Absent Employer Policy Employees May Have Privacy Interest in Emails Over Employer’s Email System

Employees may have a right to privacy at work.

Absent Employer Policy Of Either Monitoring Individual Email Accounts Or Prohibiting Use Of The Company’s Email Account For Personal Communications, Employees May Have Privacy Interest In Emails Over Employer’s Email System

Militello v. VFARM 1509, 89 Cal. App. 5th 602 (2023)

Shauneen Militello, Ann Lawrence Athey (Lawrence), and Rajesh Manek were the co-owners of Cannaco Research Corporation (CRC), a licensed manufacturer and distributor of cannabis products. All three individuals served as officers of CRC until Lawrence and Manek voted to remove Militello from her position. Militello sued Lawrence, Manek, and others, including Joel Athey, Lawrence’s husband, in a multicount complaint alleging causes of action for breach of contract, breach of fiduciary duty, fraud, and other torts.

Lawrence moved to disqualify Militello’s counsel, Spencer Hosie and Hosie Rice LLP, on the ground Militello had impermissibly downloaded from Lawrence’s CRC email account private communications between Lawrence and Athey, protected by the spousal communication privilege (Evid. Code, § 980), and provided them to her attorneys, who then used them in an attempt to obtain a receivership for CRC in a parallel proceeding. Militello opposed the motion, arguing in part Lawrence had no reasonable expectation her electronic communications with her husband were confidential because she knew Militello, as a director of CRC, had the right to review all communications on CRC’s corporate network. Militello also argued disqualification is not appropriate when a lawyer has received the adverse party’s privileged communications from his or her own client. The trial court granted the motion, finding that Militello had not carried her burden of establishing Lawrence had no reasonable expectation her communications with her husband would be private, and ordered the disqualification of Hosie and Hosie Rice.

The Court of Appeal affirmed the finding that Lawrence reasonably expected her communications were, and would remain, confidential. And while the Court of Appeal acknowledged that disqualification may not be an appropriate remedy when a client simply discusses with his or her lawyer improperly acquired privileged information, counsel’s knowing use of the opposing side’s privileged documents, however, obtained, is a ground for disqualification.

Consumer Privacy Protections for Employers Under the California Consumer Privacy Act

Employees right to data privacy.

Consumer Privacy Protections for Employers Under the California Consumer Privacy Act, as Amended by the California Privacy Rights Act (CCPA)


When the California Consumer Privacy Act (“CCPA”) originally took effect in 2020, it exempted employees from most of its provisions. This year, the California Privacy Rights Act (“CPRA”) finally extends major consumer privacy rights under the CCPA to employees and job applicants of covered employers. In addition to requiring covered employers to provide privacy notices at the time employee personal information is collected, the CPRA grants employees several new rights, including the rights to request what personal information their employers have collected and/or disclosed and to request that their employers delete their personal information, with some exceptions.

Covered employers do not need to – and in some instances may not – delete certain data, including where a business’s legal obligations require its retention, such as under California Labor Code Sections 1198.5(c) (retention of personnel files) and 226(a) (retention of payroll records). Among its other provisions, the CPRA also allows employees to opt out of the sale or sharing of their personal information and to limit the use of “sensitive” personal information, a new category of data under the CCPA that includes an employee’s social security number, driver’s license, and financial information, as well as race, ethnicity, and religion. The CPRA includes an anti-discrimination provision, which prohibits retaliation for the exercise of rights under the Act.

Though its provisions are wide sweeping, the CCPA focuses on larger companies and those engaged in the sale of data. It covers only companies doing business in California that fall within one of 3 categories: (i) businesses having annual gross revenues that exceed $25 million; (ii) those that annually buy, receive, share, or sell personal information of more than 100,000 consumers or households in California; or (iii) companies that derive at least 50 percent of their annual revenue from selling or sharing personal information of residents of California.