This article is reprinted with permission from The Pennsylvania Bar News.
Jeffrey P. Lewis is a member in the Philadelphia office of the Pittsburgh-based law firm of Eckert Seamans Cherin & Mellott, LLC. He serves on the PBA Professional Liability Committee. He can be reached at 215.851.8437, and by email at email@example.com.
By: Jeffrey Lewis
In this day and age, counsel and client routinely communicate with each other electronically, whether by e-mails or text messaging using computers, smartphones, and tablet devices. This author has written in this space in the past concerning instances where the attorney/client privilege is compromised because clients arguably had not taken reasonable steps to protect their privileged communications from access by third parties. A common example involves instances where clients and their lawyers communicate with each other using the e-mail account of the client’s employer. The case law is evolving in this area so that it is not clear in each instance whether the client has utilized sufficient protection, such as using a password protected personal account on the employer’s computer, to avoid a finding of waiver of the privilege. But it’s not just the issue of whether the employer can gain access to such communication and use it, for example, against the employee in an employment dispute. If sufficient protection has not been employed, such communications would also be subject to access by a third party by subpoena. Moreover, this issue is not limited to instances involving an employer’s computer; waiver can be found where the client has utilize someone else’s computer to communicate with counsel, whether via a library, hotel, or borrowed computer, or even a computer at home where other members of the family have access. In many instances, the potential for, and consequences of, waiver are not appreciated by the client.
The issue of waiver in this context was addressed in Parnes v. Parnes, 915 N.Y.S.2d 345 (Sup. Ct. App. Div. 1011), a case reported on earlier this year in this space, wherein the wife in a domestic dispute had found husband’s password to his personal password protected account on a piece of paper on his desk and used it to gain access to e-mails between him and his counsel. In that instance, although the court found that husband had been careless to leave his password lying about in a house he shared with his wife, he still had a reasonable expectation of privacy and, therefore, had not waived the privilege.
All of the foregoing raises the question: what duty does a lawyer have to advise a client not to engage in any conduct that could result in waiver of the attorney/client privilege for failure to sufficiently secure electronic communication of substantive discussions? The ABA Standing Committee On Ethics And Professional Responsibility recently issued Formal Opinion 11-459, entitled “Duty to Protect the Confidentiality of E-mail Communications with One’s Client.” The opinion is based upon the ABA Model Rules of Professional Conduct, which are not substantially different from Pennsylvania’s version of the Rules of Professional Conduct. Notwithstanding that the preamble of both version of the Rules, and case law, support the proposition that a violation of these Rules does not provide a basis for civil liability, the ABA Committee opinion is a suggestion of where case law may lead with respect to such a duty to warn.
In this committee’s view, “[a] lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, where there is a significant risk that a third party may gain access. In the context of representing an employee, this obligation arises, at the very least, when the lawyer knows or reasonably should know that the client is likely to send or receive substantive client-lawyer communications via e-mail or other electronic means, using a business device or system under circumstances where there is a significant risk that the communications will be read by the employer or another third party.”
The opinion cites several considerations when determining the existence of “a significant risk” of access by a third party. These include: 1) whether client had either utilized or indicated an intention to utilize electronic communication with counsel; 2) whether client has access to a workplace device or system; 3) whether the client’s employer or a third party has the means to access the client’s electronic communications; and “4) that, as far as the lawyer knows, the employer’s internal policy and the jurisdiction’s laws do not clearly protect the privacy of the employee’s personal e-mail communications via a business device or system.” In the opinion’s view, a lawyer need not assume that an employer has an internal policy to grant it access to the employee’s e-mails sent or received on a workplace device or system “(u)nless a lawyer has reason to believe otherwise…”
Once the lawyer believes, based upon the foregoing criteria, that there is a risk of compromise of the attorney-client privilege by third party access to electronic communication, the opinion provides that the lawyer should take protective measures. These would include cautioning the client not to communicate with counsel under circumstances where an employer or other third party may have access, such as “a business e-mail account or using a personal e-mail account on a workplace computer or device at least for substantive e-mails with counsel.” Protective measure would also include the lawyer refraining from sending electronic communications “to the client’s workplace, as distinct from personal, e-mail address.”
From the standpoint of potential professional liability, this opinion demonstrates that counsel must exercise vigilance to inform clients of the need to exercise care in the electronic means used to communicate. Moreover, counsel should exercise the same vigilance in communicating with clients.