In order to qualify for immunity under the right of the attorney-client privilege, communications of legal advice, including e-mail, must be made in confidence. When a company attorney meets with a board of directors composed of outside directors, thoughtful consideration should be paid to whether or not email correspondence with such directors are still confidential and thus privileged.
Many outside directors have other professional interests, and many are hired by other businesses. Often, outside directors use their employer’s email system as their primary means of contact. Will the confidential and privileged counsel-client correspondence maintain certain characteristics when forwarded by Company A counsel to an outside director hired by Company B and using Company B’s email system? That email—which is meant to be protected and confidential—is owned by another company and is subject to the actions of that other company, which may jeopardize the confidential and privileged existence of the email.
In similar cases, determining whether employees’ personal emails on the employer’s email system are protected, the courts look to the receiving party (here, the director) to decide whether communications on the employer’s email system are also privileged. When investigating the standards of privacy of the director, the court will ask: does the director’s employer have a policy about e-mail use and privacy? Will the employer of the director have procedures that require email content monitoring? What was the position of the director in the organization?
If the employer of the director has a policy or procedure of accessing or tracking email information, the director does not have a privacy expectation that is adequate to protect the privilege of the attorney-client. On the other hand, if the employer of the director allows personal use of the email system and does not have a policy or procedure to track email content, the privacy requirements of the director will be much higher and privileged messages will possibly be covered.
A possible danger to the security of protected e-mail messages exists if the director’s e-mails on the employer’s system are ever subject to prosecution or legal action—whether the discovery is important to the employer’s business or to the company’s business. If the employer is forced to collect and review the director’s emails on an employer-related matter, the company’s attorney will probably never know that the employer or his counsel have obtained and checked confidential email messages on the company’s business.
If the employer of the director receives a subpoena for business-related communications, even if the employer cooperates to supply the company with emails on a voluntary basis, the logistic of the discovery process also poses difficulties. Retrieving emails from the employer management system would enable the IT staff of the employer to access sensitive and privileged emails. The employer of the director may not be able to give the director’s e-mails to a third party serving the subpoena, or even company counsel, without first checking the e-mails to distinguish those relating to the company from those relating to the employer’s business.
If the director’s emails are checked by the employer’s lawyers, the confidentiality of those communications is violated and the court can find that the client’s right has been waived. Two alternatives can be used to prevent this outcome, but both require foresight and cooperation from the employer of the director. If the employer of the director wants to inspect the documents prior to production, the counsel of the company should seek to negotiate a contract review or other attorneys working under the guidance of the counsel of the company-not the counsel of the employer-to preserve the right.
The best practice for all e-mail correspondence involving the board of directors is to make it clear in the subject line that the e-mail relates to the business of the corporation and is a protected and confidential contact. This activity may increase the standards of privacy of the director—if the employer considers the language as worthy of confidential treatment under the employer’s policies and practices. Furthermore, if necessary, the director should isolate all communications related to the board of directors.
Both of these actions would make it easier to find emails and can eliminate the need for the employer to check them prior to production in the situation discussed above.
In order to prevent these problems altogether, corporate counsel should suggest alternate forms of e-mail contact with board members, including offering company e-mail accounts to directors or instructing directors to use their personal e-mail accounts rather than their employer’s e-mail systems for board-related correspondence.
Protecting the confidential nature of protected e-mail correspondence with outside directors may entail some changes in practice, but they should be considered thoughtful in order to prevent accidental waiver of privilege.