Do employees have a reasonable expectation of privacy when writing personal emails on company-issued PDAs? How about when the employee tweets from a personal Twitter account on a company-issued laptop? Should an employee expect to have her entire Yahoo email account searched for document production purposes if she periodically conducts company business from that account? Does it and should it matter if the employee is in her office, commuting to work, or on her couch at home? These are just some of the questions outside and inside counsel find themselves asking with the explosion of social networking sites, text messaging and other novel forms of communication and as litigants become increasingly aggressive in seeking personal electronic material to bolster their claims.
The answer to these questions, as you might expect, is: It depends. As the various forms of communication evolve, so too, it seems, does our perception of what is private and what is not. In the context of litigation, there is nothing in the Federal Rules of Civil Procedure that speak directly to this issue: The 2006 amendments to Rule 34(a) adopted a broad definition of electronically stored information, but say nothing about what is off-limits for discovery purposes. As a result, in-house counsel are constantly balancing obligations under the Federal Rules with the perception among their employees that certain communications, even if transmitted on a work-issued device, will remain private.
Fortunately, a few recent cases provide some guidance on the issue. Although none of the cases provide a bright line rule regarding limits on the discoverability of personal communications, we do have a better sense of the circumstances under which employees can reasonably expect their private, non-work related communications to be shielded from discovery. For example, in the context of a privilege-waiver analysis, the question in Stengart v. Loving Care Agency, Inc., [990 A.2d 650 (N.J. 2010)] was whether emails sent to an attorney using a password-protected Yahoo account on an employer-issued computer were private or company communications. Explaining that the issue boils down to whether the employee had a reasonable expectation of privacy, the court applied the four factor test articulated in In re Asia Global Crossing, Ltd., [322 B.R. 247 (Bankr. S.D.N.Y.2005)] a case involving the production of personal emails transmitted through a work email account: "(1) does the corporation maintain a policy banning personal or other objectionable use, (2) does the company monitor the use of the employee's computer or e-mail, (3) do third parties have a right of access to the computer or e-mails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies[.]" [Stengart, 990 A.2d at 662.]
The Stengart court concluded that the employee did have a reasonable expectation of privacy in her emails because she took steps to protect their privacy - including by sending them from a password-protected account - and, importantly, because the policies of her employer specifically permitted the occasional use of personal email at work. That policy, the court explained, "created doubt about whether those e-mails are company or private property." Id. at 663.
Even more recently, the Supreme Court had the opportunity to address the issue of an "employees' privacy expectations vis-?-vis employer-provided technological equipment." City of Ontario, California, et al., v. Quon et al., [130 S.Ct. 2619, 2630 (2010)]. In Quon, the Supreme Court was faced with the question of whether it was permissible under the Fourth Amendment for a government employer (a police department) to review the personal text messages sent by an employee through a department-issued pager. In concluding that the department did not violate the Constitution, the majority hinted that there would be two relevant factors in addressing an employee's expectation of privacy in personal emails transmitted through employer-provided equipment: Workplace norms and employer policies. [Id. at 2629-30.] Although the Court would go no further - it stated that it "must proceed with care when considering the whole concept of privacy expectations in communications made on electronic equipment" [id. at 2630] - perhaps the Court had said enough. Indeed, in his concurring opinion, Justice Scalia criticized as unnecessary the Court's "heavy-handed hint" about how litigants should proceed, and noted that "in saying why it is not saying more, the Court says much more than it should." [Id. at 2635.]
These cases, though limited in their scope, provide some helpful guidance to in-house counsel. Most importantly, in-house counsel should develop a policy with respect to personal email, texting and social networking on employer-provided equipment. That policy should frame the employees' expectations, and should be updated and communicated regularly. But that may not be enough. As with any policy, enforcement is essential, in this case to avoid having "workplace norms" concerning personal communications develop in a way that is inconsistent with the employer's stated policy. Understanding how employees are actually using workplace technology will help in-house counsel monitor the extent to which employees understand the policy, and the extent to which the employer's enforcement is taken seriously. This is undoubtedly just a start, but a good and important start until the courts provide more concrete guidance on the issue.