September 5, 2013
In re Information Management Services, Inc. Derivative Litigation
Submitted: August 22, 2013
[Copyrighted Material Omitted]
[Copyrighted Material Omitted]
[Copyrighted Material Omitted]
Raymond J. DiCamillo, Scott W. Perkins, Richards, Layton & Finger, P.A., Wilmington, Delaware; J. Christian Word, Katherine A. Schettig, Latham & Watkins LLP, Washington, District of Columbia; Attorneys for Plaintiffs.
Peter B. Ladig, Katherine J. Neikirk, Morris James LLP, Wilmington, Delaware; J. Stephen McAuliffe, III, Miles & Stockbridge P.C., Rockville, Maryland; Scott Wilson, Miles & Stockbridge P.C., Baltimore, Maryland; Attorneys for Defendants.
Barry M. Klayman, Cozen O'Connor, Wilmington, Delaware; Donald N. Sperling, Jeffrey M. Schwaber, Jamie M. Hertz, Stein Sperling Bennett De Jong Driscoll PC, Rockville, Maryland; Attorneys for Nominal Defendant, Information Management Services, Inc.
LASTER, Vice Chancellor.
Trusts that own fifty percent of the common stock of nominal defendant Information Management Services, Inc. (" IMS" or the " Company" ) allege that two of the Company's three most senior officers mismanaged the Company in breach of their fiduciary duties. The executives consulted with their personal lawyers and advisors about the alleged mismanagement using their work email accounts. IMS gathered the emails but took no position on whether they should be produced. The executives invoked the attorney-client privilege. They did not rely on the work product doctrine. The trusts moved to compel, arguing that the attorney-client privilege does not apply because the Company reserved the right to monitor all email communications on IMS accounts, thereby eliminating any reasonable expectation of confidentiality. The motion is granted.
I. FACTUAL BACKGROUND
The facts for purposes of the motion to compel are drawn from the allegations in the pleadings and the exhibits and affidavits submitted in connection with the briefing on the motion. What follows are not formal factual findings, but rather how the court views the record for purposes of a discovery ruling. At this stage of the case, the court cannot resolve conflicting factual contentions.
A. Information Management Services, Inc.
IMS is a Delaware corporation with its principal place of business in Rockville, Maryland. The Company provides analytical software tools and other products used primarily to evaluate clinical trials for biomedical research.
The Burton family and the Lake family each beneficially own fifty percent of the Company's common stock. The Burton family owns its half through two trusts, the EB Trust and the IMS Trust. Evelyn Burton is the sole trustee of the EB Trust; Michael Burton is the sole trustee of the IMS Trust. The Lake family owns the
other half through the William H. Lake Grantor Trust. Brothers William Lake, Jr. and Andrew Lake are co-trustees of the Lake trust. Their mother, Jean Lake, is a beneficiary of the Lake trust. To differentiate among the individuals, this decision uses their first names.
The Company's board of directors (the " Board" ) has four members, two from the Burton family and two from the Lake family. The Burton family representatives are Evelyn and Michael. The Lake family representatives are Jean and Andrew.
Effective control over day-to-day management of the Company currently rests with the Lake family. It was not always so. Robert Burton and William Lake, Sr., founded the Company and managed the business together for many years. Robert, now deceased, was Evelyn's husband and Michael's father. William Sr., now retired, is Jean's husband and William and Andrew's father.
William Sr. retired in 2007. Robert passed away in 2010. At the time of Robert's death, William held the positions of President, Secretary, CFO, and Treasurer. Andrew held the position of Executive Vice President. Non-party Janis Beach, who joined the Company in 1974, held the position of COO. Since then, William, Andrew, and Janis have remained the most senior executives at the Company.
B. The Dispute
The Burton trusts allege that in the first quarter of 2011, William permitted IMS to overdraw its revolving line of credit by approximately $80,000, forcing IMS to obtain an emergency increase to meet payroll and other outstanding obligations. William allegedly did not inform the Board concurrently of this event or the Company's financial position.
In October 2011, Michael joined IMS. Michael perceived problems from inside the Company including lack of growth, a general failure to market the Company's intellectual property, and poor employee morale.
In May 2012, the Burtons scheduled a meeting with William and Andrew to discuss their concerns. William and Andrew cancelled the meeting. In June, IMS informed Michael that his employment would be terminated.
