Experience | Technology | Exceptionalism Standardized

Ethical Obligation for Email Monitoring and Intercept

The ABA generally requires lawyers to protect confidential client information. The ABA specifically advises attorneys to safeguard client information from inadvertent or unauthorized disclosures (Rule 4.4(b)). Further, the ABA advises attorneys to take precautions to prevent client information from reaching unintended recipients. Historically, firms met their ethical requirements in this regard by adopting a Standard Operating Procedure for the filing of all client documents and communications, as well as systematic record keeping for all outgoing and incoming mail. These procedures typically followed by law firms did not change as email became the predominant mode of client communication. Unique fact patterns in the case law have popped up in recent years leading to the ABA to comment on an attorney’s ethical responsibilities in protecting their client’s confidential information sent over email.

The issue of email messages and the extent those messages should be considered confidential and privileged has been an ongoing and shifting debate. This issue is straightforward in some instances. For instance, if an attorney sends a client communication via email and inadvertently CCs the opposing counsel. Certainly this is a bone-headed mistake for an attorney to make, but it happens. The ABA Model Rules are fairly clear that the opposing counsel should notify the sender of the error and delete the email. The ethical standards for email interception and monitoring, however, are not always this clear. The American Bar Association (ABA) Standing Committee on Ethics and Professional Responsibility released two opinions to help aid attorneys in understanding their ethical responsibilities.

Both Opinions were released August 4, 2011. The first opinion (Formal Opinion 11-460) addresses the ethical duty a lawyer has upon receiving a copy of an email between a third party and the third party’s lawyer. The hypothetical presented by the ABA goes as follows:
An employee sues her employer. The employer, in turn, copies all the files on her computer in case they need these materials to defend the suit. The employer sends the materials to its outside counsel, who notices the copied materials include confidential emails between the employer and her attorney.

The ABA then poses the question of whether the outside counsel for the employer must notify the employer’s counsel that the employer has accessed this information.

This hypothetical is trickier because the information was not inadvertently sent or received. In fact, it was very intentionally copied and supplied to outside counsel by the employer. In the ABA’s Opinion, they explain that Model Rules 4.4(b) does not impose any requirement on the employer’s outside counsel to notify the employee or her counsel that the confidential attorney-client emails were received. The Opinion, however, does go so far as to say the outside counsel should consult the employer on whether to disclose the information. Furthermore, the Opinion notes that the outside counsel may have other obligations that prevent the use of that information, such as an obligation under the civil procedure rules or under the law of the jurisdiction. The Committee emphasizes, thought, that Section 4.4(b) of the Model Rules does not impose such an obligation.

The second Opinion (Formal Opinion 11-459) addresses an attorney’s ethical obligation to warn an employee about the risks of using an employer-owned device when sending confidential communications. The opinion uses the following hypothetical as a guide:
An employee has a computer exclusively assigned to her for use in her employment. The employer (presumably) allows for personal use of the computer as well. The employer’s written internal policy provides that the company has the right to access all employees’ computers and emails files, including personal emails sent from work computers. The employee has recently hired an attorney to advise her on a potential claim against her employer.

The question then posed is whether and to what extent the attorney is ethically required to notify her of potential risks of sending confidential emails from her work computer.

The ABA Committee finds this hypothetical much more defined as to the attorney’s ethical obligations. The Model Rules require a lawyer to act competently to protect the confidentiality of clients’ information (Comment 16 and Comment 17 of Rule 1.6). To do so, the Committee advises in their Opinion, an attorney should ordinarily advise the employee-client about the importance of communicating with the attorney in a manner that protects confidentiality. Specifically, the attorney should instruct the employee-client against using a workplace device for sensitive or substantive communications if the attorney knows or reasonably should know the client-employee is likely to use her work computer to send confidential emails. (The Opinion goes on to offer four specific instances when an attorney should reasonably know a client may use her work computer to send confidential emails.)
In the Committee’s Opinion, attorney’s should warn their client’s of the danger of using a work computer or work device for sending confidential emails. However, if a second attorney receives the confidential communication and the second attorney’s receipt wasn’t inadvertent, (such as in the first hypothetical above), the second attorney has no ethical obligation to notify the employee or the employee’s counsel of the receipt of the information.