This week's Legal Currents column, which is published in The Daily Record, is entitled "Technology and the attorney-client privilege" The article is set forth in full below, and a pdf of the article can be found here.
My prior articles can be accessed here.
Technology and the attorney-client privilege
The attorney-client privilege was significantly
weakened by a recent New York
County Supreme Court decision.
In Scott v. Beth Israel Medical Center Inc., 2007
NY Slip Op. 27429, the court held that a New
York physician’s e-mails to his lawyers were
The e-mails in question related to possible employment
litigation against the plaintiff physician’s then-employer,
Beth Israel Medical Center, and were sent over the hospital’s
e-mail server using the physician’s work e-mail address.
The hospital contended the emails were not made in confidence,
since its policy provided that e-mails sent using the
server should be for business purposes only and it
“reserve(d) the right to access and disclose such (e-mails) …
at any time without prior notice.”
The hospital admitted, however, that the plaintiff’s e-mail
was not monitored.
The plaintiff asserted that, pursuant to CPLR 4548, the
e-mails were made in confidence.
CPLR 4548 states: “No communication privileged under
this article shall lose its privileged character for the sole
reason that it is communicated by electronic means or
because persons necessary for the delivery or facilitation
of such electronic communication may have access to the
content of the communication.”
As explained by Vincent Alexander in the Practice Commentaries
following this CPLR provision, “in effect, [it]
constitutes a legislative finding that when parties to a
privileged relationship communicate by e-mail, they have
a reasonable expectation of privacy.”
The issue of whether e-mails of this nature were privileged
was of first impression for New York
State courts, so the court relied heavily on In re:
Asia Global Crossing Ltd., 322 BR 247 (SDNY
2005), a case with a similar fact pattern that
addressed the issue of whether employee emails
sent to counsel using an employer server
In Asia Global, the court set forth four factors
to be used in determining whether an
employee has an expectation of privacy in his
computer: 1) whether the employer’s policies
ban personal and other objectionable use of
its computers; 2) whether the employer monitors
the use of the employee’s computer or email;
3) whether third parties have access to the computer
or emails and 4) whether the employer notified the
employee or the employee was aware of the use and monitoring
The Scott court applied these factors and concluded the emails
were not made in confidence. The court recognized
CPLR 4548 trumps the third factor regarding third party
access to the e-mails, but the hospital prevailed as to the other
factors since an e-mail policy was in place, the hospital
retained the right to monitor e-mails and the plaintiff, as a
hospital administrator, had both actual and constructive
notice that the hospital might monitor e-mail correspondence.
I daresay the court got it wrong.
On its face, CPLR 4548 specifically negates both the second
and third Asia Global factors regarding the setting in
which communication occurs because privilege does not
disappear simply because a third party “may have access to
… [a] communication.”
That leaves only the first and fourth factors in play,
which revolve around divining the plaintiff’s subjective
expectation of confidentiality.
As explained in Curto v. Medical World Communications
Inc., 2006 WL 1318387 (EDNY), a case that discussed the Asia Global decision, one important factor to consider in
determining the em-ployee’s expectation is the actual
practices of the employer: “(I)n light of the few instances
of actual monitoring … together with the fact that many …
employees had personal e-mail accounts at work, employees
were lulled in a ‘false sense of security’ regarding their
personal use of company-owned computers,” Id. at 8.
In Scott, the court likened the effect of the hospital’s email
policy to “hav(ing) the employer look … over your
shoulder each time you send an e-mail,” Scott, supra. at 3.
However, given the hospital’s actual practice, which
was to refrain from monitoring, e-mails sent by the plaintiff
were more akin to sending an e-mail after hours, when
no one was around, so as to avoid the remote possibility
your employer might view it on the screen.
This argument is buttressed further by the fact that the
plaintiff, as a hospital administrator, likely was aware of
the hospital’s actual practices regarding e-mail monitoring.
The court’s holding in this case ignores the legislative
intent behind the enactment of CPLR 4548 and the legitimate
expectation of confidentiality the plaintiff had
regarding e-mail communication with his attorneys. Any
other conclusion fundamentally weakens the attorney
client privilege by eroding the trust that serves as the very
foundation of an open, honest and successful attorney-client