Client-CPA-Attorney Privilege and Information Technology Risk

By Reinstein, Alan; Seward, Jack | The CPA Journal, November 2008 | Go to article overview

Client-CPA-Attorney Privilege and Information Technology Risk

Reinstein, Alan, Seward, Jack, The CPA Journal

In the past few years, the public has seen more than 150 million records com- promised: data breaches that included AICPA membership lists, losses of crucial university databases, and Big Four firms losing laptops containing confidential information (see and Tom Zeller, Jr., "An Ominous Milestone: 100 Million Data Leaks," New York Times, December 18, 2006). The Department of Veterans Affairs reported the theft of 26.5 million Social Security numbers in May 2006 from an employee whose home was burglarized. Perhaps the best-known incident was the 2005-2006 hacking of more than 45 million files of TJX Companies, Inc. (Joseph Pereira, "Breaking the Code: How Credit Card Data Went Out Wireless Door," Wall Street Journal, May 4, 2007). None of the victims used readily available encryption technologies to protect their electronic data.

While data stored and transmitted using such conventional means as postal service, FedEx, and courier face loss and theft, using information technology (IT) creates additional risks, such as unauthorized access or damage to information arising from Trojan horses, viruses, worms, and rootkits. Portable storage devices, such as flash drives and laptops, make theft much easier. CPAs should understand the threat of malicious software and recognize the dangers of ineffective, unprotected, or improperly configured wireless networks that allow the unauthorized harvesting of electronic information.

When CPAs are entrusted with financial information by an individual or business, it is expected that those communications will be kept confidential, especially privileged information that is part of a legal action. The AICPA and the Canadian Institute of Chartered Accountants (CIC A) have set up a task force to design and implement sound privacy practices and policies, including the disclosure of personal information to third parties only with a client's implicit or explicit consent.

Understanding Attorney-Client Privilege

Attorney-client privilege, a well-established principle that seeks to ensure open and candid discussions between these parties [Upjohn Co. v. United States, 449 U.S. 383, 389 (1981)], applies to "(1) communications (2) made in confidence (3) by the client (4) in the course of seeking legal advice (5) from a lawyer in his capacity as such, and [it] applies only (6) when invoked by the client and (7) not waived" [Meoli v. American Medical Service of San Diego, 287 B.R. 808, 813 (2003)]. This privilege is especially important for accountants operating in an IT environment because of the concentration of data in accessible repositories.

In ascertaining whether a communication is confidential, courts apply both a subjective and an objective test [In re Asia Global Crossing, Ltd, 322 B.R. 247, 255 (Bankr. S.D.N.Y. 2005)]. The parties must have intended and expected the communication to be confidential, and, given the facts and cir- cumstances, the expectation of confidential- ity must be reasonable.

The parties' conduct can either expressly or implicitly waive the attorney-client privilege [In re Keeper of the Records, 348 F.3d 16, 22 (1st Cir. 2003)]. An implied waiver "occurs when a party claiming the privilege voluntarily disclosed confidential information on a given subject matter to a party not covered by the privilege" [Hanson v. United States Agency for Int'l Developmem, 372 F.3d 286, 293-94 (4th Cir. 2004)]. Herein lies the danger to CPAs. In Asia Global Crossing, the bankruptcy court held that e-mails forwarded to third parties waived privilege. It identified four factors that can increase the risk of disclosure and could destroy the attorney-client privilege. Privilege is endangered if: 1) the company does not maintain a policy banning personal or objectionable use of its e-mail system; 2) the company does not monitor its employees' use of their computers or e-mail accounts; 3) third parties have a right of access to employees' computer or e-mail accounts; and 4) the employee was not notified of or was otherwise unaware of the policies regarding the use and monitoring of their computers and e-mail. …

The rest of this article is only available to active members of Questia

Already a member? Log in now.

Notes for this article

Add a new note
If you are trying to select text to create highlights or citations, remember that you must now click or tap on the first word, and then click or tap on the last word.
One moment ...
Default project is now your active project.
Project items

Items saved from this article

This article has been saved
Highlights (0)
Some of your highlights are legacy items.

Highlights saved before July 30, 2012 will not be displayed on their respective source pages.

You can easily re-create the highlights by opening the book page or article, selecting the text, and clicking “Highlight.”

Citations (0)
Some of your citations are legacy items.

Any citation created before July 30, 2012 will labeled as a “Cited page.” New citations will be saved as cited passages, pages or articles.

We also added the ability to view new citations from your projects or the book or article where you created them.

Notes (0)
Bookmarks (0)

You have no saved items from this article

Project items include:
  • Saved book/article
  • Highlights
  • Quotes/citations
  • Notes
  • Bookmarks
Cite this article

Cited article

Citations are available only to our active members.
Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

(Einhorn, 1992, p. 25)

(Einhorn 25)

1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25,

Note: primary sources have slightly different requirements for citation. Please see these guidelines for more information.

Cited article

Client-CPA-Attorney Privilege and Information Technology Risk


Text size Smaller Larger Reset View mode
Search within

Search within this article

Look up

Look up a word

  • Dictionary
  • Thesaurus
Please submit a word or phrase above.
Print this page

Print this page

Why can't I print more than one page at a time?

Full screen

matching results for page

    Questia reader help

    How to highlight and cite specific passages

    1. Click or tap the first word you want to select.
    2. Click or tap the last word you want to select, and you’ll see everything in between get selected.
    3. You’ll then get a menu of options like creating a highlight or a citation from that passage of text.

    OK, got it!

    Cited passage

    Citations are available only to our active members.
    Buy instant access to cite pages or passages in MLA, APA and Chicago citation styles.

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn, 1992, p. 25).

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences." (Einhorn 25)

    "Portraying himself as an honest, ordinary person helped Lincoln identify with his audiences."1

    1. Lois J. Einhorn, Abraham Lincoln, the Orator: Penetrating the Lincoln Legend (Westport, CT: Greenwood Press, 1992), 25,

    New feature

    It is estimated that 1 in 10 people have dyslexia, and in an effort to make Questia easier to use for those people, we have added a new choice of font to the Reader. That font is called OpenDyslexic, and has been designed to help with some of the symptoms of dyslexia. For more information on this font, please visit

    To use OpenDyslexic, choose it from the Typeface list in Font settings.

    OK, got it!

    Cited passage

    Thanks for trying Questia!

    Please continue trying out our research tools, but please note, full functionality is available only to our active members.

    Your work will be lost once you leave this Web page.

    Buy instant access to save your work.

    Already a member? Log in now.

    Author Advanced search


    An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.