You've Got Mail...and We've Read It - Electronic Discovery

[Electronic Discovery News Feed]

You've Got Mail...and We've Read It

My friend Marni Willenson, a noble, energetic advocate for Farmworker Justice, shared a new appellate decision from New Jersey addressing whether employees have reasonable expectations of privacy in privileged e-mails sent and received using employer systems. It's one of those frustrating cases where the court reached a just result but made an unholy mess of the law along the way. In Stengart v. Loving Care Agency, Inc. et al. (Docket No. A-3506-08T1, published June 26, 2009) , a three judge panel of the New Jersey Appellate Division ruled that, notwithstanding written policies to the contrary, an employee has a reasonable expectation of privacy in e-mails sent and received with her personal counsel via an employer-owned laptop. The Court remanded the case for a determination of appropriate sanctions, including possible disqualification of the employer's counsel. The court could have reached the same result on a narrow rationale, but, badda bing, chose a path that will make e-discovery harder and riskier. Loving Care, Inc. issued a company laptop and e-mail address to Marina Stengart, its Executive Director of Nursing. On January 2, 2008, Ms. Stengart resigned and promptly sued Loving Care for discrimination. Before she quit, Ms. Stengart used her company laptop to e-mail her lawyer about the contemplated lawsuit. It's important to note that Ms. Stengart did not use her company e-mail account for these privileged communications. Instead, she employed her personal, password-protected Yahoo mail account. From the standpoint of e-discovery, let's pause to consider what difference that makes. If Ms. Stengart had instead used her company e-mail account, her privileged attorney-client communications would have been bound up with her business correspondence in two, three or more locations. Assuming a mail server, we can be confident that Ms. Stengart's privileged communications would be housed in the server container file, i.e., commingled within an EDB file for an Exchange environment or an NSF file for a Lotus Domino/Notes configuration. In turn, these messages would be periodically replicated to backup media and perhaps replicated again within an e-mail archival or journaling system. On the laptop, there's a good chance the privileged messages are replicated within a local e-mail client container file, such as a PST or OST for Outlook users or an NSF synchronization file for Lotus Notes users. Lest we forget, all of these "container files" are robust databases holding the messages, attachments, header information, user flags, metadata, calendars and other ESI supporting various features. They are--particularly the PSTs--the "bankers boxes" we employ in e-discovery to transport e-mail from collection to processing, often reconstituted for production. They make darn good valises to tote the evidence around. If Ms. Stengart had instead used her company e-mail account to e-mail her lawyer, she could be expected to know that her messages would become part-and-parcel of these container files and that her confidences would be stored somewhere on her employer's machines in a fairly permanent and accessible way. After all, that would have been her experience. And it was probably her very awareness that her...

My friend Marni Willenson, a noble, energetic advocate for Farmworker Justice, shared a new appellate decision from New Jersey addressing whether employees have reasonable expectations of privacy in privileged e-mails sent and received using employer systems. It's one of those frustrating cases where the court reached a just result but made an unholy mess of the law along the way.

In Stengart v. Loving Care Agency, Inc. et al. (Docket No. A-3506-08T1, published June 26, 2009) , a three judge panel of the New Jersey Appellate Division ruled that, notwithstanding written policies to the contrary, an employee has a reasonable expectation of privacy in e-mails sent and received with her personal counsel via an employer-owned laptop. The Court remanded the case for a determination of appropriate sanctions, including possible disqualification of the employer's counsel. The court could have reached the same result on a narrow rationale, but, badda bing, chose a path that will make e-discovery harder and riskier.

Loving Care, Inc. issued a company laptop and e-mail address to Marina Stengart, its Executive Director of Nursing. On January 2, 2008, Ms. Stengart resigned and promptly sued Loving Care for discrimination. Before she quit, Ms. Stengart used her company laptop to e-mail her lawyer about the contemplated lawsuit. It's important to note that Ms. Stengart did not use her company e-mail account for these privileged communications. Instead, she employed her personal, password-protected Yahoo mail account.

From the standpoint of e-discovery, let's pause to consider what difference that makes. If Ms. Stengart had instead used her company e-mail account, her privileged attorney-client communications would have been bound up with her business correspondence in two, three or more locations. Assuming a mail server, we can be confident that Ms. Stengart's privileged communications would be housed in the server container file, i.e., commingled within an EDB file for an Exchange environment or an NSF file for a Lotus Domino/Notes configuration. In turn, these messages would be periodically replicated to backup media and perhaps replicated again within an e-mail archival or journaling system.

