In a recent decision, the High Court has held that privilege was not lost against a party where its employee's privileged email was found on a work laptop handed over to the employer in the context of an investigation: Taylor v Evans  EWHC 935 (KB).
The decision is of interest in illustrating the principles that apply in determining whether privilege is lost where a party's privileged material has come into the hands of an opponent to litigation, other than through accidental disclosure in the course of the litigation process. In the former case, the question is whether the material remains confidential against the recipient, in which case there is no loss of privilege. This in turn depends on whether a reasonable person in the recipient's position would realise that the information was communicated in confidence. (In the latter case, where there is accidental disclosure of privileged material in the course of litigation, privilege will generally be lost unless the material was obviously disclosed by mistake.)
In the present case, the court held that it was, or should have been, clear to the recipient that the information remained confidential. The circumstances of the case are fairly extreme, in that the recipient realised that the laptop contained the employee's personal emails, and that the employee mistakenly believed they had been removed. The decision contrasts with Simpkin v The Berkeley Group Holdings plc  EWHC 1472 (QB) (considered here) in which it was held that an employee's documents were not privileged as against his former employer because the employee had no reasonable expectation of privacy in relation to material created and stored on the employer's IT systems. Quite where the line will be drawn in any given case will depend on all the circumstances, which may make the result difficult to predict.
The judge noted that the fact a document is privileged does not prevent an opponent deploying it: it is for the privilege holder to seek an injunction to prevent the document being used, and if it does so all the usual bars to equitable relief (delay, clean hands, etc) will apply. (See here for a case where an injunction would have been refused because the relevant document raised questions about a witness's independence.) In the present case, however, the recipient of the email applied for a declaration that it was not privileged; the privilege holder was not seeking an injunction, and so the equitable bars to relief did not apply. This suggests that a party who is legitimately in possession of an opponent's privileged material may be in a stronger position if they simply indicate an intention to use the material and leave it to the privilege holder to seek injunctive relief.
The underlying claims were brought against the defendant political party for breach of GDPR rights, misused of private information, breach of confidence and unlawfully discrimination in relation to the defendant's publication of a report. The defendant said the report was not published under its authority but was leaked by certain third parties, against whom it brought a Part 20 claim.
The defendant sought a declaration that an email sent by one of the third parties (Ms M) to her lawyer on the day before the report was published was not privileged and accordingly could be deployed in the proceedings.
The email had come into the defendant's possession during the course of its investigation into the publication of the report, in which it asked various members of staff to provide their work laptops for forensic analysis. Ms M did so, explaining that she had previously removed all the personal documents that she required. The email was discovered in the course of a review of the laptop by the defendant's data protection officer.
The defendant relied on Simpkin, in which it was held that an employee's documents were not privileged as against his former employer because they were not confidential as against the employer: they had been created and stored on the employer's IT systems, were not password protected or segregated from work documents, and the employee knew that he could not expect privacy in relation to material stored on his work email server. The defendant argued that Ms M's situation was similar. Although the email was sent from her iCloud account, rather than the defendant's email system, Ms M had synchronised her iCloud account with her Outlook account on the laptop, had used the iCloud account to send sensitive work emails, and had returned the laptop to the defendant for interrogation without seeking to impose any limits on the searches that could be conducted and without marking the email "privileged" or keeping it in a segregated folder.
Ms M submitted that, on the contrary, any reasonable person in the defendant's position would consider that the circumstances imposed a duty of confidence in relation to the email. In requesting the laptop, the defendant's Director of HR and Safeguarding had made clear that "steps will be taken to protect the integrity of the information on the devices(s)" and to "safeguard personal information". Ms M had replied that she had removed all the personal documents she required but nonetheless welcomed the safeguarding assurances provided. In fact, whereas Ms M had previously been told by a member of the defendant's IT team that the emails on her iCloud account would not be accessible, he had merely uninstalled iCloud in the belief that this would break the link to Outlook, when in fact that was not the case. An email exchange between this member of the IT team and his line manager during the course of the laptop review made it clear that they realised Ms M would have thought her personal emails were not available on the laptop when in fact they were.
There was some debate as to whether the iCloud account was in effect a work account but Ms M submitted that, even if it was, that did not make it "fair game" for the defendant to use it against her. Ms M relied on the following remarks of the deputy judge in Jinxin Inc v Aser Media Pte Ltd  EWHC 2856 (Comm):
"Practices will no doubt develop, but in the 2010s, any corporate executive would be expected to be provided with corporate email and document storage facilities, and only the most fastidious would have implemented a full segregation between work and private use of such facilities. In a perfect world, no doubt, all the information on corporate servers would be confidential to the corporation alone, and it would only be the corporation's confidentiality that employees would be obliged to protect. But the mere fact that [the employer] had access for proper purposes does not establish that the real world was perfect in that respect."
The judge (Chamberlain J) held that privilege in the email had not been lost as a result of the email coming into the defendant's possession.
Applying previous authorities, the question of whether confidentiality (and therefore privilege) was lost would depend on whether any reasonable person standing in the shoes of the recipient of the information would have realised that the information was being provided in confidence. That required an "intensive focus" on the circumstances in which the information was communicated. The judge identified the critical circumstances in the present case as including the following:
- The fact that the email was found on a laptop belonging to the defendant did not necessarily mean it had lost its confidentiality for all purposes, in the same way that in Jinxin the fact a document was sent from an employer-provided email account did not mean confidentiality was lost. In any event, it was clear from the safeguarding assurances given that the defendant was aware the laptops would or might contain personal information.
- The email exchange between the defendant's IT personnel showed they were aware that Ms M's attempts to remove personal information had been unsuccessful.
- Since Ms M thought (wrongly) that her personal information had been removed, the fact that she imposed no constraints on the searches the defendant could conduct was of little significance.
- In the circumstances it was reasonable to expect that staff members might have taken their own legal advice.
- It was not significant that the search of Ms M's laptop was conducted by a non-lawyer. She was the defendant's data protection officer and could be expected to be familiar at least in general terms with legal professional privilege.
- The email was obviously a request for legal advice and was in fact identified as possibly privileged, which was also obvious from the fact the reply was headed "LEGALLY PRIVLEGED".
Considering the matter in the round, the circumstances in which the email came into the defendant's possession did not destroy its confidentiality as against the defendant. The defendant should have realised that it was confidential, and Ms M remained entitled to assert privilege.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.