In today's business environment, even the most well-managed companies are not immune to potential lawsuits. And the possible legal implications of actions are, appropriately, never far from mind when companies take certain actions. In the case of security, for example, management will have to consider the legal ramifications of e-mail retention policies, investigations, employee monitoring, and vulnerability assessments--to name but a few of the situations that could result in a lawsuit down the road.
Given the ubiquity of the threat of legal action, experts frequently recommend having an attorney present for sensitive discussions as a preemptive defensive maneuver. The objective is to protect all of the documentation or the exchange of information under the rubric of "attorneyclient privilege."
How useful is this tactic and what are its limitations? The answer to this question is elusive; few cases address the principle of attorney-client privilege, because the issue is usually determined at pretrial hearings, not at trial. But some clear inferences can be drawn from relevant case law.
First and foremost, it is important to note that this is not a legal coat of mail that can be donned as protection against any courtroom assault. Attorney-client privilege applies to communications made in private to an attorney--the privilege does not protect the pre-existing facts that underlie the communication. This means that a company cannot hide an action or a problem by telling a lawyer and claiming that the communication to the lawyer made its existence privileged. For example, if a company employee attacked a competitor's computer network, and the company acted to cover up the action, the actions and the cover-up do not become secret or protected from disclosure just because they are revealed to an attorney while asking for advice. If a security manager is testifying under oath in court or in a deposition, he or she must truthfully answer questions about the attack and cover-up, even though the attorney-client conversation itself may be privileged and the manager may be able to refuse to answer que stions about that particular conversation.
To understand the full protections provided by attorney-client privilege, security managers must understand what types of information the privilege protects and in what circumstances. Also at issue is whether the relevant discussion is conducted with a corporate client or an individual.
Criteria. Due to its power to hide the truth, the attorney-client privilege is applied very carefully by the courts. Not every statement made to an attorney qualifies for this privilege. The oft-quoted description of the elements of this privilege comes from the U.S. federal judge in United States v. United Shoe Machinery Corporation (U.S. District Court for the District of Columbia, 1968). According to the court, the privilege applies only if the asserted holder of the privilege is or sought to become a client; the person to whom the communication was made is a member of the bar of a court, or his subordinate and in connection with this communication is acting as a lawyer. The communication must relate to a fact of which the attorney was informed by his client without the presence of strangers for the purpose of securing primarily an opinion on law, legal services, or assistance in some legal proceeding. Privilege does not apply if the communication is made for the purpose of committing a crime or tort.
In other words, to become privileged and thus undiscoverable, the client's statement must be made to an attorney in confidence for the purpose of seeking, securing, or providing legal assistance, and if the privilege is waived by a later statement or action, it will be lost. Once the privilege is lost on one occasion, it is lost forever. So if a manager tells a corporate attorney the secret being covered by privilege in a crowded room where the conversation may be overheard, the act may spoil the company's chance to assert that the information is privileged. …