to remain ignorant of the policy and then forms an expectation of privacy that is not in accordance with it, can the expectation be said to be reasonable?
Equally, is it reasonable that a policy that does not ban personal communications leads to an expectation of privacy, as opposed to one that permits such communications and affords them a clearly defined zone of privacy? In any event, haven't the e-mail experts been telling us for years to watch what we say on e-mail, lest we find it on the front page of the national newspaper?
There are lessons in Convertino for prudent counsel. Before communicating via a business e-mail address with a client about personal matters, read the employer's e-mail policy — especially where wiether the employer or the client (or both) may become involved in litigation. A reliable personal e-mail account may be preferable.
If clients insist on communicating via a business account, counsel should advise them on the potential loss of privilege. Counsel should also document that advice — but preferably not in an e-mail.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.