Using email routinely but without thinking is not just unwise but now could be unethical. Effective Jan. 1, 2017, Wisconsin adopted Comment 8 to ABA Model Rule 1.1. SCR 20:1.1, Comment 8 states: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” (emphasis added). Along the same lines, lawyers are also required to take “reasonable steps” to protect client information from inadvertent disclosure.1
Now that lawyers are officially tasked with understanding the pros and cons of technology they use, and acting reasonably to prevent accidental disclosure of client information, attentive email use is mandatory, not optional. Plus, sending fewer emails and limiting the time frame during which you send and respond (that is, not 24/7) is likely to increase your productivity and decrease your stress.2 By adopting mindful email techniques, you’ll be better equipped to talk with your clients about their email use – where email is stored, how it’s maintained, how long it’s preserved, and when, if ever, it’s deleted – essential questions in this age of e-discovery.
Consequences of Careless Email Approach
Continuing an automatic-pilot approach to the what, who, when, and how of email is a recipe for disaster. What we send, to whom we send it, when we use email, and how we use it are essential questions that require careful thought in order to balance benefits with risks. Cautionary examples are plentiful and expose important risks and consequences, including accidental third-party disclosure, ineffective search and retention, and excessive cost (time and money).
Inadvertent Disclosure of Confidential Emails is Foreseeable
Inadvertent disclosure via email occurs rather easily. Imagine if the last name of an opposing counsel were just one letter different from the last name of an associate in your firm (for example, Hanson and Hansen). And what if they have the same first name? When an email intended for associate Abby is accidentally sent to opposing counsel Abby, even if you retract the email immediately,3 damage may be done – including violating SCR 20: 1.6, which requires lawyers to protect client confidences and guard against accidental disclosure using “reasonable” steps.4
Email drafters rarely consider the consequences if emails intended to remain private are shared with interested parties. For example, Wisconsin limited liability companies (LLCs) may be forced to reveal certain email communications to all members, even if all members were not recipients of the original messages. Wisconsin requires that LLCs make available to members, on request, their records (for example, tax returns, financial statements, operating agreements, and member contributions) and “true and full information of all things affecting the members.”5
The Wisconsin Supreme Court determined that LLC records and information may include emails, depending on the LLC’s operating agreement.6 As a result, LLC creators are wise to consider and address this possibility when drafting operating agreements or face widespread disclosure of company emails to any and all members, should a dispute arise.
High-profile data hacks also highlight email-related risks. Sony Pictures CEO Michael Lynton sat on Snapchat’s board.7 As a result, Lynton received confidential emails concerning, for example, Snapchat’s business plan, acquisitions, and reasons for rejecting Facebook’s $3 billion purchase offer.8 When Sony’s email was hacked and Lynton’s email inbox exposed, Snapchat’s history and plans, all shared and discussed via email, were made public.9
Large law firms’ email systems have been hacked, too. Three Chinese citizens stole partners’ emails from two New York merger-advising law firms.10 The hackers were charged in Manhattan federal court for allegedly trading on information gleaned from the emails.11 Preet Bharara, then U.S. attorney in Manhattan, warned, “This case of cyber meets securities fraud should serve as a wakeup call for law firms around the world.”12
Email use involves inherent risk that confidential or sensitive communications will be revealed.13 But adopting strategies focused on using email as a digital communications tool rather than a habit will diminish the downside risk.
Emails Can Be Evidence, If You Can Find Them
Email does have intrinsic advantages: It’s a written record that is easy to draft and quick to send and receive. But, a written document is only valuable if you can find it. Email, unless properly archived and organized, is difficult to search across an entity. For example, while you can likely search for and find emails you sent or received from third-party Ellen Jones, can you locate all emails to and from third-party Ellen Jones firm-wide?
Meet Our Contributors
Why do you do what you do? What's the best advice you ever received? Share your weirdest courtroom story...
Lawyers have a lot to say. Our authors are no exception. Whether its personal, insightful, or fun, it’s always interesting.
Check out our Q&A with the author below
The U.S. Department of State’s Office of Inspector General issued a report in May 2016 titled “Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements” (the “OIG Report”).14 The OIG Report highlights the importance of implementing workable email archive and search protocols and the entity-wide consequences if you don’t.
State Department employees saved emails15 through 2008 by printing and filing them; starting in 2009 by manually preserving them using the State Messaging and Archive Retrieval Toolset (SMART) system; and starting in 2015 using an automatic archiving system (but only for 200 senior State Department officials).16 The OIG Report reached the obvious conclusion that relying on individual employees to print and file or electronically save emails is not a reliable way to preserve records.17 Furthermore, the preserved emails were not reliably searchable because printed and filed emails were not indexed and access to emails saved in SMART depended on “access controls set by the individual who originally saved the email.”18
The ability to find sent and received emails will be exponentially more difficult if employees use personal email accounts or personal computers, smartphones, or tablets for work-related email. The OIG Report recognized glitches in State Department email archiving systems and search capabilities because employees used personal email accounts and personal equipment for government business.19 Technical difficulties also prevented proper State Department recordkeeping, including corrupted files, files protected by unknown passwords, and incomplete or mislabeled files.20
Emails Have a Cost, Even Without Postage
While free to send, email is costly. Email consumes an exorbitant amount of time – 28 percent of the average worker’s workweek.21 Professor Gloria Mark, an expert on workplace behavior at the University of California-Irvine, found that on average, workers check email 74 times per day.22 The price of email is considerable – time drafting, reviewing, replying, saving, and deleting scores of messages; dollars to archive, organize, and manage gigabytes of data; and the stress of 24/7 instant communication. Reducing these costs requires decreasing the volume. Decreasing the volume requires changing habits and expectations.