The Burtons next retained Venture Advisors Financial and Strategic Services, LLC (" Venture Advisors" ) to review the Company's books and records. Venture Advisors also interviewed William, Andrew, and Nancy MacGillivary, a bookkeeper.
In a report issued on July 30, 2012, Venture Advisors criticized senior management on several grounds, including their failure to understand or comply with Generally Accepted Accounting Principles, Federal Acquisition Regulations, and the Fair Labor Standards Act (the " FLSA" ). The report identified as issues an absence of professional accounting expertise, a lack of budgeting and financial planning, the use of unconventional compensation practices, and the failure to plan for the Company's " graduation" from Small Business Administration (" SBA" ) status.
During a special meeting of the Board on August 23, 2012, the directors discussed the Venture Advisors' report and the Burton family's concerns. The Burton representatives proposed to bring in professional managers to serve as the CEO and CFO. The Lake representatives declined, resulting in deadlock. The Board resolved to hire outside counsel to evaluate the Company's compliance with the FLSA. The Burtons complain that William picked the law firm himself and instructed the firm not to communicate with the Burtons
or the Board before presenting its final report.
During a meeting of the Board on September 14, 2012, the Board resolved to hire a consultant to evaluate the SBA issues. The Board deadlocked over the selection of the consultant and the scope of work. In October 2012, the Company retained Rubino & Company, Chartered, a financial services company with a special focus on government contracting, to review the Company's accounting practices and financial reporting.
On November 1, 2012, the Board met again. The Burton representatives proposed terminating William for cause, eliminating the Executive Vice President position held by Andrew, bringing in a CEO from outside the Company, and hiring Robert Dudley of Venture Advisors as CFO. The Lake representatives declined, resulting in deadlock. The Burtons then refused to approve any bonuses for senior management or staff. Over the ensuing weeks, the Burtons modified their position, rejecting only the bonuses for William and Andrew.
C. The Litigation
On December 31, 2012, the Burton trusts filed a complaint that charges William with breaching his fiduciary duties as an officer of IMS by mismanaging the Company and Jean and Andrew with breaching their fiduciary duties as directors of IMS by protecting William and enabling him to continue running the Company. In response, on January 28, 2013, the Lake trust filed a complaint of its own that charges Evelyn and Michael with breaching their fiduciary duties by denying bonuses to management, causing the Company to incur liability to reimburse the federal government for amounts tied to the unpaid bonuses, and publicly disseminating confidential information about the Company. The complaint alleges that Evelyn and Michael have taken these actions in an effort to generate leverage to force a sale of their stock or the Company as a whole. The two actions were consolidated, generating this proceeding.
D. The Motion to Compel
During discovery, IMS advised the plaintiffs that William and Andrew used their work email accounts both before and after the filing of the lawsuit to communicate with their personal attorneys and advisors. The Company collected the emails, and William and Andrew asserted the attorney-client privilege. They did not invoke the work product doctrine. The defendants prepared a privilege log that identified 362 emails and attachments sent between August 2012 and March 2013. The Burton trusts then moved to compel IMS to produce the emails, arguing that the attorney-client privilege did not apply because William and Andrew communicated using work email accounts maintained on the IMS servers.
The IMS Policy Manual notifies employees that IMS has unrestricted access to communications sent using Company computers and that personal use of IMS computers should not be considered private. Section 9.1 of the IMS Policy Manual states: " You should assume files and Internet messages are open to access by IMS staff. After hours you may use IMS computers for personal use, but if you want the files kept private, please save them offline." Motion to Compel Ex. A at 6. Both William and Andrew filed affidavits stating that IMS has never actually engaged in email monitoring.
It is not seriously disputed that William and Andrew knew about the policy. There is also evidence that William understood that his work email account was accessible. In one email, William wrote " I'm switching
over to my commercial email, just so I don't leave any more tracks about Mike in my IMS box." Motion to Compel Ex. G. In another email, he told a colleague that he was " sending ... this via commercial email because it is stated to be confidential." Motion to Compel Ex. H.
II. LEGAL ANALYSIS
Delaware Rule of Evidence 502 establishes the scope of the attorney-client privilege under Delaware law. See Zirn v. VLI Corp., 621 A.2d 773, 781 (Del.1993) (" The [attorney-client] privilege was recognized at common law but received formal promulgation in Delaware through the adoption of the Delaware Rules of Evidence." ). Rule 502(b) states:
General rule of privilege.
