Ethical Implications & Best Practices for Use of Email

NYLER Archive

Save pagePDF pageEmail pagePrint page

By Robert A. Barrer

Which of the following statements are true?

A. Email is a wonderful tool for the successful practice of law.

B. Email not only saves time and money, but also allows for prompt communication with clients, colleagues, and opposing counsel.

C. Email is overused, often results in incomplete or inaccurate responses to inquiries, and fills up your Inbox with useless information.

D. Careless use of email can subject the sending lawyer to embarrassment, unhappy clients, lost income, breach of the duty of confidentiality, discipline, or claims of malpractice.

E. All of the above.


The correct answer is E— All of the above.


Used properly, email is an excellent method of communication for lawyers and allows for prompt interaction with individuals both within and outside of a law firm or office. However, many lawyers (and the rest of the world) have a tendency to respond to email messages without proper consideration and reflection. That tendency creates great risk for those who are too quick to hit the “Send” button. Some of my colleagues in the Association of Professional Responsibility Lawyers suggested that the “e” in email should be considered to stand for “Exhibit” or “Evidence” and that, before hitting the “Send” button, the sender should imagine that the transmitted message or document has an exhibit sticker on the bottom right. This article is focused on traditional email, but the discussion and concepts apply with equal force to the letters and documents that are attached to email messages.

Electronic communication carries with it a more substantial risk of unauthorized disclosure than traditional written communication. New York Rule of Professional Conduct (RPC) 4.4(b) obligates a lawyer who receives inadvertently disclosed information to merely “notify the sender.” While there may be other obligations imposed by case law or court rules, no lawyer wants to be in the position of exploring those alternatives. See, e.g., Lois Sportswear v. Levi Strauss & Co., 104 F.R.D. 103, 105 (S.D.N.Y. 1985), factors to consider in determining waiver based upon inadvertent disclosure are reasonableness of precautions taken to prevent disclosure, the time taken to rectify the error, the extent of disclosure relative to the scope of discovery, and overreaching issues of fairness; O’Connor v. Lewis, 2013 N.Y. LEXIS 3318, 2013 N.Y. Slip Op. 31722 (Sup. Ct. Suffolk Cty. 7/1/2013), discussing ethics opinions of the New York City and N.Y. County Bar Assns. which direct lawyers to refrain from further review of inadvertently disclosed information and to comply with requests for destruction; Fed. R. Evid. 502(b), no waiver of privilege if the disclosure is inadvertent, the holder of the privilege took reasonable steps to prevent disclosure, and the holder promptly took reasonable steps to rectify the error.

How one might attempt to “unring” the bell and retrieve inadvertently disclosed information is an entirely separate topic. The goal should be to avoid the problem in the first place.

The recent “hack” of Sony Pictures is proof positive that what was once considered a safe method of communication carries with it a risk of unintended disclosure. Notwithstanding the risk, the American Bar Association, the NYS Bar Association, and the New York City Bar Association have all sanctioned the use of unencrypted email as an accepted method of transmitting otherwise confidential communications. See, ABA Comm. on Ethics and Prof. Responsibility, Formal Op. 99C413 (1999); NYS Bar Assn. Comm. on Prof. Ethics, Formal Op. 709 (1998); Assn. of the Bar of the City of New York Comm. on Prof. and Judicial Ethics, Formal Op. 2000-1 (2000). The New York State Legislature has also recognized the role email communication plays in the transmission of confidential communication by enacting CPLR §4548 which provides that privileged communications do not lose their privileged character solely because they are transmitted electronically.

In order to comply with RPC 1.6’s mandate to protect confidential information, a lawyer must think twice about the manner and method of communicating with clients. For simple, routine, and harmless communications (the test being to imagine it appearing on the front page of The New York Times), email should be relatively risk-free. For a “bet-the-company” communication, perhaps email is not the way to go. In hindsight, the principals of Dewey & LeBoef LLP, no doubt wish they had not utilized email to comment on the problems being experienced at the firm that led to a highly-publicized bankruptcy and criminal charges. According to the indictment in People v. Steven Davis, et al. N.Y. Cty. Criminal Case No. 00773-2014, the following communications were alleged to have been exchanged within that law firm concerning certain lawyers’ views of their clients and the services that they provide:

On or about Dec. 31, 2008, in New York County, after creating the “Master Plan,” Employee C wrote an email, at or about 7:24 p.m., to defendant WARREN, which stated in substance, “Great job dude. We kicked ass! Time to get paid.”

On or about Dec. 1, 2008, in New York County, at or about 7:36 p.m., defendant WARREN responded in substance to Employee C, “Hey man, I don’t know where you come up with some of this stuff, but you saved the day. It’s been a rough year but it’s been damn good. Nice work dude. Let’s get paid!”


The risk of inadvertent disclosure when communicating with individual clients at their places of employment (and employees of an organization to the extent that their interests differ from that of the organization) is a subject that cannot be ignored. Why? Email messages sent to a client’s workplace can and frequently do lose their status as protected confidential communications because, depending on corporate policy, the client might not have a reasonable expectation of privacy in a work email address.

In Scott v. Beth Israel Med. Ctr. Inc., 847 N.Y.S.2d 436, 440–43 (Sup. Ct. N.Y. Cty. 2007), the court rejected a claim of attorney-client privilege for what ordinarily would be protected attorney-client communications because the plaintiff used his employer’s worksite email in the face of an employer policy prohibiting personal email. Relying on Matter of Asia Global Crossing, Ltd., 322 B.R. 247 (Bankr. S.D.N.Y. 2005), the court in Scott cited the following factors in determining that the attorney-client privilege had been waived and that no attorney work product privilege applied:

• The employer maintained a policy banning personal or other objectionable use of the email system;

• The employer monitored (or maintained the right to monitor) the use of the employee’s computer or email;

• Third parties had a right of access to the computer or emails; and

• The employer advised the employee, or the employee was aware (actually or constructively), of the use and monitoring policies.