Before you unconsciously draft another email, stop and ask yourself these questions:
-
Am I taking reasonable steps to prevent inadvertent disclosure of client information?23 Am I sending information or attachments protected by the attorney-client privilege or work product rule?
Alternatives: Send an encrypted email or exchange confidential information with clients using a secure client portal. Check your practice management software (for example, Clio, MyCase, RocketMatter, Amicus Attorney). You might already have client portal capability.
-
Does every recipient (including those receiving copies or blind copies) need to receive the email and all the attachments? Can my message be shorter? Did I properly describe the subject of my email – a subject that will help me find the information later? Can I send fewer or shorter attachments? Did I proofread the recipient list, email addresses, and message?
Alternatives: Copy your assistant on emails so he can electronically file them in your firm’s document management system or on your firm’s server. Send an instant message to your firm colleagues alerting them to look for the email (see below). Create a group in Outlook or Gmail of people you frequently email at the same time and keep it updated. When you email the group, you reduce the possibility of emailing the wrong person.
-
Do I need to send this email right now (for example, 11:30 p.m. or 4 a.m.)? Am I likely to have more questions or information for the same person or group later?
Alternatives: Set a firm-wide policy discouraging sending intrafirm emails before 7 a.m. or after 9 p.m. or allow people to email whenever they want but not to expect replies outside business hours. Limiting email and forcing people to use it more intelligently could make your firm more productive.24
-
Is email the best way to convey this information? If I had to pay 49 cents (the current price of a first-class stamp) to send this message to each person listed, would I? Is this message urgent? Do I need an immediate response?
Alternatives: Pick up the phone. Some news (bad, excellent, or urgent) warrants a phone call, if not an in-person meeting. Determine action steps faster when decision makers are all on the phone or in the same room rather than exchanging countless “reply all” emails. Think about using instant messaging for intrafirm communication. Apps such as Hip Chat and Slack (free or low cost) synchronize messages across devices. Using instant messaging eliminates all those “free for lunch?” emails from piling up in your firm’s server.
Flood of Email Affects E-discovery Downstream
The explosion of email as an essential communication tool has e-discovery implications for law firms and their clients. In 2002, the court in Byers v. Illinois State Police recognized email’s domino effect on the volume, complication, cost, and time for e-discovery.
“E-mails have replaced other forms of communication besides just paper-based communication. Many informal messages that were previously relayed by telephone or at the water cooler are now sent via e-mail. Additionally, computers have the ability to capture several copies (or drafts) of the same e-mail, thus multiplying the volume of documents. All of these e-mails must be scanned for both relevance and privilege. Also, unlike most paper-based discovery, archived e-mails typically lack a coherent filing system.”25
Continuing an automatic-pilot approach to the what, who, when, and how of
email is a recipe for disaster.
The Wisconsin Supreme Court knew this, too, at least implicitly, and requires counsel to tackle related issues head on before requesting electronically stored information (ESI).26 Specifically, counsels’ discussion must include the following: which issues are likely to require ESI, time needed for discovery, preservation of ESI during discovery, the form(s) in which ESI will be produced, how privilege will be asserted and preserved, and the cost of ESI. But, having an informed and productive conversation with opposing counsel requires understanding how your client uses email, suggesting a mindful approach pre-litigation.
The Who, Where, What, When, and How of Email – Questions for Clients
Understanding a client’s email procedures and complying with Wis. Stat. section 804.01(2)(e)1. require, at a minimum, a discussion of the following issues.
-
What email system is used (for example, Exchange, Outlook, Lotus Notes, GroupWise, Gmail)?
-
Who decides which emails to delete? Is email preservation mandated by company policy, and if so, how? If an employee deletes an email from her computer, is it really gone or is it archived elsewhere?
-
When and how is email deleted? Are different types of emails deleted at different times or is there a one-size-fits-all approach? How does the email deletion policy apply to emails stored on mobile devices or local drives? What happens to emails of employees when they leave the company?
-
Where are emails stored? Are email servers located on site (for example, using Microsoft Exchange) or in the cloud (for example, Gmail)? Have emails always been stored this way or were they moved from another program at some point?
-
How does (or could) the client search its email? Can advanced search strings be used (for example, Boolean connectors)?
Every business should develop a plan for preserving emails – what, whose, and when emails should be deleted – immediately, instead of waiting to do so with the hope that litigation will not occur.27 Analyzing the purposes for which clients use email and adopting a thoughtful approach will inform a preservation plan.
