Accessing Email Evidence on Company ComputersDecember 17, 2013 | | |
Work-related email accounts are ubiquitous and often are used by employees for personal reasons. Employees also may use their own personal email accounts on employer provided resources ? with or without the permission of the employer. Many cases have considered the right of an employer to access an employee’s email accounts from the employee’s work computer. A trio of recent cases, however, addressed the question of whether an employer may rely on evidence obtained from employee emails that are discovered on company owned computers.
An Employee’s Office Computer
A recent decision by Supreme Court, New York County, discussed the various factors that will be considered in assessing the right of an employer to rely on employee emails in litigation with the employee, including the existence of email policies, the location of the emails when accessed, and the context of the claim.
As the court explained, Front, Inc., sued Philip Khalil, a former employee, for allegedly using Front’s confidential and proprietary information to divert work from Front. Front alleged that three days after Khalil had tendered his written resignation, the company’s network engineer noticed an external hard drive storage device attached to Khalil’s office computer. The next morning, Khalil, the network engineer, and two Front executives reviewed the contents of that hard drive. They determined that in addition to some of Khalil’s private information, it also contained Front’s files including allegedly confidential and propriety information. It allegedly was agreed that Front would keep the hard drive, but would provide Khalil with a second hard drive onto which it copied Khalil’s private information.
In the ensuing litigation, Khalil brought an affirmative claim against Front and Front’s partner, Marc Simmons, and moved to suppress all emails and documentary evidence accessed from his personal and business email accounts by Front.
The court first rejected Khalil’s argument that a cause of action could be stated or his emails suppressed based on the Stored Communications Act (“SCA”). The court credited Front’s argument that it was Khalil’s storage of his personal emails on Front’s computer, which he later transferred to the external hard drive, that permitted Front to access “dead copies” of emails. It rejected, as conclusory, Khalil’s claim that his emails had been “improperly intercepted,” finding no evidence that Front had accessed Khalil’s email accounts. The court decided that because neither an office computer nor an external hard drive constituted a “facility through which an electronic communication service is provided” for purposes of the SCA, the cause of action for damages had to be dismissed and the emails did not have to be suppressed. 
The court then considered whether the emails could be suppressed based on Khalil’s right of privacy. Khalil asserted (and Front did not contest) that Front had no policy barring the use of an office computer for personal email activity. Therefore, Khalil contended, he had a reasonable expectation of privacy with respect to any information stored on his computer and his personal communications had to remain out of his employer’s reach.
The court noted that in this case, unlike prior cases that addressed the issue, the emails did not involve attorney-client communications, but were personal in nature. It observed that the emails that Khalil sought to suppress were found by Front “because only a few days after Khalil tendered his written resignation, it was discovered that he was downloading documents from his office computer to an external hard drive.” Then, with Khalil present, the contents of that hard drive were inspected by Front. In the court’s view, even if Khalil may have had some expectation of privacy with respect to his computer, “it was not unreasonable for his employer to examine the contents of the external hard drive to determine whether any of Front’s documents were being downloaded by its employee, who had just tendered his resignation.” The court stressed that to the extent that copies of Khalil’s personal emails were accessed, that was accomplished by viewing copies Khalil had saved on the hard drive of his office computer and then downloaded to an external hard drive and not by accessing his private email account. Thus, questions of “work-related misconduct” by Khalil overcame any expectation he may have had based upon pre-resignation practices.
Tacit Waiver of Privilege
Another judge in the Supreme Court, New York County, considered similar factors when determining whether the attorney-client privilege was waived when attorney-client emails were stored on a company computer accessed by all employees.
In that case, two ex-employees, Ian Gipe and Jonathan Ben-Yosef, sued Monaco Reps, (a photographer’s agency) and its principals for non-payment of commissions after they resigned. Monaco countersued for breach of contract, breach of fiduciary duty, misappropriation, and other claims in connection with the plaintiffs’ alleged use of Monaco’s resources and proprietary information while still employed by Monaco and also brought a third party action against the plaintiffs’ new company. Monaco largely had learned of the existence of its claims against the plaintiffs after viewing certain emails that were sent by a lawyer who was consulted in regard to the plaintiffs’ new company. Those emails were forwarded by Gipe to Ben-Yousef, who then downloaded the lawyers’ emails and others to Monaco’s office computer.
Gipe and Ben-Yosef moved to suppress use of the emails and for disqualification of Monaco’s counsel and attorney fees. In denying the application, the court noted that there was an undisputed right to privilege that attached to the initial exchange between Gipe and the attorney regardless of the fact that it was sent by email. However, the court determined that Gipe had waived that privilege when he forwarded the emails at a time that Ben-Yosef had not yet become a client of the attorney. The court rejected the argument that there was a “common interest” between Gipe and Ben-Yousef that permitted him to share the email prior to Ben-Yousef’s retention of the attorney.
