By Russ Garrett
The attorney-client privilege is one of the most important functions in using a lawyer. The privilege prevents discovery, in most cases, of conversations between clients and their lawyers. As long as the conversation was intended to be private and is not in furtherance of a crime (and a few other rules) the conversation remains free from discovery and the lawyer cannot disclose the discussions they have had with their client. There are a few exceptions but generally this privilege also includes written communications such as letters, e-mails, and text messages.
With so much more attorney-client communication taking place via e-mail or text message, and cloud computing services being used to share documents, inadvertent disclosure of privileged or confidential information is easier than ever if you aren’t careful. With the simple click of a button, the attorney and/or client can inadvertently waive their privilege. This can apply even where the disclosure was by mistake.
Here are a few tips to help mitigate mistaken disclosure risks. The following tips, while not comprehensive, can help start a companywide conversation about how to avoid unintended disclosure of privileged information, or at least can underscore for your employees that as information gets easier to share, it also gets harder to protect.
1. Know and limit who you are sending confidential communications to.
When communicating with your counsel’s office, send only to the lawyer and/or paralegal with whom you are working, and include only those within your company who are absolutely necessary. Do not copy third parties on e-mails to your attorney if you want to keep the communication confidential, as an inadvertent “reply all” e-mail can be more than just embarrassing. Even better, when communicating with your attorney, start a new e-mail chain by forwarding instead of replying, so you can define the recipients. This is particularly true if your lawyer includes you on an e-mail to either the opposing party or opposing counsel.
The auto fill feature on some e-mail programs might save you time, but it can also inadvertently waive privilege. E-mail addresses can be auto filled quickly with the same first name, or similar names, and accidentally sent to the wrong person in the quick second it takes to press “send.” It is very important to take a moment to make sure your recipient list is correct before your e-mail is sent. You may want to consider disabling the auto fill feature in your company e-mail program.
2. Keep your personal/social life and work life separate.
Forbid employees from using their personal e-mail address for work or their work e-mail for personal communications. And they should never use a public computer for sending privileged or confidential information. Make sure employees know to keep privileged work information off of social media. This seems like a no-brainer, but it happens. There are certain forums that are so casual one can be lulled into forgetting about the need to protect information.
Metadata is “data about data” that is invisible on the face of a document, but recoverable. For example, metadata can reveal who wrote a document, when it was created, and most importantly, what revisions to the document were made and who made them. This can be valuable to another attorney or opposing party because it shows the entire process including deleted content and comments by or to counsel.
Software programs exist to “scrub” metadata from documents. In Oregon and Washington, attorneys are ethically required to take reasonable care to prevent disclosure of privileged information and that includes metadata, which if disclosed would reveal confidential information to others. Clients are well advised to use a metadata scrubbing program to send documents that may have contained privileged information out to third parties. Of course, communicating with your lawyer is not an issue so long as you don’t include third parties in the communication. Your lawyer should be able to scrub and send documents to avoid disclosure of metadata.
4. Be careful with cloud computing.
Cloud-based services make document sharing easy. Cloud computing, in a nutshell, is data stored offsite, hosted by a third-party. Because lawyers must prevent others from seeing confidential client information, using these services raises questions of access and security.
In Oregon, Formal Opinion No. 2011-188 clarified that cloud computing services can be used by attorneys to store client data as long as the attorney duties of confidentiality and competence are complied with. Similarly, in Washington, Advisory Opinion 2215 provides that lawyers may use the cloud to store confidential client communications, so long as they are diligent in protecting any confidential information. Some of the best practices suggested by the Washington State Bar Association in Advisory Opinion 2215 are good ideas for any company interested in sharing privileged or confidential information in the cloud: Generally familiarize yourself with the risks and benefits of storing information in the cloud; evaluate the cloud computing service’s reputation, history, and practices; evaluate the service provider agreement to determine what measures the service takes to keep documents and information secure; ensure that access to the storage system is tightly controlled; ensure that there are reasonable measures in place for secure backup of any data maintained by the service provider; check the service provider agreement to confirm it will give prompt notice of any unauthorized access to the stored data; and confirm what methods of retrieving the stored data exist in the event the service agreement is terminated or the service provider goes out of business.
In the digital age, sharing information has become faster and more convenient than ever. This is a good thing, so long as you recognize the risks as well as the benefits, and put procedures in place to ensure the protection of privileged material. When it comes to attorney-client privilege, be careful and don’t blow it!