California Court of Appeals Decision Reminds Employers to Have Clear, Enunciated IT Systems Use Policy

April 17, 2023 Advisory

Electronic communications are an indispensable component of business in today’s world. Every day, employees send emails, text messages and instant messages by the thousands through their corporate email systems and devices, not only for business-related communications with colleagues, customers, vendors and partners, but also to discuss personal matters with friends, family and spouses. Although companies may believe they can access and use all electronic information on company property, beware.

Ruling on a dispute between former business partners of a cannabis manufacturing company, a California appellate court recently drove home the need for employers to implement well-defined written policies governing employees’ use of company information technology (IT) resources and communications systems. Equally important, it also addressed the employer’s ability to monitor and control such resources and systems (Militello v. VFARM 1509, ___ Cal.Rptr.3d ____ (2023), 2023 WL 2579204 (Mar. 21, 2023)). In the lawsuit, the plaintiff, a former (disgruntled) director of the cannabis manufacturer, sued the business and the remaining directors alleging a number of business torts and wrongful termination. Without telling her business partners, the plaintiff accessed the company’s email system and pulled emails between one of the other directors and her husband, to use during the lawsuit.

The manufacturer and remaining directors moved to disqualify the former director’s counsel, arguing that the emails were protected by the spousal privilege and that the plaintiff’s counsel had failed to disclose receipt of the presumptively privileged communications. The trial court agreed and granted the motion to disqualify.

The court of appeal affirmed, finding: (1) there was no evidence the cannabis manufacturer had a written electronic systems monitoring policy (whether through its governing bylaws or an employee handbook) or a policy prohibiting the director from using her company-issued email for personal communications; (2) there was no evidence the director whose emails were accessed had agreed to such a policy; and (3) there was no evidence the director had received any warning from the email service provider that her email account would be monitored. 

Takeaways for California Employers

In light of this decision, employers should review their policies to ensure they have a well-defined IT resources and communications systems policy, which should, at a minimum:

  • Define the resources and systems covered by the policy.
  • Notify employees that there is no reasonable expectation of privacy when using company resources, devices, and systems, including to conduct personal communications.
  • Notify employees that company-issued resources, devices and systems are monitored by the company.
  • Define any inappropriate use of company IT resources and communications systems, including communications for personal use.
  • Require employees to acknowledge that they understand the policy and consent to it.

California employers that access and review employees’ messages, even personal ones, without first having put into place a clear, written policy specifying their right to do so, risk incurring liability for claims of invasion of privacy or, as in the case above, losing their counsel of choice in a litigation. If you have questions regarding compliance, please reach out to the authors listed below or your regular Armstrong Teasdale lawyer.

Contact Us
  • Worldwide
  • Boston, MA
  • Chicago, IL
  • Denver, CO
  • Dublin, Ireland
  • Edwardsville, IL
  • Jefferson City, MO
  • Kansas City, MO
  • Las Vegas, NV
  • London, England
  • Miami, FL
  • New York, NY
  • Orange County, CA
  • Philadelphia, PA
  • Princeton, NJ
  • Salt Lake City, UT
  • St. Louis, MO
  • Washington, D.C.
  • Wilmington, DE
abstract image of world map
Boston, MA
800 Boylston St.
30th Floor
Boston, MA 02199
Google Maps
Boston, Massachusetts
Chicago, IL
100 North Riverside Plaza
Suite 1500
Chicago, IL 60606-1520
Google Maps
Chicago, Illinois
Denver, CO
4643 S. Ulster St.
Suite 800
Denver, CO 80237
Google Maps
Denver, Colorado
Dublin, Ireland
Fitzwilliam Hall, Fitzwilliam Place
Dublin 2, Ireland
Google Maps
Edwardsville, IL
115 N. Second St.
Edwardsville, IL 62025
Google Maps
Edwardsville, Illinois
Jefferson City, MO
101 E. High St.
First Floor
Jefferson City, MO 65101
Google Maps
Jefferson City, Missouri
Kansas City, MO
2345 Grand Blvd.
Suite 1500
Kansas City, MO 64108
Google Maps
Kansas City, Missouri
Las Vegas, NV
7160 Rafael Rivera Way
Suite 320
Las Vegas, NV 89113
Google Maps
Las Vegas, Nevada
London, England
Royal College of Surgeons of England
38-43 Lincoln’s Inn Fields
London, WC2A 3PE
Google Maps
Miami, FL
355 Alhambra Circle
Suite 1200
Coral Gables, FL 33134
Google Maps
Photo of Miami, Florida
New York, NY
7 Times Square, 44th Floor
New York, NY 10036
Google Maps
New York City skyline
Orange County, CA
19800 MacArthur Boulevard
Suite 300
Irvine, CA 92612
Google Maps
Philadelphia, PA
2005 Market Street
29th Floor, One Commerce Square
Philadelphia, PA 19103
Google Maps
Philadelphia, Pennsylvania
Princeton, NJ
100 Overlook Center
Second Floor
Princeton, NJ 08540
Google Maps
Princeton, New Jersey
Salt Lake City, UT
222 South Main St.
Suite 1830
Salt Lake City, UT 84101
Google Maps
Salt Lake City, Utah
St. Louis, MO
7700 Forsyth Blvd.
Suite 1800
St. Louis, MO 63105
Google Maps
St. Louis, Missouri
Washington, D.C.
1717 Pennsylvania Avenue NW
Suite 400
Washington, DC 20006
Google Maps
Photo of Washington, D.C. with the Capitol in the foreground and Washington Monument in the background.
Wilmington, DE
1007 North Market Street
Wilmington, DE 19801
Google Maps
Wilmington, Delaware