The court moreover looked at the facts and circumstances beyond the mere fact that the emails at issue contained Gipe’s private email address. It gave substantial weight to the fact that Ben-Yousef had stored the emails on his company computer ? a shared computer that was accessible to all employees through a single, shared log in.
The court also noted that Monaco (like Front) had accessed copies of emails that were located on Monaco’s company desktop computers and were “not on a website or server.” Accordingly, CPLR 4548, which protects the privileged nature of communication even if “persons necessary for the ….facilitation of such electronic communication have access,” did not apply.
The court reasoned that an employee’s expectation of privacy may be reduced by the actual office practices and working environment. Thus, although Monaco did not have a written policy warning employees as to the company’s access private emails, the “open configuration of Monaco’s office, and the widespread, open and notorious use of [Ben-Yousef’s] computer by co-employees” operated as a waiver of attorney-client privilege.
The court concluded that even had Ben-Yousef fallen within the attorney-client relationship, he had waived privilege and any expectation of privacy he had as to any emails that were present on the company shared computer.
The Importance of an Email Policy
The confidentiality of office email in the context of a federal criminal prosecution was considered earlier this year by U.S. District Court for the Eastern District of New York, in United States v. Finazzo. In so doing, the court highlighted the importance of an email policy.
In that case, the federal government alleged a “[f]raudulent [s]cheme” in which Christopher Finazzo, an executive at the clothing retailer Aéropostale, Inc., had secretly received a portion of the profits from certain transactions between Aéropostale and South Bay Apparel, Inc., a clothing vendor.
Relying on the attorney-client privilege, Finazzo moved in limine for an order precluding the government from introducing at trial an allegedly privileged email from his personal attorney, and an attachment, that was sent to his work account. Finazzo also sought an order precluding the government from using any information derived from the disclosure of the email and attachment.
In its decision, the court explained that paramount to the maintenance of a claim of attorney-client privilege was that the communication was intended to be and was in fact kept confidential. It then found that Finazzo had no reasonable expectation of privacy or confidentiality in any communications he made through his Aéropostale email account because Aéropostale had a “clear and long-consistent policy” of limiting an employee’s personal use of its systems, reserving its right to monitor an employee’s usage of the system, and making it clear to its employees, including Finazzo, that they had “no right to privacy” when using them.
The court also pointed out that the email to Finazzo was “not sent as some unilateral action on the part of his attorney” and did not occur because his attorney had looked up his Aéropostale email address and sent him confidential information. Rather, the court determined, Finazzo had chosen to communicate with his lawyer through a medium in which he had no expectation of privacy, thus inviting responses via that same medium. In any event, the court found, to the extent that Finazzo had not anticipated that his email correspondence would involve confidential information, his obligation to protect the privilege required him to take action to prevent disclosure of any such material.
It is important to keep in mind that contractual provisions might affect how the issues discussed in this column are resolved. For example, the presence of an email policy is an important factor, but not the only one, that courts will consider in determining whether employee documents may be used. Other circumstances, such as employee conduct, the nature of the claims to be litigated, and the location of the stored communication, likewise will be considered. Although the foregoing cases arose in the employment context, these and similar issues undoubtedly will continue to be litigated as they appear in an ever-broadening variety of cases.
 See, e.g., In re the Reserve Fund Secs. & Deriv. Litig., 275 F.R.D. 154 (S.D.N.Y. 2011); Long v. Marubeni Am. Corp., No. 05-CV-639 (S.D.N.Y. Oct. 19, 2006); and Scott v. Beth Israel Med. Ctr. Inc., 17 Misc. 3d 934 (N.Y. Sup. Ct. 2007).
 Front, Inc. v. Khalil, 2013 N.Y. Misc. LEXIS 3157 (N.Y.Sup.Ct. July 9, 2013).
 18 U.S.C. § 2707.
 18 U.S.C. § 2701(a)(1).
 The court did not dismiss the conversion claim at the pleadings stage, however, determining that, at a minimum, Khalil had stated a claim for conversion in connection with the physical possession of the hard drive whether or not he had any cognizable claim for the data that was stored on it and that it therefore became a question of fact as to whether Front had the right to seize either the drive or its contents.
 Cf. In re Asia Global Crossing, Ltd., 322 B.R. 247 (Bankr. S.D.N.Y. 2005); Scott v. Beth Israel Med. Ctr. Inc., 17 Misc.3d 934 (Sup.Ct.N.Y. Co. 2007).
 The court acknowledged that it might have decided the question of suppression of Khalil’s emails differently if they had been obtained as a result of “routine surveillance” by Front of Khalil’s computer, given that Front apparently had no policy prohibiting the use of its computers to access personal email accounts.
 Gipe v. Monaco Reps, LLC, 2012 N.Y. Misc. LEXIS 2828 (N.Y.Sup.Ct. July 2, 2013).
 United States v. Finazzo, No. 10-CR-457 (RRM)(RML) (E.D.N.Y. Feb. 19, 2013).
Reprinted with permission from the December 17, 2013 issue of the New York Law Journal. All rights reserved.