Attorney-Client Privilege in Communications with Outside Directors

Corporate counsel should pay close attention to a recent Delaware Court of Chancery decision that addresses the potential for outside directors to waive attorney-client privilege. They do so by communicating through third-party email addresses that do not entitle them to a reasonable expectation of privacy.

The decision arose within the context of a discovery dispute related to litigation commenced by the We Company (WeWork). 

To resolve its liquidity crisis, WeWork and its majority shareholder entered into a Master Transaction Agreement with Softbank Group (SBG), which obligated SBG to use its reasonable best efforts to consummate a tender offer with WeWork. At the time, SBG was the majority owner of Sprint, Inc., a third party not involved in the WeWork litigation, and several SBG employees wore multiple hats at SBG and Sprint. For example, SBG’s chief operating officer was chairman at both Sprint and WeWork, and was assisted by Sprint’s CEO on WeWork-related matters. Two additional Sprint employees were seconded to SBG to serve as chief of staff for the COO and staff operations director.  

After SBG failed to complete the tender offer, a special committee of the company’s board sued SBG and sought to discover communications that Sprint’s CEO and chief of staff exchanged with SBG’s internal and external counsel regarding WeWork. In response, SBG sought to retain or redact the email communications on the basis that they were confidential attorney-client communications under Delaware law.

Critically, the WeWork-related emails were sent to or from the SBG employees’ Sprint email accounts despite the fact that the employees had access to non-Sprint email accounts, which they could have used for SBG-related matters.  

At the heart of the dispute over the documents’ privilege or lack thereof lay the threshold issue of whether the Sprint employees had a reasonable expectation of privacy when employing their Sprint email accounts for SBG-related purposes.

The Delaware Court of Chancery answered in the negative after analyzing a four-factor test: (1) does the corporation maintain a policy banning personal or other objectionable use; (2) does the company monitor the use of the employee’s computer or email; (3) do third parties have a right of access to the computer’s emails; and (4) did the corporation notify the employee, or was the employee aware, of the use and monitoring policies.

The first factor did not bode well for SBG because the Sprint conduct code explicitly provided that its employees should have no expectation of privacy in information they send or receive and further reserved Sprint’s right to review workplace communications and emails. The court determined that the second factor weighed against a reasonable expectation of privacy because SBG failed to provide evidence that Sprint did not monitor the employee’s emails at issue and, moreover, because Sprint had previously reserved its right to monitor such emails. The Court easily concluded that the fourth factor supported a waiver of the attorney-client privilege because the record was replete with evidence that the employees knew or should have known of the Sprint email policy given their positions.

The Court’s analysis regarding the third factor, which it held also weighed against a reasonable expectation of privacy, is significant because it provides a road map for corporate counsel to avoid the same result as SBG. The Court noted that SBG failed to demonstrate that the relevant employees took any “significant and meaningful” steps to prevent Sprint from accessing the SBG-related emails sent from their Sprint email addresses. The Court opined that switching to a different webmail account or encrypting their messages would have constituted appropriate steps to prevent access and likely would have resulted in a different outcome.  

The WeWork decision is important for businesses that seek to maintain the confidentiality of their privileged communications. It counsels that outside directors who employ their company emails to exchange confidential communications run the risk of destroying any reasonable expectation of privacy. Failure to maintain attorney-client privilege renders confidential communications susceptible to discovery in future litigation.  

In the wake of the WeWork decision, the best practice for companies is to closely scrutinize the communication practices of outside directors or board members who send or receive confidential communications. Outside board members or directors should not regularly send or receive confidential communications through a work email address if their employer has a right to monitor such emails. Instead, the transmission of attorney-client or other confidential communications should occur through means that maintain a reasonable expectation of privacy. For example, provide company email addresses to outside board members or directors, communicate through portals, or otherwise encourage the use of personal email accounts that are not subject to monitoring from employers or other third parties.