Duty to Protect the Confidentiality of E-Mail Communications with One's Client
In August, the ABA Standing Committee on Ethics and Professional Responsibility issued a new ethics opinion, Formal Opinion 11-459 “Duty to Protect the Confidentiality of E-mail Communications with One’s Client”. In short the opinion places an obligation on the attorney to “ warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, where there is a significant risk that a third party may gain access.”
The scenario envisioned by the opinion is when the attorney suspects his client is communicating confidential information with him via email on the clients employers system, where the employer has a keystroke logging or some other monitoring software that might enable the employer to access the privileged information. As noted in Footnote 7 “…if the lawyer becomes aware that a client is receiving personal e-mail on a workplace computer or other device owned or controlled by the employer, then a duty arises to caution the client not to do so, and if that caution is not heeded, to cease sending messages even to personal e-mail addresses. ”
The opinion is not limited to employment, and reads in part “… the employment scenario is not the only one in which attorney-client electronic communications may be accessed by third parties. A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, to which a third party may gain access.”
Other situations that might apply include unsecured hot spots (i.e., Starbucks), public access computer kiosks (airports), infected personal computers (malware), cloud applications and a variety of mobile devices (Blackberries, smart phones & I-pads).
For in-house counsel this opinion creates an obligation to counsel corporate clients about the appropriate methods of transmission of privileged or confidential information, and ways to protect that privilege. A review of your company security and/or email standards might be in order to reflect compliance with good practices when using electronic devices.
Ultimately what this opinion requires is thoughtful communication with a client, early in the engagement process about the risks involved with electronic communications and some methods available to protect that privilege. Of course communication with ones clients is always a good idea. A disclaimer at the bottom of your emails just won’t cut it.
ABA Model Rules of Professional Conduct, Rule 1.6 Confidentiality of Information
New Jersey Rules of Professional Conduct, RPC 1.6 Confidentiality of Information
International Legal Technology Standards Organization “ILTSO” 2011 Guidelines for Legal Professionals