When Can Electronic Communications Compromise Attorney-Client Privilege?

The American Bar Association and the Duty of Confidentiality Rule 1.6 of the Model Rules of Professional Conduct, applicable in California and throughout the US, obligates attorneys to keep client information confidential and not to reveal details about representation to anyone without a client's consent. Not only do attorneys have to refrain from sharing client information, but Rule 1.1 (which addresses attorney competence) also requires that they must act competently to safeguard confidential and privileged information, thereby preventing personally injurious consequences for the client.

Potential for Danger with E-Mail

Based on these longstanding professional rules, the American Bar Association's Standing Committee on Ethics and Professional Responsibility issued a formal opinion (11-459) in August 2011 mandating that attorneys warn clients about the dangers of email interception in certain situations. While ABA Op-99-413 makes clear that sending information via unencrypted email is acceptable for attorneys because there is a reasonable expectation of privacy, this new opinion drives home the point that a reasonable expectation of privacy does not exist in all emailing situations.

Using a Work Computer Can Invite a Third-Party

To address situations where no reasonable expectation of privacy exists, the new ABA ethics opinion mandates that attorneys should warn clients both of sending and receiving substantive emails in situations where there is a danger of a third party being able to read or access the emails. In particular, attorneys must issue such warnings if they reasonably suspect the client will use a business computer to send emails. Factors used to determine if an attorney should issue warnings include whether the client has emailed the lawyer in the past, whether the attorney knows the client has access to employer-provided electronic communication tools, and whether the attorney is aware of company or state rules guaranteeing email privacy.

While attorneys can consider these factors to determine if clients should be expressly warned about the dangers of sending emails, it might be best practice for all attorneys to simply advise clients against sending emails on employer computers, public computers, or borrowed computers. This is especially true when the case is brought against a client's employer.

Employee Privacy and Employer Emails

The ABA's concern over emails sent on employer computers is a wise one, as many employers monitor employee communications. In fact, according to a 2007 Electronic Monitoring and Surveillance Survey conducted by the American Management Association, 66 percent of employers monitor employees' Internet, 16 percent listen to employee phone calls, and 43 percent monitor employee email. Of those who engage in email monitoring, 40 percent have people actually reading the emails rather than using electronic monitoring.

While it may come as a surprise to employees, employers are generally well within their rights to engage in monitoring, even without telling their employees. Although two acts were proposed to safeguard employee email rights (The Privacy for Consumers and Workers Act and the Notice of Electronic Monitoring Act), neither passed into law. Employers need only to comply with the Electronic Communications Privacy Act. This Act prohibits surveillance of communication but carves out three exceptions for employers:

  1. A provider exception allowing employers to monitor emails if they are providing the email service
  2. An "ordinary course of business" exception permitting monitoring as long as there is a legitimate interest and the monitoring is not any more intrusive than required
  3. A consent exception, permitting employers to monitor email if employees expressly agree.

Although state laws differ some, employers who do monitor emails, especially after obtaining consent, are generally permitted to use emails sent to an attorney from a work computer in litigation. California, for example, addressed this issue in Holmes v. Petrovich Development Company, LLC.

Holmes sued her employer for several personally injurious actions, including sexual harassment and discrimination. Before quitting her job, she sent emails to her attorney from her work computer. Although Holmes believed the emails should not be admissible by her employer, the trial court and court of appeals disagreed. The company had a clear email policy in place specifying that email was for work use only and that emails could be reviewed at any time. Because Holmes knew of that policy, the court held her transmittal of emails from work was a knowing disclosure of attorney-client communications and thus privilege was waived. Holmes unsuccessfully argued that the company's informal policy—which involved never actually auditing computers—contradicted the written policy and established a reasonable expectation of privacy. Although the court had accepted that argument in Quon v. Arch Wireless Operating Co., Quon was different because a supervisor had told employees their text messages would not be audited as long as overage charges were paid, thus contradicting the written policy. This was distinguishable here because no statements or actions contradicted the express written policy.

Holmes also unsuccessfully argued that she had a reasonable expectation of privacy because she had used her own email password. Again, the court rejected this argument, distinguishing Holmes from a New Jersey case Stengart v. Loving Care Agency, Inc where an employee was found to have a reasonable expectation of privacy when accessing a private, password protected, web-based email account using a company computer. In this case, Holmes did not have the same reasonable expectation because she used her company email.

While other states may have different precedent than California, in general, the law seems to suggest that if employees know their emails are being monitored, any emails sent on work computers can and will be admissible against those employees in court cases. Best practices, then, suggest refraining from all emails to attorneys from company workstations to ensure confidentiality and prevent personally injurious consequences.

Author Biography

For over 35 years, attorney James Ballidis and the staff at Allen, Flatt, Ballidis, and Leslie have been helping the victims of accidents. During this time, he has written extensively on the personal injury claims process. If you are a California resident and would like to request a free book or article, feel free to contact us.