Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: [issa-international] Re: Confidentiality statement on email

From: "Bernie, CTA" <cta () hcsin net>
Date: Wed, 16 Apr 2003 14:11:41 -0400
On 16 Apr 2003, at 19:38, yossarian wrote:


It depends on the country you are operating in, so you can't rely
on it too much. Dutch jurisprudence says an e-mail has the same
status as a postcard - you cannot blame the postman if he reads
it. Especially since there are plenty of technical means
available to secure it.

Anyway, why didn't you sue the other party for illegal possession
of your e-mail? How did they get it? If you have a
policystatement, include that forwarding is not allowed, then
there is money in it. Somewhere.

yossarian


bhh>>>
I do agree the laws may apply differently in other Country. As 
for the source of this email, the opposing side obtained it 
through a discovery subpoena - requesting any and all 
communications including paper documents, emails, or 
computer files, originating from me regarding XYZ (XYZ being 
a product). Although a protection order could have been 
obtained to quash the discovery subpoena or certain elements 
of it, we believed that strategically it would be more effective to 
stop them from using certain information (such as the stated 
Email) at the Trial, to better limit their ability to establish plan B. 

We could not make the claim that their possession of the Email 
document/file was illegal, as they obtained through legal 
discovery. We also could not sue, as they did not actually use 
the Email document illegally, or disseminate its contents.
bhh<<<
Bernie CTA



----- Original Message -----
From: "Bernie, CTA" <cta () hcsin net>
To: "Ken Burns" <KCB () KCBurns com>;
<issa-international () yahoogroups com> Cc:
<full-disclosure () lists netsys com> Sent: Wednesday, April 16,
2003 3:35 PM Subject: [Full-disclosure] Re: [issa-international]
Re: Confidentiality statement on email



On 15 Apr 2003, at 20:41, Ken Burns wrote:


What is the point in using these confidentiality statements?

My issues with them are that they are regularly posted to
mail lists like this one, and are often posted on the emails
that advise you pass this on to at least X# aditional people
or you will have interminable bad luck.  The point bieing
that they are regularly disseminated on emails that are
intended for public distribution.

They are also regularly found on other joke & junk emails
that have nothing to do with any corporate business.

Additionally, they are placed at the bottom of the message,
where they are least likely to get read.  Honestly folks,
when was the last time you read one of these on an e-mail you
received?

Has anybody  ever seen one of these confidentiality
statements make one iota of difference (other than to jusify
a lawyers existence [and billability] for the day he/she
composed it)?

I would seriously like to know if they have any redeeming
value.



Bernie CTA>>>
I can tell you first hand that a privacy statement on the
bottom of an email has significance from a legal evidence
standpoint. My former company and I were involved in a US civil
lawsuit where the opposing side attempted to introduce an email
as evidence.  This email had our standard
privacy/confidentially disclosure at the end and was sent from
me to another party who was not connected with the lawsuit. Our
attorney objected to the use of the email arguing that it was a
private and possibly privileged communication, and that release
of its contents could violate the privacy rights of the
receiving party.

By the way, there was also a discussion as to the authenticity
and validity of the privacy / confidentiality statement. The
court wanted to know if our company had mandated the use of
such statements in its policies for private communications, if
it was recommended and reviewed by our attorneys, and if we
used the Privacy Statement on all email. The answer was yes to
the first two questions, and no to the last, as we only used
the Privacy Statement on email that we believed to be private
and confidential. Apparently, these questions were directed to
establish the bases for good faith effort by our company to
establish, implement and maintain a privacy policy and
mechanism that we believed protected the content of any email
sent with such a privacy statement.

The opposing side rebutted claiming that the email was sent via
the Internet (a public network), and therefore it and its
contents were not private. The court disagreed stating that
while the communications medium was public the contents of the
email were not, as the sender intended it to be released only
to the named recipient.

Since the recipient was not a party to the lawsuit and did not
release/wave its privacy rights the Judge ruled that the
email's contents including its subject were intended to be
private, to a disinterested party and therefore inadmissible.

My sage advice is:

a) Establish a written Privacy Policy identifying the use of
email privacy statements,

b) Prepare an Email Privacy Statement and have an attorney
review and provide a letter of recommendation for its use.

c) Implement the Privacy Statement and practices to include it
on all email that you consider private and or confidential
between you and the recipient(s).

bhh<<<

-


Bernie, CTA

-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta () hcsin net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: