By Ruhnka, John; Loopesko, Windham E.
The CPA Journal , Vol. 82, No. 8
Protecting Privilege and Confidentiality Throutfi Disclaimers and Prudent Use Policies
E-mail is the predominant method of communication used by most businesses today. But companies can suffer liabilities from the improper use of email, as amply demonstrated in relevant case law. The presence of lengthy legal disclaimers in business e-mails has increased - for example: "Our organization accepts no liability for the content of this e-mail, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing. If you are not the intended recipient, you are notified that disclosing, copying, distributing, or taking any action in reliance on the contents of this information is strictly prohibited."
Such disclaimers, addressed to recipients of business e-mails, are intended to limit the potential liability that a sender can face. Some disclaimers, such as the IRS federal tax advice disclaimer, are required by law.
But disclaimers have generally not been as effective as their users have hoped, and their use is best seen as one part of a broader proactive policy for proscribing or limiting unauthorized or inadvertent e-mails. For example, no U.S. court case yet has allowed a company to rely on a disclaimer to avoid liability for breach of a duty of confidentiality or for workplace sexual harassment in an e-mail transmission. While current case law has indicated that such disclaimers are of limited value, the law is likely to evolve as courts continue to rule on the effectiveness of disclaimers for specific types of liabilities. The discussion below examines the impetus for the growing use of disclaimers in business e-mails, and it explains their role in a company-wide e-mail use policy, which can minimize improper or unauthorized e-mail communications that might result in liability.
Areas of Potential Liability
Under the doctrine of vicarious liability, a business can be liable for its employees' or agents' communications with third parties if it is reasonable for the recipient to believe that the sender was acting on the business' behalf, even if the communication was not authorized or not specifically prohibited. In addition, under the doctrine of respondeat superior, a business can be held liable for its employees' wrongful or criminal acte - such as defamation, sexual harassment, or gender discrimination - if they are committed within an employee's scope of employment.
Vicarious liability means that the employee or agent committing the harmful or illegal act is primarily liable to the injured party, but the business - as the employer - is secondarily liable as well. To reduce unauthorized or inadvertent e-mail communications mat might result in vicarious liability, many companies turn to employee policies governing e-mail use and the safeguarding of confidential information. When such preventive policies fail to prevent accidental, unauthorized, or harmful employee communications through the company's e-mail system, businesses rely on disclaimers for the content in such e-mails as an additional line of defense in order to try to reduce liability claims.
Although not an exhaustive list, the following are important areas of potential liability that could result from inadvertent or unauthorized business e-mail oemmunications.
Accountant-client confidential information. Rule 301 of the AICPA Professional Standards provides that a member "shall not disclose any confidential client information without the specific consent of the client" The exception to this rule occurs when a CPA must respond to a "validly issued and enforceable subpoena or summons" or is complying "with applicable laws and government regulations."
Furthermore, 24 states have enacted various rules protecting accountant-client confidential communications to varying degrees. Texas, for example, has a privilege rule that prohibits CPAs from voluntarily disclosing information communicated by a client in connection with an engagement without the client's prior consent. …