Recent conversations on the Association of Corporate Counsel message boards have considered whether there is any value in appending to emails an automated notice to the effect that the contents may be confidential or privileged. Law firms typically include those notices at the bottom of emails. Here’s a typical example:
This electronic message is confidential and is intended only for the use of the individual to whom it is addressed. The information may also be legally privileged. This transmission is sent in trust, for the sole purpose of delivery to the intended recipient. If you have received this transmission in error, you are hereby notified that any use, dissemination, distribution or reproduction of this transmission is strictly prohibited. If you are not the intended recipient, please immediately notify the sender and delete the message from your system.
Adding email boilerplate confidentiality notices does absolutely nothing to protect confidentiality of the email message content and attachments. Email is very often misaddressed. The unintended recipient will not be bound by a boilerplate confidentiality notice. Moreover, even if it is correctly addressed, email is inherently insecure. There are many, many examples of email being maliciously intercepted or accessed by unauthorized persons. Hackers who intercept email are not going to respect a confidentiality notice.
For emails from a law firm or legal department, new ABA ethics guidelines state that attorneys must proactively take steps to protect the confidentiality of client information. Model Rule 1.06(c) says ”A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” [My emphasis] A boilerplate notice does nothing to prevent unauthorized disclosure or access of email. Even if attorney-client privilege is not lost due to an inadvertent disclosure of an email, client confidentiality is breached. See my blog post on that topic.
If you want to keep an email confidential, encrypt it.
Originally posted September 20. 2012 on the ZixCorp blog