On the laptop, there's a good chance the privileged messages are replicated within a local e-mail client container file, such as a PST or OST for Outlook users or an NSF synchronization file for Lotus Notes users. Lest we forget, all of these "container files" are robust databases holding the messages, attachments, header information, user flags, metadata, calendars and other ESI supporting various features. They are--particularly the PSTs--the "bankers boxes" we employ in e-discovery to transport e-mail from collection to processing, often reconstituted for production. They make darn good valises to tote the evidence around.

If Ms. Stengart had instead used her company e-mail account to e-mail her lawyer, she could be expected to know that her messages would become part-and-parcel of these container files and that her confidences would be stored somewhere on her employer's machines in a fairly permanent and accessible way. After all, that would have been her experience.

And it was probably her very awareness that her company e-mail account activity was readily available to her employer that prompted Ms. Stengart to turn to her personal webmail account for privileged communications.

Ms. Stengart probably didn't anticipate that the lawsuit would prompt her employer to forensically image her laptop and that specialized analysis of, inter alia, the machine's web cache would permit her employer's lawyers to read her confidential attorney-client communications. And read they did, knowing full well that they'd ferreted out privileged communications not intended for their eyes. When the employer's possession of the privileged messages surfaced, Stengart's lawyers objected and sought their return along with orders restricting use of the contents. At some point, disqualification of opposing counsel became a goal.

Of course, even a slow-witted baby lawyer understands it's unethical to read and use privileged material that comes into his hands by error or misconduct; but, the employer's counsel apparently assumed there'd been a waiver, interpreting the employer's acceptable use policy as vesting in the employer a right of ownership in the employee's messages. In that perilous assumption, employer's counsel was acting in concert with the practices of employers and their counsel nationwide.

Though the language and applicability of the company's acceptable use policy was debated, the version that the Court assumes to have been in place states, in pertinent part:

[1] The company reserves and will exercise the right to review, audit, intercept, access, and disclose all matters on the company's media systems and services

at any time, with or without notice.
. . . .
[2] E-mail and voice mail messages, internet use and communication and computer files are considered part of the company's business and client records. Such communications are not to be considered private or personal to any individual employee.

[3] The principal purpose of electronic mail (e-mail) is for company business communications. Occasional personal use is permitted.

The Court goes on to enunciate a rule that (at least in New Jersey) will be a bane to electronic discovery as currently practiced:

"In weighing the attorney-client privilege, which attaches to the emails exchanged by plaintiff and her attorney, against the company's claimed interest in ownership of or access to those communications based on its electronic communications policy, we conclude that the latter must give way. Even when we assume an employer may trespass to some degree into an employee's privacy when buttressed by a legitimate business interest, we find little force in such a company policy when offered as the basis for an intrusion into communications otherwise shielded by the attorney-client privilege."

"Giving the company the benefit of all doubts about the threshold disputes mentioned in earlier sections of this opinion, as well as the broadest interpretation of its electronic communications policy permitted, despite the obvious ambiguities in the policy's text [i.e., the permitted "occasional personal use"],we nevertheless are compelled to conclude that the company policy is of insufficient weight when compared to the important societal considerations that undergird the attorney-client privilege."

I read this to create for New Jersey employees a fairly broad expectation of privacy with respect to attorney-client communications pursued using an employer's computer systems. The Court doesn't position the expectation as hinging on the steps which Ms. Stengart took to isolate her communications from the company's e-mail system (i.e., use of her personal, password-protected webmail account). Neither does the Court consider the lengths which the employers had to go to reconstruct such communications using computer forensics.

Had the Court done so, it could have fashioned a means by which employers and their counsel can continue to collect and process employee e-mail containers without much fear that counsel may be disqualified or the employer sanctioned by coming across personal confidential content. As stated, even if the employee takes no steps to shield privileged communications exchanged with counsel--knowingly and intentionally commingling same with the employer's business records--the burden falls on the employer and employer's counsel to dodge them like landmines and read only so much of their content as permits an appreciation of their privileged nature, then treat them like anthrax spores.

Had the Court factored in the employee's caution and the employer's forensics, a more practical, less risky avenue for e-discovery could be sustained while still doing the important work of protecting the employee's privacy rights. Sure, computer forensics would be trickier to pursue, but forensic analysis remains the exceptional action in e-discovery, and examiners could be cautioned to segregate potentially privileged content so as to permit counsel to take appropriate steps to protect the employee's rights while minimizing the risk of untoward disqualification.

As I said going in, the right result was reached for Ms. Stengart, but, oh, what a costly mess is left for the rest of us. Someday, when we ponder where the Europeanization of ESI began in the U.S." the answer may turn out to be, "in Jersey, in June 2009."

Visit the publisher of this e-discovery news article: original source.