A client has a privilege to refuse to disclose and to prevent any other person from disclosing confidential communications made for the purpose of facilitating the rendition of professional legal services to the client (1) between the client or the client's representative and the client's lawyer or the lawyer's representative, (2) between the lawyer and the lawyer's representative, (3) by the client or the client's representative or the client's lawyer or a representative of the lawyer to a lawyer or a representative of a lawyer representing another in a matter of common interest, (4) between representatives of the client or between the client and a representative of the client, or (5) among lawyers and their representatives representing the same client.
D.R.E. 502(b). The motion to compel asserts that because William and Andrew used their IMS email accounts, their emails were not " confidential communications." The motion does not otherwise dispute that the requirements for the attorney-client privilege are met. The opposition does not argue that Andrew should be treated differently because he is a director of the Company.
" The burden of proving that the privilege applies to a particular communication is on the party asserting the privilege." Moyer v. Moyer, 602 A.2d 68, 72 (Del.1992). Rule 502(a)(2) states that " [a] communication is ‘ confidential’ if not intended to be disclosed to third persons other than those to whom disclosure is made in furtherance of the rendition of professional legal services to the client or those reasonably necessary for the transmission of the communication." D.R.E. 502(a)(2). A party's subjective expectation of confidentiality must be objectively reasonable under the circumstances. See Upjohn Co. v. United States, 449 U.S. 383, 389, 395, 101 S.Ct. 677, 66 L.Ed.2d 584 (1981); Edward J. Imwinkelried, The New Wigmore: A Treatise on Evidence: Evidentiary Privileges § 6.8.1 (2013); 1 Paul R. Rice, Attorney-Client Privilege in the United States § 6 (2012).
Delaware courts have not addressed whether an employee has a reasonable expectation of privacy in a work email account. In one of the early decisions to
consider the issue, the Bankruptcy Court for the Southern District of New York started from the proposition that an employee can have a reasonable expectation of privacy in a work email account. In re Asia Global Crossing, Ltd., 322 B.R. 247, 256 (Bankr.S.D.N.Y.2005). The Bankruptcy Court explained that under United States Supreme Court precedent, an employee can have reasonable expectation of privacy in areas such as the employee's office, desk, and files, but that the " employee's expectation of privacy ... may be reduced by virtue of actual office practices and procedures, or by legitimate regulation." Id. at 257 (quoting O'Connor v. Ortega, 480 U.S. 709, 717, 107 S.Ct. 1492, 94 L.Ed.2d 714 (1987)) (internal quotation marks omitted). " Although e-mail communication, like any other form of communication, carries the risk of unauthorized disclosure, the prevailing view is that lawyers and clients may communicate confidential information through unencrypted e-mail with a reasonable expectation of confidentiality." Id. (collecting authorities). In the ordinary course of business, employees who send communications within the company over the employer's email system can reasonably expect that outsiders will not be able to access the system. Id. Consequently, " [a]ssuming a communication is otherwise privileged, the use of the company's e-mail system does not, without more, destroy the privilege." Id. at 251.
An employer's policies and procedures regarding work email can alter the employee's reasonable expectation of privacy. Most employers choose to monitor work email accounts, or at least reserve the right to do so, for a host of legitimate business reasons. " In light of the variety of work environments, whether the employee has a reasonable expectation of privacy must be decided on a case-by-case basis." Asia Global, 322 B.R. at 257 (citing Ortega, 480 U.S. at 718, 107 S.Ct. 1492).
To guide the case-by-case analysis, the Asia Global court identified four factors:
(1) does the corporation maintain a policy banning personal or other objectionable
use, (2) does the company monitor the use of the employee's computer or e-mail, (3) do third parties have a right of access to the computer or e-mails, and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?
Id. No one factor is dispositive. Id. at 258-59. The question of privilege comes down to " whether the [employee's] intent to communicate in confidence was objectively reasonable." Id. at 258.
Numerous courts have applied the Asia Global factors or closely similar variants when analyzing the attorney-client privilege. Several of the Asia Global factors have been refined through subsequent application. In the current case, the Asia Global factors weigh in favor of production.
A. The Corporation's Policies On Work Email And Monitoring
As framed by the Asia Global court, the first factor is " does the corporation maintain a policy banning personal or other objectionable use?" 322 B.R. at 257. This factor has been refined to focus on the nature and specificity of the employer's policies regarding email use and monitoring. It has been held to weigh in favor of production when the employer has a clear policy banning or restricting personal use, where the employer informs employees that they have no right of personal privacy in work email communications, or where the employer advises employees that the employer monitors or reserves the right to monitor work email communications. " [A]n outright ban on personal use would
likely end the privilege inquiry at the start." Finazzo, 2013 WL 619572, at *8; accord Reserve Fund, 275 F.R.D. at 163 (collecting cases). But a complete ban on personal use is not required. This factor has been held to weigh against production if the employer does not have a clear policy or practice regarding personal use and monitoring.
