Email Confidentiality: The Elephant in the Room
Just a decade ago, e-mail was a questionable means for an attorney to communicate with his/her client. But e-mail is so basic and important today in the everyday aspect of the attorney-client relationship that things have changed. This article addresses the recent ABA Opinion regarding the Duty to Protect the Confidentiality of Email Communications with One’s Client.
As the technology involved in electronic submission has become better understood and as the law concerning telecommunications has developed, the prevalent view is that electronic communication is in most instances an acceptable form of conveying client confidences even where the lawyer does not obtain specific client consent. However, confidentiality concerns still exist with electronic client communications.
On August 4, 2011, the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 11-459 Duty to Protect the Confidentiality of Email Communications with One’s Client. This Opinion provides an overview of a lawyer’s duty to inform the client of risks associated with electronic communications with the lawyer. The Committee poses the question, “when the lawyer knows or reasonably should know that the employee may use a workplace device or system to communicate with the lawyer, does the lawyer have an ethical duty to warn the employee about the risks this practice entails,” and answers it in the affirmative. The Opinion addresses when this ethical duty arises and what steps a lawyer must take to prevent access by third parties from occurring. A caution may be appropriate to the practitioner however. There are some who believe that in many if not most cases, even if it may be ethical to engage in electronic communications, it may not be advisable to do so. I refer the reader back to my article which appeared in the Bar Bulletin earlier this year. In that article, I addressed the various pitfalls and dangers of the electronic data and internet age. Essentially, in order to maintain absolute confidentiality the only fail-safe technique, if any, is to avoid placing the information on a computer or on an electronic device at all.II. OVERVIEW OF FORMAL OPINION 11-459
a. When Does the Duty Arise?
Email communications by lawyers with clients are governed by the ethical obligation to protect confidential client information pursuant to Model Rule 1.6, which requires a lawyer to refrain from revealing “information relating to the representation of a client unless the client gives informed consent.” The ethical duty arises when a lawyer is sending or receiving substantive communications with a client by electronic means and when there is a significant risk that a third party may gain access to the communications. The lawyer must know, or reasonably should know, that the client is likely to send or receive substantive client-lawyer communications via electronic means in order for the duty to arise. Significant risk can arise in various situations, but the Opinion focuses on the context of an employment case, as employers often have policies reserving rights of access to employees’ workplace computers, regardless of whether the communications are from a work or personal e-mail account. 
b. What does the duty entail?
The Opinion provides limited instruction on the efforts a lawyer should take to protect the client confidences from exposure to a third party. A lawyer should advise the employee-client about the importance of communicating with the lawyer in a manner that protects the confidentiality of e-mail communications. Specifically, as soon as the attorney-client relationship is established, a lawyer should instruct the employee-client to avoid using a workplace computer or other device for substantive communications, and perhaps for any attorney-client email communications. This admonition applies both to the client’s use of a personal e-mail account on a workplace computer, and to the lawyer’s refraining from sending e-mails to the client’s workplace. Given that the risks of a third party gaining access to attorney-client e-mail communications vary with every client, a lawyer must take reasonable care to protect the confidentiality of the communications by giving appropriately tailored advice to the client. 
III. IS THE ATTORNEY-CLIENT PRIVILEGE WAIVED WHEN EMAILS ARE SENT OR RECEIVED ON WORKPLACE COMPUTERS
It is well settled that oral communications made in the presence of a third party (not an agent of the attorney or client) are not privileged. The question remains: in the electronic age, does the employer's computer system serve as the third party that eliminates the privilege?
Formal Opinion 11-459 does not address whether, and in what circumstances, an employee’s communications with his or her attorney made from the employee’s workplace device, are protected by the attorney-client privilege. Unlike Rule 1.6, which is an ethical rule, the attorney-client privilege operates as a rule of evidence to prevent the disclosure of a confidential communication made by a client to his attorney for the purpose of obtaining legal advice.  Courts have reached varying conclusions about whether an employee’s attorney-client communications utilizing a workplace computer are privileged. Several jurisdictions have held that the attorney-client privilege applied to e-mails with counsel using a personal e-mail account accessed on a workplace computer or when the evidence was clear that an employer did not notify employees of a policy barring personal e-mail use. Other jurisdictions reach a different result. In Holmes v. Petrovic Development Co., LLC, the court held that e-mails sent via a company computer were comparable to consulting with her lawyer in her employer's conference room, in a loud voice, with the door open, so that any reasonable person would expect that their discussion of her complaints about her employer would be overheard by him. 
