One of the cornerstones of the attorney-client relationship is confidentiality. While most lawyers take the confidentiality of their clients seriously, modern technology and methods of practice may create a situation in which lawyers may inadvertently breach the duty of confidentiality, or clients may inadvertently compromise privilege by unknowingly giving access to communications to a third party. One of the biggest areas of concerns is with email.
The American Bar Association Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 11-459 in August 2011, which discussed a lawyer’s duty to protect the confidentiality of electronic communications with clients. The opinion is one which should be familiar to most lawyers, but unfortunately, based on my experience, it is not.
Briefly, the opinion warns that all lawyers should be having a frank discussion with their clients about the confidentiality of email and the attorney-client privilege. Risks arise where clients are using an email address or a device owned and/or controlled by their employer, in which their employer might have access to their email and an ability to read their email messages (including messages from a 'personal' email account used on a business device). Many employers have a policy with regard to email and/or device use which allows the employer access. In these circumstances, there is significant risk of a breach of confidentiality or an erosion of the attorney-client privilege.
Similary, where a client uses a home computer than can be accessed by third parties (such as a spouse, children or other family members), or a 'public' computer than can be accessed by others, the lawyer has a duty to warn the client of the potential risks and instruct the client accordingly. Additional concerns may arise when using public or unsecured wi-fi. Lawyers should also consider the use of encryption, or in some cases to cease sending email messages to clients completely if clients do not heed the lawyer's warnings.
Last week, news of a brief filed in June on behalf of Google supporting a motion to dismiss a class action lawsuit claiming that Google's data-mining of email messages through Google mail was a violation of privacy hit the airwaves. The Google brief cites a Supreme Court decision from 1979 (long before email became the communication medium of choice among lawyers) that users of web-based email should understand that the messages are being processed by the email provider, and therefore, that there is no expectation of privacy, since the messages were essentially being 'turned over to third parties.'
Google uses electronic scanning of messages sent to its Gmail service to both filter spam and to send targeted advertising messages, but claims no human is reading those messages. Clearly, Google is not the only mail service to scan email messages to identify and filter spam messages, but what level of scanning and filtering is acceptable?
There has been much discussion over the past week about privacy concerns with email scanning, but what about client confidentiality and attorney-client privilege? Does electronic scanning of messages breach confidentiality? Should lawyers discontinue their own use of Google's mail service (or any other mail service that scans messages) and/or advise their clients to do so?
While regular users of email services can certainly consent to allow Google (or any other email provider) to scan their messages, is this an acceptable practice for attorney-client communications, where lawyers have an obligation to ensure that these communications remain confidential?