01 September 2012

e-Dumpster Diving

'Against Employer Dumpster Diving for E-Mail' by Michael Green of Texas Wesleyan comments that 
Recent attorney-client privilege cases offer a modern understanding of reasonable expectations of employee privacy in the digital age. Employees have increasingly made electronic mail communications to their attorneys via employer-provided computers or other digital devices with an expectation of privacy and confidentiality. Historically, courts have summarily dispensed with these matters by finding that an employer’s policy establishing clear ownership of any communications made through employer-provided devices eliminates any employee expectation of privacy in the communications and waives any viable privacy challenges to employer review of those communications. Nevertheless, within the last couple of years, several cases involving employee assertions of attorney-client privilege protection in e-mails sent on employer-provided devices suggest new thoughts about reasonable workplace privacy expectations. 
As employees must communicate through employer-provided digital devices day and night, these attorney-client privilege cases help expose the fallacy of assuming employees cannot reasonably expect that e-mails will remain private if employer policies mandate the communications are not private. These new cases and related ethics opinions about privileged e-mail offer a modern lens through which one may now view employee privacy expectations under a new paradigm that replaces the façade of assuming employees have no expectation of privacy due to employer policies. 
Digital age expectations regarding employee use of smart cellular phones, portable laptops, and other employer-provided devices to make communications beyond standard work hours leaves little expectation or opportunity for employees to reasonably communicate privately and confidentially by any other means than through these employer-provided devices. As a result, this article asserts that employer efforts to mine their devices for employee e-mails after disputes ensue comprises a form of electronic dumpster diving that should not be tolerated by courts, legislatures, or attorney ethics committees.
Green concludes
... he current legal paradigm allows an employer to remove any expectation of privacy or create an assumption that employees have consented to any intrusion by an employer who has established a clear policy notifying the employee that the employer may review the information. Unfortunately, that paradigm does not support the realities of the increasingly digital workplace. Instead of getting bogged down by the stilted and unrealistic assumption that employees have no expectation of privacy even in an e-mail communication to their own attorneys, the analysis should focus on whether employers in a particular situation had a legitimate reason to access the e-mail information. Attorney-client ethics analysis can suggest a new paradigm where after the employer and its attorney recognize that an e-mail communication is intended as a private and confidential communication such as a communication to the employee’s attorney, the employer should not be able to use the communication unless a court determined the communication was not privileged and confidential. 
Most cases, from a constitutional analysis of the Fourth Amendment to an analysis of statutes and common law invasion of privacy torts, provide for an employer to access its own digital equipment without liability when acting reasonably. Accordingly, reasonable employer intrusions are always protected even if the circumstances suggest an employee clearly had a reasonable expectation of privacy in information stored on an employer’s electronic device. The law should not encourage an employer to dumpster dive for electronic communications obviously intended to be confidential and private communications under the guise of asserting that employee privacy rights have been subsumed by the mandates of employer policies. Given the realities of the digital workplace, expansion of ethics law to place obligations on employers and their attorneys to not consider these communications and return them immediately to employees absent a court finding to the contrary should also become the new paradigm. 
Using the development of attorney-client privilege analysis as a tool to address the growing merger of private and work-related communications on employer- provided devices supports the approach of assuming that employees still have reasonable expectations of privacy regarding information left on these devices. Applying this approach broadly will remove the current paradigm and the resulting sham being asserted that employees have actually consented when an employer imposes on an employee as a condition of employment the obligation to let an employer search digital devices and acknowledge the employer owns all information on that device. 
Instead, the analysis of privacy protections in the workplace should focus on the reasonable intent and expectations of the employee as occurs with attorney- client privilege analysis. This analysis assumes as a matter of law that employees would not leave private communications on their employer-provided electronic devices without having some expectation of privacy. Then the focus of the analysis would shift to whether the employer’s actions in accessing and reviewing private, non-work-related information left by an employee on an employer-provided device was reasonable and necessary under the circumstances. The assumption would be that such an intrusion would not be reasonable and an employer would not be encouraged to dumpster dive for confidential employee communications embedded on employer-provided devices just because they have employed a computer use policy which grants the employer the authority to do so. The expansive demands of technology innovations and the increasing expectation that an employee be available to communicate through these employer-provided devices as a job duty supports the general expectation that employees will also use those devices to make personal and private communications. 