The policy manual that IMS provided to all employees contains a section entitled " Computer Privacy." It states: " You should assume files and Internet messages are open to access by IMS staff. After hours you may use IMS computers for personal use, but if you want the files kept private, please save them offline." This policy notified employees that although they could send personal emails using their work accounts, those emails would not be private and could be accessed by IMS. Although this policy is less detailed than some of the policies described in precedent decisions, it sufficiently put IMS employees on notice that their work emails were not private. The first Asia Global factor favors production.
B. The Degree To Which The Corporation Acts In Accordance With Its Policies
As framed by the Asia Global court, the second factor is " does the company monitor the use of the employee's computer or e-mail?" 322 B.R. at 257. This factor has been refined to focus on the extent to which the employer adheres to or enforces its policies and the employee's knowledge of or reliance on deviations from the policy. Although some decisions have held that if an employer reserves the right to monitor work email, then whether it actually does so is irrelevant, the employer's actual conduct with respect to monitoring remains an appropriate factor to consider, particularly if the employer has made specific representations or taken specific actions inconsistent with the monitoring policy and the employee can show detrimental reliance. If, however, the employer has clearly and explicitly reserved the right to monitor work email, then the absence of past monitoring or a practice of intermittent or as-needed monitoring comports with the policy and does not undermine it. In that setting, " evidence of actual monitoring would make an
expectation of privacy even less reasonable." Finazzo, 2013 WL 619572, at *9.
William and Andrew have submitted affidavits saying that IMS never in fact conducted email monitoring. Under its policy, IMS reserves the right to conduct email monitoring. The policy states expressly that employees " should assume files and Internet messages are open to access by IMS staff." The fact that IMS has not historically monitored emails does not conflict with its implicit reservation of the right to do so.
Building on the lack of historic monitoring, William and Andrew have contended that because they are the senior officers at IMS, they would decide whether or not IMS would monitor an employee's email. In their view, this gives them a unique expectation of privacy in the IMS system.
Legally, William and Andrew are wrong. " The business and affairs of every corporation organized under this chapter shall be managed by or under the direction of a board of directors...." 8 Del. C. § 141(a). The board of directors, not senior management, has the final say on accessing any employee's email. Moreover, because of their statutory obligation to manage the business and affairs of the corporation and the concomitant fiduciary duties they owe to the corporation and its stockholders, individual directors have informational rights that are " essentially unfettered in nature." Kalisman v. Friedman, 2013 WL 1668205, at *3 (Del.Ch. Apr. 17, 2013); accord Schoon v. Troy Corp., 2006 WL 1851481, at *1 n. 8 (Del.Ch. June 27, 2006); Intrieri v. Avatex Corp., 1998 WL 326608, at *1 (Del.Ch. June 12, 1998); Belloise v. Health Mgmt., Inc., 1996 Del.Ch. LEXIS 127, at *36 (Del.Ch. June 11, 1996) (Allen, C). If an individual director needed to access an employee's work email for a legitimate purpose, which the law presumes the director to have, then the director could do so. See 8 Del C. § 220(d). William's and Andrew's expectations of privacy in their work email are no different from any other employee's.
Factually, William and Andrew did not have a different expectation of privacy. As shown by William's communications, he understood that his work email account was not secure. See Motion to Compel Ex. G (" I'm switching over to my commercial email, just so I don't leave any more tracks about Mike in my IMS box." ); Motion to Compel Ex. H (writing to a colleague in another email, " I'm sending you this via commercial email because it is stated to be confidential." ).
Particularly in light of William's emails recognizing that his work account was not confidential, the second Asia Global factor could be treated as favoring production. But because IMS never actually engaged in email monitoring, I treat the factor as neutral.
