Off-Topic: My Version of an Email Confidentiality Notice

(This is the first post in a new category, “Off-Topic.” Any post in that category will have nothing to do with contract drafting. Don’t worry, this won’t gradually become an off-topic blog.)

I recently received the following from a reader:

A recent change in IRS regulations has caused my firm, like many others, to drop the Circular 230 disclaimer that was automatically inserted at the end of their emails.  What remains is the confidentiality notice for emails mistakenly sent to someone who is not the intended recipient.

Because of Circular 230 concerns, my firm is modifying its confidentiality notice to read as follows:

PLEASE NOTE: The information contained in this message may be privileged and confidential and may not be used or relied upon by anyone other than the intended recipient.  If you are not the intended recipient, you are hereby notified that any review, printing, dissemination, distribution, copying or other use of this communication is strictly prohibited.  If you have received this communication in error, please reply to the sender and delete all copies of the message.

I’d like to see this expressed in more standard English.  Here’s my standard English version:

PLEASE NOTE: This message is privileged and confidential and may not be used or relied upon by anyone other than the intended recipient. If you are not the intended recipient, please reply to the sender; delete all copies of this message; and do not review, print, forward, distribute, copy, or otherwise use this message. “Message” means this email and any attachments.

Any comments?

Here are my thoughts on the firm’s version:

  1.  “PLEASE NOTE” is redundant throat-clearing.
  2. I’d use the active voice in the first sentence.
  3. Instead of using “may” to mean “might,” I prefer to use “might”—it’s unambiguous.
  4. The idea that an unintended recipient has a duty to the sender seems far-fetched; see this Chicago Tribune interview with Evan Brown. I think it better reflects the dynamic to ask nicely but suggest that legal action might follow if your request is ignored.
  5. The first and second sentence could be combined.
  6. Saying “you are hereby notified” is legalistic fluff. It’s like saying, “You are hereby notified that dinner is ready.”
  7. The list of stuff one can’t do could be trimmed back.
  8. The rhetorical emphasis in “strictly prohibited” seems overkill, given that invoking prohibition at all seems mostly bluster.
  9. Saying “all copies” seems unnecessary. First, how many copies of an email is anyone likely to receive? And second, every copy would contain a copy of the notice.

And regarding my reader’s version, I suggest that the final sentence is unnecessary.

So here’s my version:

Information contained in or attached to this message might be privileged or confidential. If you’re not the intended recipient, please don’t use any of that information or forward it to anyone else, whether in printed or electronic form. If you do so anyway, we won’t be responsible for any adverse consequences you suffer and we might take legal action against you. If we sent you this message by mistake, please let the sender know by replying to this message and then delete this message.

About the author

Ken Adams is the leading authority on how to say clearly whatever you want to say in a contract. He’s author of A Manual of Style for Contract Drafting, and he offers online and in-person training around the world. He’s also chief content officer of LegalSifter, Inc., a company that combines artificial intelligence and expertise to assist with review of contracts.

11 thoughts on “Off-Topic: My Version of an Email Confidentiality Notice”

  1. Here’s mine: READ THIS, PLEASE:

    If you are not the intended recipient of this email, please delete it immediately and let me know that I sent it to the wrong person. There are many legal and ethical reasons why you should not read an email that was accidentally sent to you. I would gladly extend you the same courtesy.

    Client – As you are probably aware, the government does not value your privacy and can access anything on the internet, including this email. If you need to share any privileged or confidential information with me, email is not the best way.

    • First paragraph fine; second can safely be lost. It’s tendentious and largely irrelevant: if material is privileged then even if the government gets it it can’t lawfully (important qualification) use it, and if it isn’t privileged then the government can get it whatever the means used to communicate it.

  2. Ken, while the drafting is excellent (though you should change “delete” at the end to “deleting”), I would not use the third sentence as it establishes the wrong tone. If you want to retain a generally reasonable feeling, you could put a semicolon at the end of your second sentence and add “under some circumstances doing so might even be a violation of law.”

  3. Ken:

    I’m not going to attempt the re-write, but a notion that was latent in the first version but has dropped out is that the email is subject to the copyright of the author, so unlicensed copying could be copyright infringement. There is probably some kind of implied license when you send an email. One point of the notice is to defeat that implied license for unintended recipients. You can question whether that would actually work in court, but I suspect that some people will be more likely to do the right thing and delete it if there is also some indication that the law compels them to do so.


