By Cameron G. Shilling (originally published 5/27/2011)
“A lawyer sending or receiving substantive communications with a client via email or other electronic means must warn the client … [if] there is a significant risk that a third party may gain access. In the context of representing an employee, this obligation arises, at the very least, when the lawyer knows or reasonably should know that the client is likely to send or receive substantive client-lawyer communications via e-mail or other electronic means, using a business device or system [owned by the employer].”
Before the ABA opinion, some courts and attorneys distinguished between communications with clients via employer-owned email accounts, and communications via personal webmail accounts (such as Gmail, Yahoo!, MSN, AOL, etc.) using an employer-owned device. For example, courts in Massachusetts and New Jersey had recognized that the webmail communications do not necessarily loose privilege just because the employer can recover them from the residual (or deleted) data on the electronic device.
No matter the technicalities, the moral of the story is clear. If you are an attorney advising an employee-client, you should instruct your client not to send you email from a company account, not to text you using a company cell phone, and not to send you instant messages or otherwise communicate with you using an employer-owned device, but instead to use a personal email account on a personal device, or to text you using a personal cell phone. According to the ABA, your obligation to do so ordinarily will arise “as soon as practicable after a client-lawyer relationship is estsablished.”
If you are an employer, you should adopt a comprehensive information use policy advising employees that (1) electronic data accessed or maintained on company-owned devices is the property of the company, (2) employees should not and cannot expect that such data is or will be private, and (3) the company can and periodically does review and monitor data accessed or maintained on company-owned devices. Here is the first page, with some standard language, for such a comprehensive information use policy.