Does a boilerplate "This email is private" message have any legal force?

Question

I get quite a few email messages with text like:

IMPORTANT WARNING: This email (and any attachments) is only intended for the use of the person or entity to which it is addressed, and may contain information that is privileged and confidential. You, the recipient, are obligated to maintain it in a safe, secure and confidential manner. Unauthorized redisclosure or failure to maintain confidentiality may subject you to federal and state penalties. If you are not the recipient, please immediately notify us by return email, and delete this message from your computer.

(This example is from here.)

In fact, some email servers are configured to add such a warning automatically.

Do these warnings have any legal force? If so, what are their consequences?

Bonus question: I see reuse of a lot of the exact wording of the above example. (Google "only intended for the use of the person" and observe the many results.) What is the original source of this wording? Does it appear in a statute or some kind of official recommendation, or did one organization start using it and others followed the leader?

Answer 1

Do these warnings have any legal force?

In the United States, no. They do not have any legal force. Some have tried to argue that the Electronic Communications Privacy Act (ECPA) applies; however, this law only applies to intercepting e-mails—not accidentally sending to the wrong party. There is no legal protection for "reply all" or "accidental send" human errors.

If so, what are their consequences?

If you're asking why some people put them in there, even if it's not legally enforceable, one reason is lawyers trying to prevent an accidental waiver of attorney-client privilege.

Generally, a waiver of the attorney-client privileged must be intentional and knowing. Therefore, some argue that a disclaimer could help one argue that privilege was not waived. Although, I could not find a published case where an e-mail disclaimer actually helped this argument. Additionally, placing the e-mail disclaimer on the bottom of an e-mail (which is customary) is less effective than placing one at the top.

As a note, some legal commentators and ethics committee's suggest that lawyers should use encryption "to ensure the confidentiality of such communications remain so when the circumstance calls for it, particularly if the information at issue is highly sensitive and the use of encryption is not onerous." See Legal Productivity's Post that quotes a California Ethics Opinion

For more info, read this article here from the American Bar Association's Litigation Section regarding the efficacy of E-mail disclaimers: Do Email Disclaimers Really Work?

Answer 2

In the US, this is generally legalistic puffery. There are prohibited acts such as breaking into a person's Gmail account or hacking into their computer, whereby one might see such an email, but such "warnings" have no significance (it's a crime even without the warning) and surely have no deterrent effect (OMG, hacking is a crime, I had no idea!!). The main legal tool for punishing such acts is Title 18 ch. 119, 121.

There are regulations requiring certain information to not be made public, for example a university is required to keep student records confidential. It is allowed to e.g. email information like "Billy Smith failed Chemistry 101" from instructor to advisor, but not from instructor to Billy's friends, so the advisor that gets the email is not free to do as s/he wants. The underlying law, FERPA, actually restricts the institution and not the individual, where the institution is thus required to have in place policies to guarantee privacy of the such information. One institution that I'm familiar with requires "confidential" messages to be sent on-campus, from campus equipment, sending to and from only official university accounts, and the messages must be encrypted. (Guess how often that requirement is obeyed.) The same goes with HIPAA. Another institution might require adding such a warning, but they are legally meaningless (not required by law).

Answer 3

In common law jurisdictions there is a tort of breach of confidence.

One of the requirements for proving breach of confidence is that the person who disclosed the confidential information must (or should have) known it was confidential: this notice does that. So, if, having received an email with that notice, a person discloses it, a suit for breach of confidence becomes much easier.

Answer 4

In Germany, it most likely does not have any legal effect, and may even cause additional problems.

---

To quote a lawyer's blog:

Brauche ich einen Disclaimer unter meiner E-Mail? Wohl kaum…

[...]

Dieser Disclaimer ist nicht notwendig, sein Nutzen mehr als fragwürdig. Möglicherweise kann er sogar zu Abmahnungen führen.

[...]

Zur Wirksamkeit und den Rechtsfolgen bei der Verwendung eines solchen Haftungsausschlusses gibt es bis heute noch keine gerichtliche Entscheidung. Dieser Zusatz wird von den Versendern der Mails gern als Haftungsvereinbarung gesehen. Eine solche Vereinbarung ist jedoch ein Vertrag und kann nach den Regeln des Vertragsrechts nicht einseitig entstehen. Wer demnach nicht entsprechend auf die E-Mail reagiert, kann aus rechtlicher Sicht keine Verbindlichkeit eingegangen sein.

Source: Pflichtangaben und Disclaimer in E-Mails: RA Christian Solmecke erklärt, welche Fehler abgemahnt werden!

Translation (no guarantees):

Do I need a disclaimer under my email? Not likely...

[...]

This disclaimer is not necessary, and of questionable use. I may even be a reason for a cease and desist letter.

[...]

So far there is no court judgement about the validity and legal consequences of such a disclaimer. Senders of mails would like to consider this addition as an agreement to limit liability. However, such an agreement would be a type of contract, and a contract cannot be entered into unilaterally. Thus a recipient who does not respond to the email cannot become liable from a legal point of view.

So the reason a disclaimer is pointless is the same as in most other jurisdictions: You cannot impose duties or conditions on someone by just saying so - the other party needs to actually agree to them.

Further reading (in German):

https://angstklauseln.wordpress.com/ - articles by a German lawyer about legal aspects of disclaimers.

Answer 5

In my opinion, people are answering the wrong question. The purpose of these disclaimers is to mitigate any sanction on the doctor, if there is an inadvertent disclosure of confidential info. e.g., by HHS or a licensing board. The doctor can show an attempt to have recipients notify them of any breach.

Answer 6

Yes - if it contains confidential information

Breach of confidence is a common law basis of action in (AFAIK), canada, australia, england-and-wales and united-states and probably all common law jurisdictions. While the matters needing to be proved and the remedies are basically the same, the basis in law is different. In Canada it is considered a mix of tort, equity and property rights, in Australia is just an equitable right etc.

The elements of breach of confidence are:

1. The information conveyed was confidential;
2. The information was communicated in confidence; and
3. The information was misused by the party to whom it was communicated.

Lac Minerals Ltd. v. International Corona Resources Ltd., [1989] 2 S.C.R. 574, at para. 129.

So, if the email satisfies 1 and 2 and the recipient does 3, then they have breached confidence.

Confidential information must be:

• specific - “all our business practices” cannot be confidential, “this document” can be
• secret - not already known to the public but also subject to measures to keep it that way
• valuable - my address is not valuable, the address of someone in a witness protection program is. In addition, most personal information meets the criteria: health conditions, sexuality, sexual partners, political or religious beliefs.

Communication in confidence means that the person was made aware, either explicitly or by virtue of the circumstances, that the information was confidential. Stealing information meets the criteria.

Note that this is a different cause of action than if the recipient was under a non-disclosure agreement (breach of contract) or had a fiduciary duty of confidentiality (breach of fiduciary duty).