An employee may have a reasonable expectation of privacy in personal communications sent over an employer’s email system, according to a recent ruling on a motion to compel in the United States District Court for the District of Columbia. The ruling, in Convertino v. US Dep’t of Justice, No. 04-cv-0236(RCL) (D.D.C. Dec. 10, 2009), serves as a reminder to employers of the importance of establishing and maintaining clear policies regarding employees’ personal use of employer computer systems.

Plaintiff Richard Convertino moved to compel the US Department of Justice (DOJ) to produce email correspondence between Jonathan Tukel, a DOJ employee, and Tukel’s personal lawyer. Tukel intervened to oppose production, asserting the attorney-client privilege and the work product doctrine. The plaintiff argued that Tukel had waived his privilege by disclosure to DOJ, because the correspondence had been created using Tukel’s DOJ email account and copies of the emails resided on DOJ’s email server and thus were in DOJ’s possession.

The court ruled that Tukel had not waived the privilege by using his employer’s email account; rather, Tukel had a reasonable expectation of privacy with respect to the privileged correspondence, and the disclosure to DOJ was inadvertent. Several key considerations supported the court’s conclusion:

  • DOJ’s computer use policy did not prohibit personal use of the DOJ email system.
  • Tukel took steps to delete the privileged emails promptly.
  • Tukel was not aware that DOJ’s system retained a copy of the emails after he had deleted them.

Although DOJ was not opposing Tukel’s claim of privilege in this case, the Convertino decision nevertheless serves as a cautionary tale to employers. For a variety of legitimate business reasons – ranging from compliance monitoring to internal investigation and ediscovery concerns – employers generally have an interest in ensuring that employees cannot assert a reasonable expectation of privacy with respect to workplace communications and other data stored on employer systems. Convertino suggests that, in furtherance of this interest, employers should consider establishing clear policies regarding the personal use of employer systems. In particular, employers might consider putting employees on notice that (i) they should not have an expectation of privacy with respect to communications made on the employer’s systems, (ii) use of the employer’s systems for personal purposes is prohibited or limited to de minimis uses, and (iii) the employee should assume that all data and communications on the employer’s systems will be retained and reviewed by the employer.

The district court’s analysis in Convertino suggests that clear communication of the above policies could prevent employees from having a reasonable expectation of privacy in workplace communications. We caution that these issues are being litigated actively in the federal and state courts, often with inconsistent results. The US Supreme Court may provide further guidance in this regard when it decides City of Ontario v. Quon, No. 08-1332, a case involving related issues, including a government employee’s expectation of privacy with respect to employer-issued pagers. A potential area of distinction between the two cases is that, whereas Quon is principally focused on Fourth Amendment rights to privacy in government workplaces, the Convertino court’s analysis does not appear to be based on the fact that DOJ is a government employer.