  4. I’m a cherry picker and a pearl stringer:

    IF YOU ARE not the intended recipient of this email, please delete it and let me know I sent it to the wrong person. I would give you the same courtesy. Please don’t read it, use it, or share it with anyone else, because that would be rude, unethical, and (under some circumstances) illegal. Thank you. –A. Wright Burke

  5. What is not addressed is whether these email disclaimers have *any* meaningful effect. They originated with faxes in the days before email, and they made a certain amount of sense with a fax: The fax cover sheet typically indicated that it was to an individual whose name was spelled out, but there was a real danger that it could be sent to the wrong fax machine if one digit was mistyped. If I received a fax that did not include my name on the cover sheet, the disclaimer arguably had some meaning.

    Also, of course, it was on the *cover* sheet. If I obeyed the disclaimer, I would never look at the substantive material that was sent.

    With email, the likelihood of misdirection is both greater and less: It was sent to an email address using a name that probably bears some resemblance to my real name; without reading the whole email and reaching some contextual conclusions, how do I know that it was not intended for me? And how am I bound by this unilateral direction given to me in this paragraph at the end of the email (after I have read and absorbed the substantive body of the email)?

    I have yet to meet an expert who gives these disclaimers any credence, though they have clearly become the norm.

    • Jim:

      I think one of the few times it clearly does have effect is in a litigation context, where the right disclaimer could (a) preserve a claw-back right on privileged statements accidentally provided in discovery and (b) prevent settlement communications from being used as evidence. None of these disclaimers does that, of course.

      Additionally, an appropriate disclaimer could prevent the formation of a contract by the exchange of emails. The one that is actually on my work email attempts to do that.

      Presumably, a disclaimer could effectively disclaim certain other intents, like the intent to assist in tax fraud, to waive rights, or form an attorney-client relationship.

      I tend to agree with AWB that its real function is to induce voluntary action. People are usually pretty good if you accidentally send something, then contact them asking to delete it. That makes me think that the disclaimer might have some marginal benefit.

      One untested theory is that a copyright theory could prevent further dissemination of copies. I kind of like that theory because you would only need to invoke it when there was injury or threat of injury.

      Those are all my theories about where and how a disclaimer might be effective.


      • Chris, you’ve covered the field, I think, except for work product, which while technically distinct from privilege is likely in the same boat when it comes to attempted clawback.

        I’m no fan of these notices (my pet peeve is “strictly prohibited” with no by-agent) and before I stopped using them altogether, I was down to “The addressees are the only intended recipients of this e-mail and any attachments.”

        It’s rare that anyone puts the notice, however worded, at the head of the e-mail, where it might in theory head off unintended eyeballs. –Wright

  6. The Chicago Tribune interview seems to address the inadvertent recipient mainly and where there’s little to no benefit derived from the notice – of which I agree. Although, for those that enter into NDAs where the disclosing party forgets to label his/her email content (including attachments) as confidential to recipient – it may still serve a benefit. Just a thought.

    • Obviously there is also a trade off between functionality and brevity, especially in the context of post-signature script. Do you think this is too long?

  7. Ken:

    I like the approach, but have a few suggestions:

    First, I think it would be helpful to communicate to the recipient in a non-threatening/scary manner that they are not receiving any form of permission to use/copy/share information received in error. While you have a sentence politely REQUESTING that it not be shared/used, I think it would be beneficial to clarify that use/sharing is explicitly NOT PERMITTED by the sender. Perhaps something to the effect of “Please be advised that the sender is not granting you any license or
    permission to use or copy or share any information sent to you in error.”

    Second, I think your “we might take legal action” sentence is a little scary. I think in the case of inadvertent disclosures of sensitive information (e.g., insider information or a person’s SSN), you walk a fine line between voluntarily inducing their cooperation and alienating the recipient to the point that legal action might be required. To this end, I suggest softening the verbiage in this section while still making it clear there might be consequences for using/sharing information inappropriately. Paired with the sentence I suggested above, perhaps the following: “If you use or copy or share any information contained in or attached to
    this email and you are not the intended recipient, then you take such
    action at your own legal risk and consequence.”

    Third, I think you might want to encompass copying into the realm of use/sharing. Copying/retaining information could be just as harmful because it could be accessed by another at a future time (e.g., a hacker or other user of the system that the information is stored on).

    Below is how I would suggest revising your proposed paragraph. Do you have any further thoughts? Great article.

    The information contained in or attached to this COMMUNICATION might be privileged and/or confidential. If you are not the intended recipient of this COMMUNICATION, then please do not use or copy or share with anyone any of the information contained in or attached to this COMMUNICATION. Please be advised that the sender is not granting you any license or permission to use or copy or share any information sent to you in error. If you use or copy or share any information contained in or attached to this email and you are not the intended recipient, then you take such action at your own legal risk and consequence. If you were sent this COMMUNICATION by mistake, then please reply to this message so as to inform the sender of the error and then permanently delete this message and its attachments.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.