Why I don’t Use Automatic Email Disclaimers

email disclaimer

It’s standard fare for law firm emails to have lengthy disclaimers at the end. It’s also standard for the disclaimers to be automatically inserted by the firm’s email system. And the disclaimers are inserted into ALL emails, whether or not they’re meaningful given the context of individual emails.

When I started Blue Maven Law a couple of years ago, I decided not to have disclaimers inserted automatically into my emails. Here’s why.

Automatic email disclaimers don’t really do anything

The main reason I don’t use automatic email disclaimers is that they’re ineffective. Most law firm disclaimers have one or more of these components: (1) a notice that the email is confidential; (2) a request for help with misdirected emails; (3) a warning that email isn’t a secure method of communication; and (4) a notice required by IRS Circular 230 that disclaims tax advice.

Let’s consider these individually.

Protecting confidentiality

Because of the nature of my job, most of my work emails contain confidential information. In fact–as a lawyer–even the identities of the people I send emails to is often confidential because ethics rules require lawyers to protect the identities of our clients clients as confidential. And the content of the emails is often sensitive. So I definitely want my client communications to be protected. But I don’t think an automatic disclaimer or notice is an effective tool for that.

Let’s consider typical automatic disclaimer language, which I grabbed from someone’s email to me:

This email message and any accompanying document(s) and attachments contain information from a law firm, which is confidential and privileged. The email transmission and any attached documents are intended to be for the review and use solely of the individual(s) or entity(ies) named and listed on the email transmission message. If you are not the intended recipient, you are hereby advised that any review, disclosure, copying, distribution or use of the information and/or contents of this email message, as well as any attached documents, is prohibited. If you have received this email message in error, please immediately delete this email transmission and notify us by telephone of this error.

Let’s put aside privilege for a moment, since it’s a concept that’s specific to lawyers. (For my post that deals with attorney-client privilege, see An Open Memo About Confidentiality). What about confidentiality generally? Do automatic email disclaimers protect confidentiality?

Generally speaking, emails are read by three categories of people, namely, intended recipients, inadvertent recipients, and scoundrels who intercepted the emails.

Disclaimers about confidentiality aren’t necessary for intended recipients. You want these folks to read the emails you send to them. No problem here.

If the information is confidential, you might need to notify the recipient of that fact, and you might need to advise them to safeguard the information, but you’re on thin ice if you’re relying on a small-print boilerplate disclaimer at the end of the email that the recipient of the email isn’t going to read. Even if the automatic disclaimer would be effective in some circumstances, when you drop the same notice into emails sending LOL cats to your spouse and emails sending a super-sensitive TPS report to your boss, the effectiveness of the notice is undermined. Instead, it’s a better practice to put information about confidentiality in the body of the email — or in the subject line — in whatever detail the circumstances call for.

If you’re disclosing information that’s protected by a nondisclosure agreement that requires you to mark confidential information as “confidential,” you’d better mark the information as confidential. The best practice is to mark confidential attachments “confidential” in the text of the file itself and possibly in the file name and also to mark your email as confidential at the top of the email or in the subject line where it’s more likely to be read.

Inadvertent email recipients

Now let’s consider inadvertent recipients. If you accidentally send an email to the wrong person, will an automatic email disclaimer save you from yourself? Let’s look at a real-life example.

There’s a famous story about a lawyer attempting to send a short, sensitive email to co-counsel named Brad Berenson. When the lawyer began typing Brad’s name in the send field of the email, the auto-complete feature of the lawyer’s email program automatically supplied the email address of Alex Berenson, a reporter who was covering the story about the government investigation that the two lawyers were defending their client against. The lawyer didn’t notice the mistake, and he sent the email to the reporter. Oops.

Did the automatic email disclaimer keep the reporter from using the information? No. According to Do Email Disclaimers Really Work?, an article published by the Litigation Section of the American Bar Association, such a disclaimer is “unenforceable in a situation like this. In reality, if you inadvertently send an email to the wrong person, there is virtually no way to put the genie back in the bottle. … There is no legal doctrine or theory under which an email confidentiality disclaimer is enforceable in a circumstance like this.” Again, if you’re relying on an automatic email disclaimer to save you from situations like this, you’re living on the edge. [As of January 21, 2017, the link to the article leads to a 404 error.]

The care we take with our email communications should be commensurate with the risks. When in doubt, a simple checklist like this is much more effective than language automatically dropped into the end of emails. So is encrypting sensitive documents and emails.

Email is not a secure form of communication

Automatic email disclaimers often warn that email is not a secure form of communication. This is true. When you send an email, its contents are chopped up into small packets, sent all over the world, reassembled, and downloaded to the recipient’s computer. This information could be intercepted and read by any number of unintended readers. And apparently it’s not technologically difficult. Unencrypted emails are sometimes compared to post cards, which are easily read while en route.

As an attorney, I have an ethical obligation to make sure my clients are aware of this fact. But I don’t rely on notices automatically inserted into my emails to do so. I offer secure means of communication such as secure portals and email encryption. I also communicate to my clients the fact that unencrypted email isn’t secure and that I offer secure alternatives.

Most people are comfortable using unencrypted email to conduct their business affairs and prefer to do so. It’s the way they conduct their day-to-day business, and secure alternatives are less convenient. But this is their choice, and I make sure they can make an informed decision when dealing with my firm; I don’t merely rely on an automatic notice to apprise them of the dangers.

Circular 230

A few years ago, when I joined a litigation firm that focused almost entirely on non-business-related litigation, I thought we needed to add an automatic “Circular 230 Notice” at the end of my emails and the emails of the new business lawyers we were bringing on. This was the practice at my former firms, and I thought it was prudent. Whether it was necessary then is debatable, but it’s certainly not necessary now. In fact, the IRS might send you a nice little note asking you to quit adding the disclaimers to your emails.

Closing thoughts

Automatic email disclaimers are of little value and shouldn’t be relied upon to keep your information confidential. Whether you’re trying to indicate that the information you’re sending should be considered confidential, avoid the ill effects of misdirected emails, alert people to the risks of communicating via unencrypted email, or (gasp) comply with non-existent IRS requirements, there are better ways of accomplishing your ends.

Instead of being comforted by the illusion of safety provided by automatic email disclaimers, I suggest that we should be careful with confidential information, take reasonable security precautions, and appreciate the risks of unencrypted emails. Otherwise, we might find that the emperor has no clothes — after the bell has been rung.

Image credit: Shutterstock. Image may not be copied or downloaded.

0 comments… add one

Leave a Reply