Don’t Risk Your Privilege by Directors Using Their Employer’s Email Account
A recent Delaware decision on a document production issue in the WeWork litigation highlights potential risks from outside directors using external work email accounts in a way that could jeopardize attorney-client privilege on documents they send or receive.
In the case, two Softbank insiders had dual roles at WeWork and Sprint, another Softbank portfolio company. The Softbank insiders asserted privilege on certain WeWork-related documents that were sent to or from their Sprint email accounts (Sprint was not at all involved in this matter). The court — recognizing that issues of privilege must be decided on a case-by-case basis — found that the insiders’ use of Sprint email accounts, rather than Softbank or personal email accounts, resulted in a waiver of privilege that otherwise may have applied. Because of Sprint’s generally applicable email use policy for employees, among other facts, the Softbank insiders had no “reasonable expectation of privacy” (a prerequisite to assert privilege over “confidential communications”) when using their Sprint accounts for Softbank matters.
The court applied the four-factor test from an earlier Federal case to determine whether there was a reasonable expectation of privacy with respect to a work email account:
“(1) does the corporation maintain a policy banning personal or other objectionable use, (2) does the company monitor the use of the employee’s computer or email, (3) do third parties have a right of access to the computer or emails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?”
The court focused primarily on the first factor which prior Delaware cases “held to weigh in favor of production when the employer has a clear policy banning or restricting personal use, where the employer informs employees that they have no right of personal privacy in work email communications, or where the employer advises employees that the employer monitors or reserves the right to monitor work email communications.”
The Sprint Code of Conduct, like that of many employers, specifically stated that there is no expectation of privacy and reserved the right for Sprint to review employee’s emails. The court held that the absence of a clear ban on personal use of Sprint email did not offset these two factors.
While most cases relating to work email privilege issues arise in disputes between an employer and its own employee using the employer’s email system, the court found no reason that the same analysis should not apply where an outside third party is seeking production.
This decision is an important reminder that, depending on the specific circumstances, outside directors may want to avoid using their work email accounts (i.e., of their primary employer) to send or receive board materials that otherwise may be privileged. Despite the convenience of doing so, many employers have email use policies that could cause privilege issues under the four-factor test described above. It may be preferable to utilize confidential board portals, to use personal email accounts (even better if they are “special purpose” personal accounts used only for the specific role), or to arrange for director email accounts to be set up by the company where they serve.