C. Ease Of Third Party Access
As framed by the Asia Global court, the third factor is " do third parties have a right of access to the computer or e-mails?" 322 B.R. at 257. In a work email case, this factor largely duplicates the first and second factors, because by definition the employer has the technical ability to access the employee's work email account. See Goldstein, 873 F.Supp.2d at 937 (noting that in work email case, the third factor " is somewhat redundant of the first" ); Royce Homes, 449 B.R. at 740 (noting that " third parties undeniably had access to [the employee's work] e-mails by virtue of their mere placement on [the employer's] server" ). The third factor is most helpful when analyzing webmail or other electronic files that the employer has been able to intercept, recover, or otherwise
obtain. This factor encompasses consideration of (i) steps the employee took to maintain the privacy of the files, such as password-protection, encryption, or deletion, and (ii) what the employer did to obtain the files, such as whether the employer used forensic recovery techniques, deployed special monitoring software, or hacked the employee's accounts or files.
This is a straightforward case involving work email. IMS, a third party to the communication, had the right to access William's and Andrew's emails when they communicated using their work accounts. Although William and Andrew took the precautionary step of putting the phrase " subject to the attorney client privilege" in the subject line, they failed to take more significant and meaningful steps to defeat access, such as shifting to a webmail account or encrypting their communications. The third Asia Global factor favors production.
D. The Employee's Knowledge Regarding The Company's Policies And Actions
As framed by the Asia Global court, the fourth factor is " did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?" 322 B.R. at 257. This factor has persisted relatively unchanged. If the employee lacked knowledge of the email policy and the party seeking production cannot show that the employee was notified of the policy, then this factor favors the existence of a reasonable expectation of privacy. If the employee had actual or constructive knowledge of the policy, then
this factor favors production because any subjective expectation of privacy that the employee may have had is likely unreasonable.  Decisions have readily imputed knowledge of an employer's policy to officers and senior employees.
William and Andrew were two of the three most senior officers at IMS, and they do not deny knowing about the Company's policies. As discussed, William's communications demonstrate that he understood his work email was not secure. The fourth Asia Global factor favors production.
E. The Potential For A Statutory Override
Three of the four Asia Global factors point towards production and one is neutral. The Asia Global calculus therefore calls for granting the motion to compel, absent a statutory override that could alter the common law result. Cf. Protecting the Confidentiality of Unencrypted E-mail, ABA Formal Op. 99-413 (relying on protections afforded by the Electronic Communications Protection Act of 1986 (the " ECPA" ) when opining that attorneys could communicate ethically with their clients using unencrypted email). Delaware, for example, requires that before an employer conducting business in the First State can monitor work email lawfully, the employer must (i) provide notice to employees daily that it engages work email monitoring or (ii) obtain written consent from the monitored employees. 19 Del. C. § 705(b). Although the court need not reach the issue, it is possible that if a Delaware employer did not follow either statutory path, then a Delaware employee might have a reasonable expectation of privacy in light of the additional protection provided by the Delaware Code.
The Delaware statute applies only to businesses operating in Delaware, not to Delaware entities who operate elsewhere but choose Delaware as their corporate home. See Klig v. Deloitte LLP, 36 A.3d 785, 797-98 (Del.Ch.2011). In this case, IMS conducts its business in Maryland. IMS is only a Delaware citizen by virtue of having selected Delaware as its state of incorporation and maintaining a registered agent here. The federal government and the State of Maryland are the sovereigns whose law IMS must follow when dealing with its employees' email.
1. The Federal Wiretap Act
Title I of the ECPA amended the Federal Wiretap Act of 1968 by adding the term " electronic communications" to its prohibitions, thereby making it a crime for a person to " intentionally intercept[ ], endeavor[ ] to intercept, or procure[ ] any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." 18 U.S.C. § 2511 (1)(a). Emails are electronic communications for purposes of the Federal Wire Tap Act. See Steve Jackson Games, Inc. v. U.S. Secret Service, 36 F.3d 457, 461-62 (5th Cir.1994); Healix Infusion Therapy, Inc. v. Helix Health, LLC, 747 F.Supp.2d 730, 743 (S.D.Tex.2010).
The Federal Wiretap Act provides that if a communication was intercepted in violation of the statute, then " no part of the contents of such communication and no evidence derived therefrom may be received in evidence in any trial, hearing, or other proceeding in or before any court ... of the United States [or] a State." 18 U.S.C. § 2515. On the issue of privilege, Section 2517(4) of the Federal Wiretap Act states that " [n]o otherwise privileged wire, oral, or electronic communication intercepted in accordance with, or in violation of, the provisions of this chapter shall lose its privileged character." Id. § 2517(4) (emphasis added).