Microsoft® Office Outlook® has a feature in its advanced email options that allows names to be suggested as the user begins to type in the “To,” “Cc,” and “Bcc” fields. The feature automatically fills in the name that it “thinks” the typist intends. While this is convenient, what if the name that it suggests is not your client but, instead, your adversary? Or, worse, what if the name that it suggests is a reporter from The New York Times who just happens to share the same last name as the intended recipient? See, K. Eban, “Lilly’s $1 Billion Emailstrom,” Condé Nast (2/5/2008).

The incorrect use of “Reply to All” results in countless messages offering congratulations to a colleague (“bravo” and “here, here” are but two examples), or acceptances and rejections to events (“can’t wait” and “sorry I can’t make it” come to mind). These are annoying, but benign. An annoying move can become embarrassing, or even case altering, when the “Reply to All” action inadvertently discloses confidential communication.

Attachments are commonplace. If a document is transmitted, it may have hidden information embedded within (metadata) that can reveal confidential or privileged information. Generally speaking, lawyers must exercise caution to prevent hidden confidential information from being transmitted electronically and may not use technology to search (or “mine”) the metadata to discover confidential information. See, NYS Bar Assn. Comm. on Prof. Ethics, Formal Op. 749 (2001), improper to use software to surreptitiously examine and trace email and electronic documents; N.Y. County Lawyers’ Assn. Comm. on Prof. Ethics, Formal Op. 738 (2008), lawyers are ethically obligated to avoid searching inadvertently produced metadata in documents; but see also, ABA Comm. on Ethics and Prof. Responsibility, Formal Op. 06C442 (2006), nothing in the Model Rules prevents a lawyer from examining metadata and cautions lawyers who wish to prevent others from learning confidential information to take adequate precautions when transmitting documents or information electronically.

In addition, people frequently forward attachments without really knowing what is in the attachment, which can have disastrous results. A City of Detroit Police Commander was reportedly facing possible discipline for forwarding an attachment to an email message to 50 people. Why possible discipline? Because the attachment contained the measurements of female police officers for whom bulletproof vests were being ordered. See, D. Boroff and M. Walsh, “Detroit Police Official Mistakenly Emails Female Cops’ Bra Sizes to Rank-and-File,” New York Daily News (8/13/2013).

For those of us old enough to remember the television show “Hill Street Blues,” the show always opened with the police sergeant at roll call exhorting those in attendance with a saying that applies with equal force to lawyers who use email: “Let’s be careful out there.”

The following Best Practices are provided to help regular users of email to be more efficient and avoid embarrassing and ethically questionable conduct. These practices have been developed and refined over the years to address the problems that arise when email is not used properly. Some examples come from reported decisions, the media, and personal experience.


10 Best Practices When Using Email

1. Before using email, consider whether it’s the best method for the particular communication. Never respond to any message without thinking of the consequences of that communication becoming public.

2. Remove excessive “strings” of messages from email and include only what’s necessary.

3. Remove attachments unless necessary. Never send an email message without knowing exactly what’s on every page of an attachment. Consider stripping metadata (hidden information embedded within a document or message), or sending a PDF or facsimile version of the document, to minimize the risk of inadvertent disclosure of metadata.

4. Rename messages when appropriate. Delete excessive “FW” and “RE” references in the subject line.

5. Turn off the “Suggest Names” option to avoid automatically filling in the wrong name. Enable “spell check” for all outgoing messages.

6. Consider drafting email messages without the “To,” “Cc,” and “Bcc” fields being completed until after your message is drafted, and you are sure it’s complete. This will avoid the transmission of messages to anyone unless you are absolutely sure that they are the intended recipients.

7. Hitting “Reply to All” is always a disfavored practice and should only be used as a last resort.

8. If you are a recipient of a “Bcc” message, do not hit “Reply to All” because you may be disclosing something that the sender intended to keep confidential.

9. Clean out your Inbox by filing or printing relevant messages and deleting extraneous messages. Mark messages that require your attention as “Unread” in order to differentiate them from messages that have already been read and require no immediate action on your part.

10. Take a deep breath before sending any email message. Watch your language and grammar. Remember: Nothing is funny when it’s used as an exhibit in a lawsuit, or as an example of poor judgment or violation of policy.


Robert Barrer is the Chief Ethics and Risk Management Partner at Hiscock & Barclay, LLP and is responsible for all ethics, conflicts, loss prevention, and continuing legal education activities at the firm. He counsels firm attorneys and provides analysis and advice on, among other things, ethical questions involving conflicts of interest, privileges, and legal issues arising under the Rules of Professional Conduct. He also supervises the firm’s continuing legal education programs and lectures on a wide variety of ethics and practice management topics. Mr. Barrer can be reached at (315) 425-2704 or


Get CLE Credit for this month’s articles (March 2015)


DISCLAIMER: This article provides general coverage of its subject area and is presented to the reader for informational purposes only with the understanding that the laws governing legal ethics and professional responsibility are always changing. The information in this article is not a substitute for legal advice and may not be suitable in a particular situation. Consult your attorney for legal advice. New York Legal Ethics Reporter provides this article with the understanding that neither New York Legal Ethics Reporter LLC, nor Frankfurt Kurnit Klein & Selz, nor Hofstra University, nor their representatives, nor any of the authors are engaged herein in rendering legal advice. New York Legal Ethics Reporter LLC, Frankfurt Kurnit Klein & Selz, Hofstra University, their representatives, and the authors shall not be liable for any damages resulting from any error, inaccuracy, or omission.


Related Posts

« »