A few months ago, I wrote a pair of blog posts exploring the potential lessons to employers and employees arising from the New Jersey Appellate Division’s opinion in Stengart v. Loving Care Agency Inc. You can read the first one here on our Slack Space blog and the second one here on Rule 26.

The case involved the use by employees of company IT resources to send and receive personal, privileged or confidential email. In Stengart, the court held that an employee had not waived attorney-client privilege with respect to email found on company servers even though the emails were sent using company hardware during work hours, albeit through a private Webmail account.

The court also held that attorney-client privilege hadn’t been waived simply because the employer had an email communications policy that stated employees had no expectation of privacy with regard to any communications sent via the employer’s computer systems.

This week, I’m revisiting the lessons learned in the Stengart case in light of Leor Exploration & Prod. LLC v. Aguiar, a recent opinion from the U.S. District Court for the Southern District of Florida that manifests a significantly different approach to email privacy.

In Leor, the district court held that an employee had waived attorney-client privilege with respect to email sent using his employer’s email system, enforcing an email policy similar to the one that the Stengart court refused to enforce.

In contrast to the Stengart court, which relied heavily in its decision on the idea that the attorney-client privilege outweighed an email nonprivacy policy that it found had no legitimate business rationale, the Leor court cited four factors – quoted from a 2005 case from the Southern District of New York – for determining whether an employee has a reasonable expectation of privacy in email:

(1) Does the corporation maintain a policy banning personal or other objectionable use?
(2) Does the company monitor the use of the employee's computer or email?
(3) Do third parties have a right of access to the computer or e-mails?
(4) Did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?

Finding the factors met in its case, the Leor court found waiver of the attorney-client privilege without any mention of the “important societal considerations…undergird[ing] the attorney-client privilege” that the Stengart court found so compelling.  

So, why did the Stengart and Leor courts come down so differently on such similar issues? Was it because the Stengart case involved email sent using a Webmail account, while the Leor case involved email sent to a company email account? Or did the Leor court just fail to give proper respect to the attorney-client privilege?

Ultimately, comparing the two opinions may be an interesting intellectual exercise, but are there any practical lessons that need to be reconsidered or revised in light of the apparently conflicting rulings?

For employees, not really. Regardless of which opinion holds more sway in your jurisdiction, the best advice to employees remains the same: Don’t use company computers to send personal, confidential or privileged emails.

Although some jurisdictions may end up enforcing your privacy rights or upholding the attorney-client privilege as inviolable, the fact of the matter is that once a secret email is disclosed, undisclosing it is practically impossible and the costs of the fight are simply not worth it.

Likewise, for employers, the practical lessons from Stengart, basic ideas such as exercising proper respect for employee privacy rights and attorney-client and other privileges, and taking the care to draft and implement computer use policies carefully, are always good principles to operate by, even if a strong email policy won’t necessarily give you the right to read your employee’s privileged emails.