There are at least four reasons why the Federal Wiretap Act does not affect the privilege analysis for work email. First, the Federal Wiretap Act only applies when a party intercepts a communication. Conte v. Newsday, Inc., 703 F.Supp.2d 126, 139 (E.D.N.Y.2010); Ideal Aerosmith, Inc. v. Acutronic USA, Inc., 2007 WL 4394447, at *4 (E.D.Pa. Dec. 13, 2007). To do so, a party must acquire the communication during transmission. See, e.g., Fraser v. Nationwide Mut. Ins. Co., 352 F.3d 107, 113-14 (3d Cir.2003) (collecting cases). Emails that have arrived at their destination, such as the corporate email server, are not within the scope of the Federal Wiretap Act. Id. An employer does not violate the Federal Wiretap Act by accessing stored work emails on its server, as IMS did here.
Second, an intercept requires the use of an " electronic, mechanical or other device." 18 U.S.C. § 2511(1)(b). The Federal Wiretap Act excludes from the definition of " device" the equipment or facility " being used by a provider of wire or electronic communication service in the ordinary course of its business." Id. § 2510(5)(a)(ii); accord Healix Infusion, 747 F.Supp.2d at 744 (holding that intercepting requires use of some device other than the email system used to convey the message; " the drive or server on which an e-mail is received does not constitute a device for purposes of the Wiretap Act" ) (citation omitted); Conte, 703 F.Supp.2d at 140-41 (same); Crowley v. Cybersource Corp, 166 F.Supp.2d 1263, 1268-69 (N.D.Cal.2001) (same). Because IMS obtained the emails through the ordinary operation of its email system, it did not use a device to intercept them.
Third, a private employer can intercept electronic communications lawfully " where such person is a party to the communication or where one of the parties to the communication has given prior consent to such interception." 18 U.S.C. § 2511(2)(d). Consent can be express or implied. Williams v. Poulos, 11 F.3d 271, 281 (1st Cir.1993). The presence of an email monitoring policy in an employee handbook or policy manual is sufficient to support a finding of implied consent to the monitoring of a work email account. See Shefts v. Petrakis, 758 F.Supp.2d 620, 630-31 (C.D.Ill.2010) (holding company president gave implied consent to corporate
monitoring of his email and texts sent using company-furnished device); Thygeson, 2004 WL 2066746, at *20 (relying on " explicit policies set out in [defendant's] Employee Handbook" ). The IMS policy on email use was sufficiently specific to establish William and Andrew's implied consent to email monitoring.
Fourth, it is not unlawful for the provider of an email account and the related technical infrastructure to " intercept, disclose, or use" a communication as part of " any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service." 18 U.S.C. § 2511(2)(a)(i). IMS provided William and Andrew with their work email accounts and the underlying technical infrastructure, and IMS therefore had the right to access their email communications as " a necessary incident to" providing the email service and for " the protection of the rights or property" of IMS. Employers monitor email (or reserve the right to do so) in large part to protect their property and to guard against potential liability. See supra note 2. IMS could monitor email legitimately for those purposes.
In light of these exceptions, the protections afforded by the Federal Wiretap Act do not give William and Andrew a reasonable expectation of privacy in their work email. The Federal Wiretap Act does not alter the common law privilege analysis.
2. The Federal Stored Communications Act
Title II of the ECPA enacted the Federal Stored Communications Act, which makes it a crime for a person to " intentionally access[ ] without authorization a facility through which an electronic communication service is provided" or to " intentionally exceed[ ] an authorization to access that facility" " and thereby obtain[ ] ... access to a wire or electronic communication while it is in electronic storage in such system." 18 U.S.C. § 2701(a). By its terms, the Federal Stored Communications Act applies to work email stored on a corporate server. See Fraser, 352 F.3d at 115; Pure Power, 587 F.Supp.2d at 555.
The Federal Stored Communications Act's prohibition against access does not apply to conduct authorized " by the person or entity providing a wire or electronic communications service." 18 U.S.C. § 2701(c)(1). This exception has been held to permit an employer to search email stored on a system that the employer administered. See, e.g., Fraser, 352 F.3d at 115. IMS administered its email system and qualifies for this exception. The Federal Stored Communications Act does not change the common law privilege analysis either.
3. The Maryland Wiretap Act
Maryland has enacted a state version of the Federal Wiretap Act. Md.Code, Cts. & Jud. Proc. §§ 10-401 to 10-414 (the " Maryland Wiretap Act" ). Although the Maryland act differs in one significant way from the federal act (Maryland is a dual consent state), the Maryland version ultimately does not alter the common law privilege analysis.