Learning the nitty gritty of a client’s email system will also expose e-discovery-related risks of a careless approach. For example, how would the client retain emails pursuant to a litigation hold (that is, to avoid spoliation and related sanctions)? Will responding to requests for ESI be particularly onerous because a client’s search capabilities are limited or the volume of emails extraordinary?
Conclusion
To comply with ethical obligations, Wisconsin lawyers need to understand the benefits and risks of email. Although rethinking how we approach email will involve some heavy lifting, the benefits of a mindful approach to email are significant – reducing risk of inadvertent disclosure, creating an organized and searchable record, and reducing time, energy, and cost. Moreover, if we understand our clients’ email processes and move them toward careful use before litigation, our ability to collect ESI during litigation will be easier, faster, and less expensive and with fewer surprises.
Meet Our Contributors
What would you tell your child who was thinking about going to law school?
All three of our teenage daughters have sworn off law school insisting they have no interest in anything legal, although they do tolerate some law talk at the dinner table. Were my nieces or nephews interested in law school, I have three tips.
First, practice legal writing like your career depends on it, because it does. The ability to construct and support an argument is fundamental, regardless in what substantive area you practice.
Second, ask for help – from professors, classmates, family, friends, and colleagues. Practice your moot court argument for your sisters. Ask your roommate to proofread your constitutional law paper. Ask your colleagues to edit your 20-page brief, and cut it down to the court-required 15-page maximum.
And third, keep your sense of humor, in law school and beyond.
Stephanie L. Melnick, Melnick & Melnick S.C., Mequon.
Become a contributor! Are you working on an interesting case? Have a practice tip to share? There are several ways to contribute to Wisconsin Lawyer. To discuss a topic idea, contact Managing Editor Karlé Lester at (800) 444-9404, ext. 6127, or email klester@wisbar.org. Check out our writing and submission guidelines.
Endnotes
1 SCR 20:1.6.
2 Clive Thompson, “End the Tyranny of 24/7 Email,” N.Y. Times, Aug. 24, 2014.
3 Lawyers who receive emails sent by mistake, including those that contain information protected by attorney-client privilege or the work-product rule, are obligated to notify the sender. SCR 20:4.4(b), (c). Furthermore, a lawyer who receives privileged information sent inadvertently must also “immediately” stop reviewing or using the email and must abide by the sender’s instructions regarding the email pending a court’s final ruling. SCR 20:4.4(c). (See Aviva Meridian Kaiser, “Respecting Privileged Information: Lawyers’ Obligations to Third Persons,” 90 Wis. Law. 28 (April 2017).)
4 Lawyers “shall not” reveal client-related information and must take “reasonable efforts” to protect such information from inadvertent disclosure. SCR 20:1.6. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not used, the cost of using additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (for example, by making a device or important piece of software excessively difficult to use).” Comments to SCR 20:1.6
5 Wis. Stat. § 183.0405(2), (3).
6 Kasten v. Doral Dental USA LLC, 2007 WI 76, ¶ 47, 301 Wis. 2d 598, 733 N.W.2d 300.
7 Davey Alba, “Leaked Emails from Sony Hack Reveal Snapchat’s Big Ambitions,” Wired, Dec. 17, 2014.
8 Id.
9 Id.
10 Leslie Picker, “3 Men Made Millions by Hacking Merger Lawyers, U.S. Says,” N.Y. Times, Dec. 26, 2016.
11 Id.
12 Id.
13 There are ways to minimize cybersecurity risks, separate from email practices. See, e.g., Tison H. Rhine & Aviva Meridian Kaiser, “7 Ways to Protect Your Data,” 89 Wis. Law. 39 (Oct. 2016); Celia Paulsen & Patricia Toth, “Small Business Information Security: The Fundamentals” U.S. Department of Commerce National Institute of Standards and Technology Interagency Report 7621, Nov. 2016.
14 U.S. Department of State Office of Inspector General, “Office of the Secretary: Evaluation of Email Records Management and Cybersecurity Requirements,” May 2016.
15 Email preservation is required because emails are defined as “federal records” in 36 C.F.R. § 1220.18; see also 44 U.S.C. § 3301.
16 OIG Report at 7-8.
17 Id. at 14-15.
18 Id. at 14.
19 See, e.g., id. at 19, 35.
20 Id. at 15.
21 McKinsey Global Institute (Michael Chui et al.) “The Social Economy: Unlocking Value and Productivity Through Social Technologies,” July 2012.
22 Thompson, supra note 2.
23 Id.
24 Id.
25 Byers v. Illinois State Police, No. 99 C 8105, 2002 WL 1264004, at *10 (N.D. Ill. June 3, 2002).
26 Wis. Stat. § 804.01(2)(e)1.
27 Note that employee-directed email preservation in litigation is prohibited. See, e.g., Jones v. Bremen High Sch. Dist. 228, No. 08 C 3548, 2010 WL 2106640, at *21-22 (N.D. Ill. May 25, 2010).