Header graphic for print
Electronic Discovery Law Blog Legal issues, news, and best practices relating to the discovery of electronically stored information.

Court Holds that Former Employee’s Emails with Private Attorney, Which Were Retrieved Forensically from Employer-Provided Laptop Computer, Are Privileged

Posted in CASE SUMMARIES

Nat’l Econ. Research Assocs., Inc. v. Evans, 2006 WL 2440008 (Mass. Super. Ct. Aug. 3, 2006)

In this litigation between a consulting firm and its former employee, the court considered the firm’s motion to compel the production of attorney-client privileged communications. Plaintiff sought production of emails sent and received via the employee’s personal, password-protected email account, which were saved in a temporary Internet file on the employee’s company-issued laptop and retrieved through forensic means after his departure from the firm.

Before leaving NERA, defendant Evans conferred with his private attorney regarding various legal matters concerning his departure from NERA and the commencement of his employment at another firm. Many of these attorney-client communications were via email, with Evans sending and receiving emails from his personal, password-protected email account with Yahoo rather than his NERA email address. Evans often used the laptop issued to him by NERA to send and retrieve these emails via the Internet. Unknown to him, when one accesses information through the Internet from a private email account, such as an account with Yahoo, all the information that is accessed is copied via a “screen shot” onto a temporary Internet file on that computer’s hard drive. Therefore, each of the attorney-client communications between Evans and his private counsel that were sent or retrieved with the NERA-issued laptop were stored in the hard drive of that laptop, even though Evans never sought to copy any of these emails onto his hard disk or forward them to his Intranet email address. These stored email documents could not be easily retrieved through Windows Explorer or the equivalent, but they could be retrieved by a person with substantial computer expertise.

When Evans departed from NERA, he returned the laptop to NERA. Before doing so, he deleted personal computer files that related to his divorce and finances, and even ran a computer program known as a “disk defragmenter,” which he understood would prevent recovery of the deleted personal files. He did not delete the emails from his Yahoo account that he had retrieved with the laptop, because he did not know that they had been stored on the laptop’s hard disk. He purposely left his work-related files on the laptop’s hard disk.

After his resignation, NERA retained a computer forensic expert to search the hard disk of Evans’ NERA-issued laptop. During the course of this forensic search, the expert was able to retrieve from the laptop’s hard disk various attorney-client communications between Evans and his private attorney, all of which were communications made via Evans’ Yahoo account. None were made on NERA’s Intranet, and none were stored on any document that could be retrieved with Windows Explorer. NERA’s counsel instructed the expert to retain the emails, and then filed a motion for an order compelling the production of these attorney-client communications.

The court rejected plaintiff’s argument that Evans should have recognized that his personal, Yahoo account emails were subject to review by NERA:

Based on the warnings furnished in [NERA's Policies and Procedures] Manual, Evans could not reasonably expect to communicate in confidence with his private attorney if Evans e-mailed his attorney using his NERA e-mail address through the NERA Intranet, because the Manual plainly warned Evans that e-mails on the network could be read by NERA network administrators. The Manual, however, did not expressly declare that it would monitor the content of Internet communications. Rather, it simply declared that NERA would monitor the Internet sites visited. Most importantly, the Manual did not expressly declare, or even implicitly suggest, that NERA would monitor the content of e-mail communications made from an employee’s personal e-mail account via the Internet whenever those communications were viewed on a NERA-issued computer. Nor did NERA warn its employees that the content of such Internet e-mail communications is stored on the hard disk of a NERA-issued computer and therefore capable of being read by NERA.

NERA contends that any reasonable person would have known that the hard disk of a computer makes a “screen shot” of all it sees, which the computer then stores in a temporary file, including e-mails retrieved from a private password-protected e-mail account on the Internet. NERA further contends that any reasonable person would have known that these temporary files, although not readily accessible to the average user, may be located and retrieved by a forensic computer expert. This Court does not agree that any reasonable person would have known this information. Certainly, until this motion, this Court did not know of the routine storing of “screen shots” from private Internet e-mail accounts on a computer’s hard disk.

The court concluded that the attorney-client communications were protected by the attorney-client privilege, and that the privilege was not waived. It noted that Evans did not engage in the attorney-client communications through the NERA Intranet but rather through his private, password-protected Yahoo email account that he accessed through the Internet, and that he did not forward them to his Intranet email address or purposefully save and store them on the laptop. It further noted that Evans had attempted to delete all personal documents on the laptop before returning it, and even ran a “disk defragmenter” program in an attempt to ensure that these personal documents could not be retrieved. The court concluded that the totality of these efforts were “adequate steps” to protect the confidentiality of his privileged communications with his private attorney.

The court continued:

If NERA’s position were to prevail, it would be extremely difficult for company employees who travel on business to engage in privileged e-mailed conversations with their attorneys. If they used the company laptop to send or receive any e-mails, the e-mails would not be privileged because the “screen shot” temporary file could be accessed by the company. If they used the hotel computer to avoid this risk, the communication would still not be privileged because the hotel could access the temporary file on its computer. Pragmatically, a traveling employee could have privileged e-mail conversations with his attorney only by bringing two computers on the trip-the company’s and his own. NERA’s attorney at the hearing appeared to recognize the impracticality of this consequence by arguing that the employee would still enjoy the privilege with respect to attorney-client conversations he reasonably believed the company would not be interested in reading. This attempted limitation is equally impractical, because a client should know before speaking with his attorney whether the conversation will be privileged. The client-employee cannot reasonably be expected to foresee whether the anticipated conversation would, at some time in the future, be of interest to the company or whether the conversation might stray into areas of company interest.

The bottom line is that, if an employer wishes to read an employee’s attorney-client communications unintentionally stored in a temporary file on a company-owned computer that were made via a private, password-protected e-mail account accessed through the Internet, not the company’s Intranet, the employer must plainly communicate to the employee that:

1. all such e-mails are stored on the hard disk of the company’s computer in a “screen shot” temporary file; and

2. the company expressly reserves the right to retrieve those temporary files and read them.

Only after receiving such clear guidance can employees fairly be expected to understand that their reasonable expectation in the privacy of these attorney-client communications has been compromised by the employer.