The Maryland Wiretap Act generally parallels the Federal Wiretap Act. Like the federal statute, the Maryland statute makes it unlawful for any person to " [w]illfully intercept, endeavor to intercept, or procure any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication." Md.Code, Cts. & Jud. Proc. § 10-402(a). Like the federal act, the Maryland Wiretap Act provides that if a communication was intercepted in violation of the statute, then " no part of the contents of the communication and no
evidence derived therefrom may be received in evidence in any trial, hearing, or other proceeding." Id. § 10-405(a). It further provides that " [a]n otherwise privileged wire, oral, or electronic communication intercepted in accordance with, or in violation of, the provisions of this subtitle, does not lose its privileged character." Id. § 10-407(d).
Unlike the federal statute, it is only lawful under Maryland law " for a person to intercept a[n] ... electronic communication where the person is a party to the communication and where all of the parties to the communication have given prior consent to the interception. " Id. § 10-402(c)(3) (emphasis added). By requiring consent from all parties to the communication, the Maryland Wiretap Act " has imposed stricter requirements for civilian monitoring than has federal law." Adams v. State, 43 Md.App. 528, 406 A.2d 637, 642 (1979). The parties' submissions do not suggest that William's or Andrew's personal attorneys and advisors ever consented to IMS obtaining their communications. The dual consent requirement of the Maryland Wiretap Act therefore renders the consent exception inapplicable.
Despite the unavailability of the consent exception, it remained lawful for IMS to possess William's and Andrew's work emails. The Maryland statute, like the federal act, turns on the existence of an " intercept" made with a " device," and the one Maryland decision to address those terms interpreted them narrowly, consistent with federal law. See Adams, 406 A.2d at 642. The Adams decision indicates that under the Maryland Wiretap Act, an employer accessing work emails stored on its system would be neither using a " device" nor " intercepting" the communications for the same reasons that those concepts would not apply under the Federal Wiretap Act. The Maryland act also contains an ordinary-course-of-business exception comparable to the Federal Wiretap Act. See Md.Code, Cts. & Jud. Proc. § 10-402(c)(1)(i). The Maryland Wiretap Act therefore does not change the outcome of the motion.
4. Maryland Stored Communications Act
Maryland also has enacted a state version of the Federal Stored Communications Act. Md.Code, Cts. & Jud. Proc. §§ 10-4A-01 to 10-4A-08 (the " Maryland Stored Communications Act" ). The Maryland act generally parallels the federal act. Like the federal statute, the Maryland statute makes it unlawful for any person to " [i]ntentionally access[ ] without authorization a facility through which an electronic communication service is provided" or to " [i]ntentionally exceed[ ] an authorization to access a facility" and thereby " obtain ... access to a wire or electronic communication while it is in electronic storage" in that system. Md.Code, Cts. & Jud. Proc. § 10-4A-02(a). Like the federal act, the Maryland act applies to work emails stored on a corporate server. See Upshur v. State, 208 Md.App. 383, 56 A.3d 620, 625 (2012), cert. denied, 430 Md. 646, 62 A.3d 732 (2013) (observing that the Maryland
Stored Communications Act " mirrors its federal counterpart" ).
The exceptions to the Maryland Stored Communications Act similarly parallel the federal act. They include an exception for conduct authorized " [b]y the person or entity providing a wire or electronic communications service." Md.Code, Cts. & Jud. Proc. § 10-4A-02(c)(1). While no Maryland case has interpreted this exception explicitly, it likely permits an employer to search email stored on a system that the employer administered. See Upshur, 56 A.3d at 625 (noting that Maryland act " mirrors its federal counterpart" ). IMS administered its email system and would qualify for this exception. Like its federal counterpart, the Maryland Stored Communications Act does not change the privilege analysis for work email.
F. A Cautionary Note
" It is the nature of the judicial process that [the court] decide[s] only the case before [it.]" Paramount Commc'ns Inc. v. QVC Network Inc., 637 A.2d 34, 51 (Del.1994). This decision has applied the Asia Global factors to hold that William and Andrew cannot invoke the attorney-client privilege for communications exchanged with their personal attorneys and advisors using their work email accounts. Although the case has been postured as a consolidated derivative action, it actually involves a dispute between two families, each possessing 50% of the stock and enjoying equal representation on the Board. It is far from clear whether a court would analyze privilege similarly in a more traditional derivative action involving a stockholder plaintiff with a relatively nominal stake and a board comprising individuals without any affiliation with the suing stockholder.
