Don't Read This

Disclaim all you want. The fact is, most e-mail 'confidentiality notices' accomplish nothing.

. What's this?

By

February 13, 2003CSO

Feb. 13, 2003Of all the ineffectual e-mail disclaimers I see, one I received earlier this week takes the prize for self-defeating impotence. A public relations flak wrote me trying to get publicity for a security conference. His was the standard spiel: the whos who would be there, the whats that would be learned, the wheres and whens and whys. But at the bottom of the message, I found this disclaimer:

CONFIDENTIALITY: The information contained in this E-mail message is intended only for the personal and confidential use of the designated recipient(s) named above. This message is intended to be a confidential communication and may involve information or material, which is protected under state or federal privacy laws.
The disclaimer droned on a while longer in deep legalese and horrid grammarnothing that that e-mail users havent learned to ignore long ago. But heres the ludicrous part: The information was, in fact, intended to be spread far and wide, yet the disclaimer supposedly forbade me from doing that.

Despite the fact that most such disclaimers would hold up in court about as well as a piece of linguini cooked al dente, a startling number of e-mails these days arrive festooned with legal verbiage longer than the message itself. Inserted at the bottom of the e-mail (although I know of one clever law firm that inserts a line up top instructing recipients to Please see Confidentiality Notice before reading e-mail), the disclaimer is usually trying to accomplish one of two things. Often it is an attempt to keep the information from falling into the wrong inboxnever mind that its being transmitted in a medium that even my six-year-old niece knows is as private as a postcard. And sometimes it is meant to absolve the sender of any liability for damage caused by viruses contained in any attachments.

Companies will have adequate luck with the latter, assuming of course that the virus was not intentionally inserted by the sender. But as for the confidentiality notices, they often fail to do anything more than irritate the recipient and make the sender look foolish. Slapping a carelessly written disclaimer on every outgoing message is not a way to improve security. Anyone who thinks it iswell, Im sure you have an associate in Nigeria awaiting your help thawing out some frozen assets.

If the sender marks even his holiday greeting e-mails as confidential, why should any recipient understand that any of this senders communications are intended to be confidential? asks Wayne D. Bennett, co-chair of the Commercial Technology Practice at Bingham McCutchen LLP. In general, for a confidentiality notice to stick, he says that: 1) there should be a confidentiality agreement in place between the sender and recipient before the information is transmitted; 2) the disclaimer should make the e-mail confidential pursuant to this agreement; and 3) only e-mails containing confidential information should be marked as such.

An unsolicited e-mail marked confidential from someone the recipient does not know will not typically bind the recipient to confidentiality, Bennett says. His e-mails to me, by the way, contained no disclaimer.

All of which is to say, your first reaction to all this legal yapping is probably right on target: Ignore itit doesnt matter anyway.

Whats the worst confidentiality notice youve read this week? Send it to me at sscalet@cio.com.

Read more about data protection in CSOonline's Data Protection section.

Other stories by Sarah D. Scalet

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER