Personal-Use Policies and Employees’ Expectation of Privacy
Posted by Mike Lackey at 12:50 PM
22 comments - Categories: Privacy | Privilege | Case Law
A recent district court decision, Convertino v. US Dep’t of Justice (PDF), No. 04-cv-0236(RCL) (D.D.C. Dec. 10, 2009), serves as a reminder of the importance of a basic tool for managing employee privacy rights – a clear policy regarding employees’ personal use of employer computer systems.
The plaintiff in the case, Richard Convertino, moved to compel the US Department of Justice to produce email correspondence between Jonathan Tukel, a DOJ employee, and Tukel’s personal lawyer. Tukel intervened to oppose production, asserting the attorney-client privilege and the work product doctrine. The plaintiff argued that Tukel had waived his privilege by disclosure to DOJ, because the correspondence had been created using Tukel’s DOJ email account and copies of the emails resided on DOJ’s email server and thus were in DOJ’s possession.
The court ruled that Tukel had not waived the privilege by using his employer’s email account; rather, Tukel had a reasonable expectation of privacy with respect to the privileged correspondence, and the disclosure to DOJ was inadvertent. Several key considerations supported the court’s conclusion:
- DOJ’s computer use policy did not prohibit personal use of the DOJ email system.
- Tukel took steps to delete the privileged emails promptly.
- Tukel was not aware that DOJ’s system retained a copy of the emails after he had deleted them.
Although DOJ was not opposing Tukel’s claim of privilege in this case, the Convertino decision nevertheless serves as a cautionary tale to employers. For a variety of legitimate business reasons – ranging from compliance monitoring to internal investigation and ediscovery concerns – employers generally have an interest in ensuring that employees cannot assert a reasonable expectation of privacy with respect to workplace communications and other data stored on employer systems. Convertino suggests that, in furtherance of this interest, employers might consider establishing clear policies regarding the personal use of employer systems. Such policies might put employees on notice that, for example, (i) they should not have an expectation of privacy with respect to communications made on the employer’s systems, (ii) use of the employer’s systems for personal purposes is prohibited or limited to de minimis uses, and (iii) the employee should assume that all data and communications on the employer’s systems will be retained and reviewed by the employer.
Employee privacy issues have grown more complex with the growth of online social networking and mobile communications. While these issues are being litigated actively in the federal and state courts, often with inconsistent results, the district court’s analysis in Convertino indicates that clear communication of personal-use policies may prevent employees from having a reasonable expectation of privacy in workplace communications.
The Supreme Court’s resolution later this term of City of Ontario v. Quon, No. 08-1332, can be expected to provide further guidance in the area of employee privacy. Quon involves government employees’ expectation of privacy with respect to employer-issued pagers, and, like Convertino, turns in part on the existence and enforcement of a personal-use policy. One possible point of distinction is that whereas Quon is principally focused on Fourth Amendment rights to privacy in government workplaces, the Convertino court’s privilege waiver analysis is not explicitly based on the fact that DOJ is a government employer. It remains likely, however, that the Supreme Court’s upcoming Quon decision will establish principles of employee privacy that apply both within and outside the government context.
Treatment in Germany wrote on 01/19/10 1:06 PM
Nice post regarding employees VS bosses :)