Maryland courts have not ruled on whether the attorney-client privilege applies to e-mails with counsel from a workplace computer. Prudent lawyers representing an employee against his/her employer should be aware of the factors that courts have looked at in deciding whether the attorney-client privilege remains for electronic communications through the employer’s network; whether the employer has a policy in place prohibiting employees from using workplace computers for personal e-mails, and whether the employer notified its employees that it would monitor its computers.  There are steps that can be taken to avoid being the first attorney in Maryland that has to litigate this issue. As a preliminary matter, in any case where the client’s employer is or may be involved, best practices include not sending emails to the client’s work email address and advising the client - from the start - not to use his or her workplace computer to send emails. An attorney can protect him or herself by including a disclaimer in the bottom of every email. In fact, this simple disclaimer can protect from various other potential issues, such as inadvertently sent emails. Lastly, including a disclaimer in the Retainer Agreement informs clients from the start that email communications could be discovered. A best practice that a prudent practitioner should follow would be to place cautionary language within the initial retainer agreement. This would provide the practitioner with documented and express informed consent by the Client. IV. CONCLUSION
In Maryland it is not clear yet whether emails sent or received on an employer’s computer or through work email are protected by the attorney-client privilege. Given the ABA’s recent Ethics Opinion, an attorney has a minimum duty to inform the client of potential pitfalls of using workplace email and computers to communicate. It is likely that simple precautions, such as disclaimers and warnings are sufficient for protecting the attorney from failure-to-warn claims. The best method for protecting the attorney-client privilege, however, may be by doing what is becoming more and more uncommon: holding face-to-face meetings without a third-party present.
 In the 1990’s, several states rendered ethics opinions relative to e-mail and the concerns over confidentiality. For instance, Iowa and South Carolina insisted that e-mail cannot be used unless special precautions are taken to prevent its interception or client consent obtained. See Iowa Ethics Opinion96-1 1996; South Carolina Ethics Opinion 94-27 (1995). North Carolina has insisted that the same precautions be observed for e-mail communications. North Carolina Ethics Opinion 215 (1995).
 D.C. Bar Op. 281 (1998). Numerous other State Bar’s endorsed e-mail as an acceptable means to communicate with clients while still protecting client confidences. See e.g., Alaska Bar Ass'n Op. 98-2 (1998); Ky. Bar Ass'n Ethics Comm. Advisory Op. E-403 (1998); New York State Bar Ass'n Comm. on Professional Ethics Op. 709 (1998).
 Third parties may have access to attorney-client e-mails when the client receives or sends e-mails via a public computer or when the client uses a computer available to others, such as in a matrimonial dispute when the home computer is used.
 Of note is Comment  of the Maryland Rules of Professional conduct which states, “When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this Rule.”
 Newman v. State, 384 Md. at 302, 863 A.2d at 330 (2004.)
 See Stengart v. Loving Care Agency, Inc. , 990 A.2d 650,653 (N.J. 2010); TransOcean Capital, Inc. v. Fortin, No. 05-0955-BLS2, 2006 WL 3246401 (Mass. Super. Oct. 20, 2006).
 Holmes v. Petrovic Development Co., LLC , 191 Cal.App.4th 1047 (2011) (This is so because Holmes used a computer of defendant company to send the e-mails even though (1) she had been told of the company's policy that its computers were to be used only for company business and that employees were prohibited from using them to send or receive personal e-mail, (2) she had been warned that the company would monitor its computers for compliance with this company policy and thus might "inspect all files and messages . . . at any time," and (3) she had been explicitly advised that employees using company computers to create or maintain personal information or messages "have no right of privacy with respect to that information or message.").
 Id. The four-factor test applied in a decision of the Bankruptcy Court in New York City, In re Asia Global Crossing Ltd., assesses the reasonableness of an employee's privacy expectation: (1) Does the company maintain a policy that bans personal or other objectionable use of its e-mail system? (2) Does the company monitor the use of the employee's computer or e-mail? (3) Do third parties have a right of access to the computer or e-mails? (4) Did the company notify the employee or was the employee aware of the use and monitoring policies? 322 B.R. 247 (Bankr. S.D.N.Y. 2005).
 Recommended Language: You agree that we may communicate with each other through email. Please understand that all of our communications are privileged and confidential, so long as they are not disclosed to anyone else. That is, the Firm, including individual attorneys, cannot be compelled, except under rare circumstances, to disclose information the Clients have shared with the Firm’s attorneys and advice given to it. To like effect the Clients cannot be compelled to reveal the attorney’s advice either. For obvious reasons, that is a desired result because it is intended to give a client comfort in sharing all information with the Firm and its attorneys and that enables us to give advice tailored to the client’s situation. Please understand that sharing any of our advice with anyone serves to jeopardize the attorney client privilege of confidentiality. This is especially true with regard to comments made on the internet, particularly with any social networking site, such as Facebook or Twitter. Please be advised that you should use caution in using a business email account or using a personal email account on a workplace computer or device, at least for substantive emails with counsel, since your employer may be able to access such communications, and such emails may not be privileged and confidential.