“We deeply regret that privileged documents were inadvertently emailed to a reporter at The Wall Street Journal,” read the apology email to PepsiCo from law firm Wilmer, Cutler, Pickering, Hale, and Dorr.
No one wants to find themselves writing these words to a client.
Disastrous email mistakes leave several lessons for the unwary attorney. Email is an incredibly fast medium of communication. Exposing a client’s extremely sensitive information is a genuine risk. And human errors will persist.
Distribution to a third party also raises the specter of losing an attorney-client privilege. One of the elements of satisfying attorney-client privilege is that the information must be held in confidence. Technically, the privilege is thus waived once the information is released to third parties.
Law firms do have options to prevent email mistakes. While still at the mercy of human error, establishing sound email security policies is a first step to avoiding email mistakes.
- Use Care and Caution When Forwarding Emails
Rarely forwarding emails and carefully reviewing what is being forwarded provides safeguards from including too much information being sent to inappropriate recipients. Senders tend to forward emails that have long conversation threads. The danger is in putting sensitive data into the wrong hands.
- The Reply All Button Also Requires Care and Caution
Accidentally hitting “Reply All” is a common mistake about which we’ve all heard horror stories. Worse is when one activates the Reply All deliberately but unwisely. Again, sensitive information is at a greater risk of going to unsafe recipients. If someone does not need to be on the list, simply remove his or her name.
- Be Aware of the Dangers of the Unknown Sender
If you do not recognize the sender, be very cautious about opening the email. Try to find out as much as possible about the sender from available information on the email before opening it. Do not click on any attachments from unknown senders.
- Educate Employees
Innocent employees make many mistakes that lead to data breaches. Training will circumvent many of the mistakes made by unsuspecting employees.
- Reconsider Attaching Documents to Emails
Instead of attaching sensitive documents to emails, consider using cloud storage. The uploaded documents are encrypted and have the bonus of being available where Internet access is possible.
To be sure, Wilmer Cutler learned from the monumental email mistake. It concluded its apology to PepsiCo with, “We are taking additional measures designed to ensure that emails are not misaddressed to unintended recipients.”