Online Exclusive: Supreme Court Takes On Electronic Privacy Case

Richard Convertino served as lead prosecutor against Karim Koubriti, a high-profile suspected terrorist in Detroit. In 2003, following Koubriti’s acquittal, the Justice Department’s Office of Professional Responsibility (OPR) began investigating allegations of prosecutorial misconduct by Convertino, who was an assistant U.S. attorney for the Eastern District of Michigan.

The OPR created a series of confidential letters detailing the allegations. Only a few people had access to them. Yet someone leaked the information, and the news ended up in the Detroit Free Press on Jan. 14, 2004. The Office of the Inspector General opened an investigation to find the source of the leak but ultimately determined there was insufficient evidence to prove who it was.

Convertino remained unsatisfied with the official conclusion, so he sued the DOJ for allowing the improper leak. In Convertino v. U.S. Department of Justice, the U.S. District Court in D.C. ruled Dec. 10, 2009, against Convertino’s motion to compel production of internal DOJ e-mails related to the case. Those included 36 personal messages between DOJ prosecutor Jonathan Tukel and his personal attorney.

In the ever-evolving field of privacy law regarding employee e-mail and electronic messages, Convertino is unique because it protects the privacy and attorney-client privilege of an employee who sent personal e-mails over a company server.

“It’s the first case I’m aware of where the court has found that an employee did not waive privilege in an e-mail sent over the corporate server,” says Philip Gordon, chair of Littler Mendelson’s Privacy and Data Protection Practice Group.

Inadvertent Disclosure

Tukel, first assistant U.S. attorney for the Eastern District of Michigan until May 2005, was one of the first people to know about the confidential accusations against Convertino. Anticipating litigation, Tukel retained counsel and corresponded with him through his DOJ e-mail account. Convertino wanted access to those 36 e-mails.

In denying Convertino’s request, District Court Judge Royce Lamberth ruled the disclosure inadvertent–the main legal consideration as to whether privilege is waived. He said Tukel’s attorney-client privilege was not waived.

“Mr. Tukel had no intention of allowing the DOJ, his employer, to read the e-mails he was sending to his personal attorney through his work e-mail account,” Lamberth wrote. “Mr. Tukel also took steps to delete the e-mails as they were coming into his account–failing to realize that his employer had the e-mails.”

In most companies, it would be unreasonable for an employee to assume his or her employer would not have access to any e-mail sent at work, but the DOJ operated under the unusual policy of explicitly allowing employees to use work e-mail addresses for personal use.

“The DOJ hadn’t informed employees that e-mail communications would be retained and possibly reviewed,” says Anthony Diana, a partner at Mayer Brown. “Most of the case law out there has emphasized the fact that an employee doesn’t have an expectation of privacy. Data that resides on employer systems and servers is property of the employer.”

Another difference between Convertino and other cases dealing with e-mail privacy at work is that Tukel used his work e-mail address at the office. For example, in Stengart v. Loving Care Agency, decided last June, a New Jersey appellate court came to the same conclusion about attorney-client privilege in employee e-mail, but that case dealt with an employee who used a personal e-mail address, at home, on a company laptop.

Accepting Reality

In today’s hyper-connected world, it may be smarter for companies to relax their e-mail policies, if only to reflect what is already occurring in the workplace.

“What’s happened is that, increasingly, people use their business e-mail addresses for all purposes,” says James Robinson, a partner at Cadwalader, Wickersham & Taft and Tukel’s counsel in Convertino. In light of this fact, he says companies must decide whether they want to regularly monitor their employees’ e-mails.

Robinson argues that many companies (excluding a few highly regulated industries) wouldn’t want to create such a Big Brother atmosphere, which could have a negative impact on morale.

Gordon adds that if a company doesn’t actually enforce its written policy on e-mail use, it won’t hold up in court.

“My advice is not to ban personal use [of company e-mail],” he says. “The court won’t rely on that prohibition if the employer doesn’t enforce it.”

In addition to allowing some personal use while acknowledging that it is not private, Gordon recommends strongly discouraging employees from corresponding with personal attorneys at work, especially if an employee is planning to sue his employer, which runs counter to the employer’s interest.

“The employer spent a lot of money to put these [electronic management] systems in place,” Gordon says. “The systems shouldn’t be used for attempting to undermine the employer’s profitability.”

Tukel’s situation was different, Gordon adds, which could help explain the unusual ruling. He was e-mailing his attorney about defending himself–and the DOJ–against Convertino’s suit.

“It makes Tukel a little bit more of an innocent victim,” Gordon says. “There’s a dynamic difference between an employee who’s using corporate resources to hurt corporate interests and an employee using corporate resources for reasons that are in harmony with the corporate interests.”