On August 4, 2011, the American Bar Association (the “ABA”) issued Formal Opinion 11-459 (the “Opinion”), stating that lawyers have a duty to warn their clients not to use a workplace computer, network, or device to communicate with their personal lawyer. Lawyers must explain that, in using an employer’s computer or devise, there is a significant risk that a third party may gain access to the client’s communications, thereby jeopardizing their confidentiality. The ABA provided the following hypothetical as an example of when this duty applies:
An employee has a computer assigned for her exclusive use in the course of her employment. The company’s written internal policy provides that the company has a right of access to all employees’ computers and e-mail files, including those relating to employees’ personal matters. Notwithstanding this policy, employees sometimes make personal use of their computers, including for the purpose of sending personal e-mail messages from their personal or office e-mail accounts. Recently, the employee retained a lawyer to give advice about a potential claim against her employer.
The ABA based its Opinion on Model Rule 1.6(a), which requires a lawyer to refrain from revealing “information relating to the representation of a client unless the client gives informed consent.” Moreover, a lawyer is obligated to act competently to protect the confidentiality of client information. The comments to Rule 1.6 direct that, when transmitting communications to a client, a lawyer must (1) safeguard information relating to a client representation against inadvertent or unauthorized disclosure by the lawyer; and (2) take reasonable precautions to prevent information from coming into the hands of unintended recipients. See Rule 1.6, cmts. 16, 17.
The Opinion is not surprising, given recent case law regarding the confidentiality of an employee’s personal documents and e-mails stored on a company computer or sent through a company’s network. In general, documents or e-mails created on, or sent through, a company computer may be confidential and/or privileged if the employee possesses a subjective expectation of confidentiality that a court finds objectively reasonable. As we earlier have written, the judicial inquiry as to whether such documents and communications should be confidential is extremely fact-intensive and often produces differing results based upon similar sets of facts. See “Whose E-Mail Is It Anyway? It Depends...,” For the Defense (Feb. 2010). The ABA acknowledged this uncertainty, citing to recent decisions from New Jersey, Massachusetts, California, and New York. The Opinion directs lawyers to advise their clients about the importance of communicating with the lawyer in a manner that protects the confidentiality of e-mail communications. The ABA likened this responsibility to that of avoiding speaking face-to-face with a client about the substance of a case when others can overhear the conversation. The Opinion also notes that attorneys should assume that an employer’s e-mail policy allows it unfettered access to employee e-mail on a workplace device or system.
To that end, a lawyer should, “as soon as practicable” after being retained, instruct the employee-client not to use her workplace e-mail to communicate with the lawyer. This obligation arises once the lawyer “has reason to believe that there is a significant risk that the client will conduct e-mail communications with the lawyer using a workplace computer or other business device or via the employer’s e-mail account.” The ABA makes clear that, whenever a lawyer communicates with a client via e-mail, she must consider the risks associated with a third-party’s gaining access to those communications, caution the client about this risk, and instruct the client on how to minimize the risk.