Guess again. A recent case out of New York, Curto v. Medical World Communications, holds that an employee does not waive the attorney-client privilege with regard to documents and communications on her company laptop. This despite a clear company policy stating that employees do not have any expectations or privacy in their communications on the company's computer system, that the computer system belongs to the company, that it can be used only for business purposes and that the company is entitled to access and review communications on the computer system.
Before you run out and start viewing pornography on your notebook WiFi connection, note some key facts. The plaintiff worked primarily out of her home office using company-issued laptops. She sent and received electronic communications from her lawyer relating to an EEOC complaint on these computers, but did it through her own private AOL account, rather than the company's e-mail system. She also deleted the communications when she returned the laptops to her employer. Two years later, when the company used a forensic consultant to restore and retrieve some of the deleted communications, the employee claimed privilege and demanded that the communications be returned. The company, citing the e-mail policy, said that she had no expectation of privacy in her use of the company computer and that any privilege was waived.
The court disagreed and specifically noted the above facts. This is a very narrow decision, particularly because of the generally special nature that attorney-client communications have with judges. The court also noted that the company had not regularly enforced its privacy policy (although how one "enforces" a privacy policy if not by occasionally looking at someone's computer is another matter) and that this "failure" had created a false sense of security among company employees that, in fact, their privacy would be protected.
This is an unusual case, and I don't see it as much of a trendsetter. Nevertheless, companies may want to occasionally run random checks on random computers in their network (and publicize that fact) to make sure everyone knows that the policy is to be taken seriously.