For most employees, employers, and attorneys, the line between personal electronic communications and business communications has blurred due to the convenience of portable devices and telecommuting. Employees routinely access their personal e-mail accounts over the employer’s computer network, and often commingle personal and work-related e-mails in these accounts. In addition, given the ease of communication, employees will often communicate with their private attorneys in the same manner (i.e. over the employer’s computer network). Given the existence of employee communications policies, many of which provide that an employee has no expectation of privacy in any communications made over the employer’s network, serious questions have arisen as to whether such communications between an employee and his attorney remain private, and whether an attorney has a duty to warn his client about the dangers of communicating over an employer’s network.
On August 4, 2011, the American Bar Association’s Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 11-459, discussing the duty of attorneys to protect the confidentiality of e-mail communications with their clients. The opinion warns that confidentiality of e-mail communications made over an employer’s network may be jeopardized in certain situations, as employers often reserve the right to access communications made over the employer’s network, and third parties may be able to subpoena such communications from the employer.
The ABA opinion notes that a lawyer sending or receiving substantive communications with a client via e-mail or other electronic means “must warn the client about the risk of sending and receiving electronic communications using a computer or other device, or e-mail account, where there is a significant risk that a third party may gain access.” This obligation arises, at the very least, “when the lawyer knows, or reasonably should know that the client is likely to send or receive substantive client-lawyer communication via e-mail or other electronic means, using a business device or system under circumstances where there is a significant risk these communications will be read by the employer or another third party.”
In terms of guidance to attorneys, the ABA opinion notes that as a general rule, a lawyer must assess “whether there is a significant risk that the client will use a business e-mail address for personal communications or whether the employee’s position entails using an employer’s device.” Based on these considerations, attorneys should take measures to protect the privacy of attorney-client communications, including, among other things: (1) refraining from sending e-mails to the client’s work e-mail address; (2) cautioning the client against using a business e-mail account to send such communications or accessing personal e-mail accounts using a workplace computer; and (3) ceasing to send e-mail messages to personal e-mail accounts if the attorney finds that the employee is accessing such e-mails over the employer’s network.
All told, the ABA is simply recognizing the lack of privacy that exists in the workplace, and cautioning attorneys to inform clients of the dangers of communicating in a manner that may vitiate the attorneyclient privilege. It is up to the lawyer to determine what constitutes “reasonable care” to protect the confidentiality of communications with clients, but the safer course is to be proactive and to caution clients that e-mail communications are not always private.