Furthermore, incorporating attorney client privilege analysis only helps to support the expansive nature of employee communications made through these devices. Recent ABA ethics opinions represent a new privacy hurdle to be overcome. These opinions place more burdens on an employee’s attorney to protect against employer mining of the data while making it more advantageous for the employer and the employer’s counsel to dumpster dive for this data. As a result, states and their attorney ethics committees must adopt a new paradigm that recognizes an expectation of privacy and confidentiality in e-mails to attorneys even when found on or made with employer-provided devices. 
In concluding, it is helpful to return to the scenario discussed at the beginning of the Article where Bobbi has made e-mail communications to an attorney who represents her in an arbitration involving sexual harassment charges against her supervisor. In Holmes, the California appellate court suggested an employee’s e- mail communications to an attorney on the employer’s computer were analogous to an employee meeting with her attorney in one of the employer’s conference rooms.  That part of the Holmes analogy works well for Bobbi who is quite likely to use her employer’s conference room to meet with her attorney as she is still employed there and her attorney is representing her in an arbitration proceeding where her employer might even be providing for her attorney’s fees. 
Unlike the hyperbole used in applying the conference room analogy in Holmes, which suggested the employee had opened the door to the employer’s conference room and yelled out loud when communicating via e-mail on the employer’s computer, a more realistic application of the conference room analogy should be employed. When an employee must constantly be available to communicate via e-mail through employer-provided computers and other digital devices, as if at work, and an employee uses the employer’s conference room (analogous to the employer-provided digital device) for both work-related and private communications, the conference room could be viewed as having a glass window where the employer can certainly see into the conference room. In looking through that conference room window, the employer can clearly see that the employee is communicating with her attorney. Similarly, when you are analogizing the electronic device with the conference room, upon viewing titles and an overview of electronic file information, the employer can clearly see what information is not work-related and involves private, personal, and even attorney- client privileged communications. 
Also, if desired, the employer could attempt to listen to what the employee is communicating to her attorney inside the conference room whether it is yelled out or not. But when the employer sees through the window (the title of messages, who the messages are addressed to, an attorney is involved in the communication, or a privilege is identified) that the employee is meeting with her own attorney in that conference room, the employer will know that those communications are private, confidential and privileged. The law should not encourage the employer to spy or dumpster dive electronically to mine for e-mail information that the employer should not be able to use because it is clearly intended to be private and confidential. Further, the employer will know that although it might be able to stand near the door of the conference room and listen to those communications, the employer’s attorney has an ethical obligation to not listen to those communications when it knows they are privileged and protected. Bobbi is not opening the door to that conference room; nor is she yelling out loud. She is merely using the employer’s conference room to have her private communication with her attorney. The realities of the current digital workplace provide Bobbi with little opportunity to communicate with her lawyer or have any sufficient private communications off the employer’s premises, i.e., without using the employer-provided digital device. 
By applying the conference room analogy in this way, the analysis of Bobbi’s issue at the beginning of this Article will shift to a focus on whether it was reasonable for the employer to extract the communications to her attorney from the employer-provided laptop. The question of whether Bobbi had a reasonable expectation of privacy will not arise because that expectation is presumed within the analytical paradigm asserted in this Article. By accomplishing this shift in the analysis, the dispute will center on the realities of the digital workplace and not on an employer-induced removal of any expectation of privacy through an Internet communication or employer-provided device usage policy. 
Consequently, employers will be limited from insisting that employees use employer-provided devices to communicate at all times while also mandating successfully that none of the employees’ communications can be protected as private. Under this analysis, employers will no longer be encouraged to dumpster dive for confidential and private employee e-mail communications on an employer-provided device once a dispute arises. As soon as the employer can clearly see the communications were intended to be private and confidential such as e-mails to an attorney, and there is no reasonable justification to intrude upon the privacy of the employee or to assert the employee waived any privacy expectations, the employer must refrain from using an employee’s private e-mail communications.