On December 22, 2020, in litigation between WeWork and the Softbank Group, the Delaware Court of Chancery determined that the Softbank Group must hand over several dozen otherwise privileged emails because two SoftBank representatives used email accounts at a different company (where they were also employed) and thus the confidentiality and privilege of the communications were destroyed.
While the case has some unique facts, it underscores the importance of preserving the confidentiality of communications with outside directors (and others who hold dual roles at different organizations), and the risks associated with sending confidential corporate communications to outside directors who use their own companies’ email account or accounts that otherwise are subject to third-party access or monitoring.
Chancellor Andre G. Bouchard’s decision comes as part of a lawsuit by Adam Neumann, We Holdings LLC and The We Company (collectively WeWork) against the SoftBank Group (Softbank) for SoftBank’s failure to close a tender offer for WeWork shares. The case is In re WeWork Litigation. WeWork filed a motion to compel Softbank to produce 89 responsive emails that Softbank had withheld or redacted claiming attorney-client privilege. The emails were transmitted using the email systems of Sprint, Inc., a third-party that was not involved in the dispute but was 84% owned by Softbank until April 1, 2020. Several individuals affiliated with Sprint were involved and wore multiple hats at both companies, including Sprint’s Chairman and COO, who served on the WeWork board on Softbank’s behalf.
The key fact, and what sparked the discovery dispute, was that two employees sought and received legal advice through Sprint email accounts from Softbank’s lawyers regarding WeWork. Relying on attorney-client privilege, SoftBank withheld these documents from production. WeWork moved to compel on the ground that communications to or from these employees at their Sprint email addresses were not confidential, as Sprint maintained the right to monitor emails on its system.
Using the test articulated in In re Asia Global Crossing, Ltd., the court found that the employees should not have had a reasonable expectation of privacy in their Sprint email accounts. The factors in Asia Global included whether the corporation: i) maintains a policy banning personal or objectionable use, ii) monitors employee use of computers or emails, iii) grants third parties a right of access to computers or emails, and iv) notified employees (or employees were aware) of its use and monitoring policies.
The court found that the Sprint Code of Conduct clearly stated that employees should not have an expectation of privacy when sending, receiving, accessing or storing information and that it had a right to review workplace communications, including emails, at any time, even though there was no explicit language banning personal use of email.
Regarding the second factor, the court determined that Softbank failed to provide evidence that Sprint did not monitor the communications of the employees at issue. It also stated that where a company reserves the right to monitor work email, as Sprint had done, its absence of past monitoring or intermittent monitoring would not undermine its reservation of its right to do so.
The court also found that the third factor favored production of the emails because Softbank did not produce any evidence that the relevant employees took “significant and meaningful steps to defeat access” by Sprint. The court noted that the parties did not switch to a different webmail account or encrypt their communications.
Finally, the court found that the employees were aware or should have been aware of Sprint’s policy, given their positions within Sprint, and should not have had a reasonable expectation of privacy.
The court dismissed arguments made by Softbank that because the employees were parties to agreements with Softbank they owed duties of confidentiality to it, noting that the employees still should not have had a reasonable expectation of privacy in using their Sprint account for non-Sprint matters. The court also noted that the employees failed "numerous times" to ensure the confidentiality of the communications and declined to rule for SoftBank just because the party seeking access to the emails was an outsider and not the company whose system was used for other business.
Perhaps the broadest and most immediate impact of the WeWork decision is for companies to carefully examine the communication practices of their outside directors (and other employees also holding roles at outside companies), particularly in cases where they provide or receive corporate communications through a non-private third-party account. This occurs, for instance, where an outside director is an officer of another company and uses his or her email account at that company to conduct board business, such as receiving board books and other confidential information.
While the WeWork case may arguably be limited to its particular facts, to minimize the risk that such confidential communications will become discoverable, companies should consider the following:
- Provide company email addresses for directors and instruct them to only use such email addresses for communications regarding board matters;
- Alternatively, send the substance of communications through board portals, and only use email to inform directors about the arrival of new communications in the board portals;
- If directors must communicate substantive information outside of a board portal or company-provided email account, instruct them to use personal email accounts or other confidential mechanisms that are not subject to third-party monitoring, and to avoid commingling those communications with personal or other communications – to ease separate review and avoid the potential of needing to have lawyers review unrelated emails in the event that litigation is filed.