As the Asia Global case recognized, the premise that an employer's access to an employee's work email compromises the attorney-client privilege makes the most sense in litigation between the employer or its successor-in-interest and the employee. See 322 B.R. at 256 (" The Insiders used the debtor's e-mail system ... and the communications apparently concerned actual or potential disputes with the debtor, the owner of the e-mail system." ). Those outside the corporation cannot routinely access work email accounts, and laws like the Federal Wiretap Act and the Federal Stored Communications Act have teeth when they try. The corporation and its employees should be on different and stronger ground when those outside the corporation seek to compel production of otherwise privileged documents that employees have sent using work email. Admittedly, courts have applied the Asia Global factors and found no reasonable expectation of privacy in suits by outsiders, see, e.g., Deepwater Horizon, 2011 WL 1193030 (suits by property owners injured by oil spill), and courts routinely find no reasonable expectation of privacy in actions brought by prosecutors and regulators. It is not clear to me, however, that the analysis translates so easily when the party trying to overcome the privilege is not the corporation or its successor-in-interest.
As previously discussed, the plaintiffs in this case are trusts affiliated with directors who possess essentially unfettered informational rights. A stockholder with a small stake and no director affiliation would not have similar default rights of access and would be limited to relying on Section 220(a) of the General Corporation Law. See 8 Del. C. § 220(a). The IMS Board also is split evenly between directors affiliated with the two families, making it virtually inevitable that either family would have stockholder standing to assert the corporation's claims derivatively
against defendants affiliated with the other family. See Benerofe v. Cha, 1998 WL 83081, at *3-4 (Del.Ch. Feb. 20, 1998) (demand futile where board is split). In a more typical derivative action not involving a split board, a stockholder plaintiff does not have power to sue in the corporation's name unless and until the corporation chooses not to oppose the stockholder's suit (explicitly or implicitly) or the court determines that the stockholder can sue by denying a motion to dismiss brought pursuant to Rule 23.1.  Only then does the stockholder actually gain the power to sue on behalf of the entity. Before that point, Delaware law regards the interests of the corporation as aligned with those of individual defendants. Scattered Corp. v. Chi. Stock Exch., Inc., 1997 WL 187316, at *6-8 (Del.Ch. Apr. 7, 1997), aff'd on other grounds, 701 A.2d 70 (Del.1997). These distinctions make it unclear whether a more typical derivative action plaintiff should be able to obtain otherwise privileged communications sent using a work email account during periods pre-dating the point when the stockholder gains standing to sue.
Moreover, equity historically has imposed other limitations on a stockholder plaintiff's ability to obtain corporate documents in a derivative action, even after the stockholder gains standing to sue on behalf of the corporation. For example, a stockholder
seeking to penetrate the corporation's privilege had to show good cause under Garner v. Wolfinbarger, 430 F.2d 1093 (5th Cir.1970), cert. denied, 401 U.S. 974, 91 S.Ct. 1191, 28 L.Ed.2d 323 (1971). A stockholder plaintiff does not automatically acquire the unfettered ability to access anything sent or received over the work email system.
Finally, it is possible that the concept of selective waiver (as distinct from partial waiver) might apply in an appropriate case. Cf. Saito v. McKesson HBOC, Inc., 2002 WL 31657622, at *6-7, *11 (Del.Ch. Nov. 13, 2002) (holding that selective waiver when documents were provided to the SEC under a confidentiality agreement did not result in global waiver of the work product doctrine; " [c]onfidential disclosure of work product during law enforcement agency investigations relinquishes the work product privilege only as to that agency, not as to the client's other adversaries," thereby " encourag[ing] cooperation with law enforcement agencies without any negative cost to society or to private plaintiffs" ). It is also likely, as in Saito, that the defendants in a more traditional derivative action would invoke the work product doctrine, which was not argued here.
None of these issues has been presented, and this opinion does not provide any opportunity to hazard a guess about the potential outcome of a case in which they were raised. I mention them only to emphasize that this decision does not purport to announce a rule applicable to all derivative actions, and it should not be interpreted as doing so.
The motion to compel is granted. Within three days, the defendants shall produce the emails and attachments otherwise protected by the attorney-client privilege that William and Andrew exchanged with their personal attorneys and advisors using their work email accounts.