Technology: The impact of digital age innovations on the attorney-client privilege
Unless appropriate safeguards are taken, the use of social networks, cloud computing and bring your own device policies could jeopardize enterprise privilege claims.
October 25, 2013 at 04:00 AM
5 minute read
The original version of this story was published on Law.com
Technology has certainly been a game-changer for the attorney-client relationship. In particular, digital age innovations have facilitated communication between companies and their counsel. While messaging was previously limited to traditional options such as telephone calls, paper letters and facsimiles, lawyers and clients now enjoy an abundance of media to instantaneously exchange information. In addition, the methods for doing so have also expanded, with smartphones and tablet computers replacing desktop computers and other antiquated tools. And with the proliferation of cloud computing, both client and counsel essentially have an unlimited virtual warehouse in which to store their digital discussions.
Yet these same technological innovations also present a myriad of complications for the attorney-client privilege. As both a procedural rule and an evidentiary hurdle that exclude relevant information from legal proceedings, strong policy reasons have traditionally mandated that the privilege be narrowly construed. That limited scope of protection continues to shrink as technologies provide unexpected transparency into the zone of confidential exchanges between clients and lawyers. Unless appropriate safeguards are taken, the use of social networks, cloud computing and bring your own device (BYOD) policies could jeopardize enterprise privilege claims.
Technological challenges for the privilege
For example, third party access to discussions on social networking sites between in-house counsel and corporate employees could destroy the element of confidentiality required for a justiciable privilege claim. This is because information exchanged on social networks could be accessed and monitored by site representatives under the governing terms of service. While those terms typically provide privacy settings that would allow corporate employees to limit the extent to which information may be disseminated, they also notify those same users that site representatives may access their communications. Though the justification for such access varies from site to site, the terms generally delineate the lack of confidentiality associated with user communications. This includes ostensibly private communications sent through the direct messaging features available on social networks like LinkedIn, Twitter and Facebook.
In like manner, providers of cloud computing services often have access and monitoring rights to a company's privileged communications that are stored in the provider's cloud. Memorialized in service level agreements, those rights may allow provider representatives to access, review or even block transmissions of company data to and from the cloud. Just like social networking sites, provider access could destroy the confidentiality required to maintain the privileged status of communications with counsel.
BYOD also presents a difficult challenge for preserving the privileged character of communications with counsel. This is due to the lack of corporate control that BYOD has introduced into a company's information ecosystem. Unless appropriate safeguards are deployed, employees may unwittingly disclose proprietary information to third parties by using personal cloud storage providers for storage or transmission of company data. In addition, family, friends or even strangers who have access to the employee device could retrieve such information. Indeed, it is not difficult to envision how a roommate, a teenage child or even a stranger could take, text or tweet company information. Such third party access could destroy the confidentiality of any privileged messages found on the device.
Best practices for preserving the privilege
Confronted with these factors, the question becomes what steps a company can take to preserve the confidentiality of its ostensibly privileged communications. On the social media front, a company could prohibit counsel from using social networks for business communications. While such a policy could theoretically address the issue, it would likely be difficult to enforce. In addition, it may prove unpopular given that many employees (including lawyers) prefer communicating over social networks.
Alternatively, the company could deploy an on-site social network environment that would provide a secure ecosystem for its employees to communicate with in-house counsel about internal corporate matters. Conceptually similar to private clouds that house data behind the company firewall, an on-site network could be jointly developed with a third party provider to ensure specific levels of confidentiality. For example, the company could create specific forums or groups with limited membership for addressing legal matters or alternatively permit direct messaging with counsel. Under either of these scenarios, employees would have the benefit of using a social network while the company could eliminate site representative access to those communications.
For the enterprise that is considering cloud computing for its ESI storage needs, it should require a cloud service provider to offer measures to preserve the confidentiality of privileged messages. That may include specific confidentiality terms or a separate confidentiality agreement. In addition, the provider should probably have certain encryption functionality to better preserve confidentiality. Such functionality – a secure sockets layer connection, password hashing, encryption key storage – are all designed to prevent unauthorized access by the provider's employees (or other third parties) to company data that is transmitted to and hosted in the cloud.
To address the confidentiality problems associated with BYOD, a company should prepare a cogent policy and deploy technologies that facilitate employee compliance. Such a policy would discourage workers from using personal cloud storage providers to facilitate data transfers or for ESI storage. It would also delineate the parameters of access to employee devices by the employee's family, friends, or others. To make such a policy more effective, employers would need to provide a secure portal to ensure that data transmissions between employee devices and employer databases remain confidential. To address the other third party access issue, software could be downloaded on to an employee's personal device to segregate and encrypt employer information from personal data. Such a measure would undoubtedly help prevent employee family or friends from accessing privileged content.
By developing reasonable policies, training employees, and deploying effective, enabling technologies, organizations can better prevent unauthorized disclosures of privileged information. Only by taking such professionally recognized best practices can companies hope to shield their privileged information from the prying eyes of third parties in the digital age.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All'Serious Disruptions'?: Federal Courts Brace for Government Shutdown Threat
3 minute readLegal Departments Gripe About Outside Counsel but Rarely Talk to Them
4 minute readGC With Deep GM Experience Takes Legal Reins of Power Management Giant
2 minute readPreparing for 2025: Anticipated Policy Changes Affecting U.S. Businesses Under the Trump Administration
Trending Stories
- 1Call for Nominations: Elite Trial Lawyers 2025
- 2Senate Judiciary Dems Release Report on Supreme Court Ethics
- 3Senate Confirms Last 2 of Biden's California Judicial Nominees
- 4Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
- 5Tom Girardi to Surrender to Federal Authorities on Jan. 7
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250