You are here

E-Mail - More Things to Think About

Technology continues to add complexity to how lawyers must manage their practice. You would have to have been living on another planet for the past year not to have heard about the problem of using the wrong server to manage your email. By now you have hopefully reviewed your email usage and kept your client communications secure.
However, it is not only your domain that you should attend to. You probably receive email from friends, clients, potential clients, and so on, with domain names of large commercial entities such as “” or “” You also receive email with domain names such as “,” “,” or “” You probably do not pay much attention to the domain name of the sender.
Perhaps you should. The recent New York slip opinion, Matter of Peerenboom v. Marvel Entertainment LLC (31957U, Sept 30, 2016), has received some popular attention. In this case, Peerenboom (“P”) sued Q for defamation. Q was employed by Marvel and sent and received email from his work account, including emails to and from his attorney. P served a subpoena on Marvel to obtain material Marvel may have regarding the alleged defamation. Q intervened and objected on the grounds that some of the email communications were privileged.
P countered on the grounds that Q waived all privilege since he was employed by Marvel, and the Marvel employee handbook stated that “hardware, software, e-mail, voicemail, intranet and Internet access, computer files and programs–including any information you create, send, receive, download or store on Company assets–are Company property, and [it] reserve[s]s the right to monitor their use, where permitted by law to do so.”
The court engaged in a broad review of the law of privilege in New York, but the key holdings for purpose of this column are: (1) ‘[t]he use of one’s own personal home computer to communicate with an attorney on a private, unencrypted e-mail account does not vitiate the attorney-client privilege …,” and (2) “use of a proprietary e-mail system, subject to an employer’s computer usage policy such as the one adopted by Marvel, constitutes a waiver of any privilege that can otherwise be unilaterally asserted.…”
Many (if not most) employers have language similar to that of Marvel’s in their employee handbooks. In fact, many (if not most) have language when you log in that says the equivalent of “everything on this computer system is ours, none of it is yours.”
So what is the lawyer to do? The first thing is to pay attention to the client’s e-mail domain name. A clear warning sign is if it is “”, especially if the client is emailing about a work related issue. Even “” could be a significant issue, depending on the facts. However, in any case it would be wise to ask the client whose email account he or she is using, and what service or server is being used. Be sure that the client is using a personal account and not one that is owned or controlled by a third party.
As a footnote to this column, nothing you put on a server connected to the Internet or in the cloud is reliably secure. Earlier in the digital era, this column suggested that anything that was really confidential should be kept on paper in a locked file. Developments over the past few years have only reinforced this advice.