Should your business worry about Microsoft Teams, Slack (etc) and legal professional privilege? Answer: it depends

A few years later, Microsoft CEO Satya Nadella launched Microsoft Teams. Then, the pandemic happened. It’s been reported that, at the beginning of the pandemic, Microsoft Teams had around 32 million daily active users. By April 2021, that number was 145 million – a 3.5x increase in 12 months. 

A critical tool for daily collaboration – and these applications are no secret to regulators or claimants in legal proceedings

• We know that regulators and claimants in class actions are requesting information stored within these programs (eg chat messages in Microsoft Teams) as part of regulatory investigations or proceedings involving the tech sector. 
• In the dispute between Twitter and Elon Musk, for example, subpoenas have sought chat messages between Musk and several high profile tech entrepreneurs. 

Legal Professional Privilege becomes more complex in tech

When regulatory investigations and legal proceedings arise, in-house lawyers’ minds naturally turn to legal professional privilege (LPP). It is an important privilege: for example, it ensures that a company cannot be compelled to disclose to a regulator confidential communications between the company’s lawyer and the company if those communications are made for the dominant purpose of legal advice (see HSF’s LPP hub for some excellent resources on this).

However, given the tech sector (and particularly digital platforms) are increasingly the subject of regulatory scrutiny, there are a number of issues that may arise here. 

• Can LPP be properly maintained when collaboration software is likely being used throughout the day for mixed purposes, including legal and non-legal purposes? 
• Is LPP lost if various people have access to that software, including third party consultants? 

To add to the complexity, LPP only applies if a particular communication is for the dominant purpose of legal advice. That means that, in assessing whether a communication is privileged, it is necessary to assess each chat message and the context of each chat message that might be sent within a collaboration platform. That may well be an enormously costly and burdensome task if a matter becomes particularly contentious – for example, in a regulatory investigation or discovery in a court proceeding.

Is this really any different to emails?

These collaborations platforms represent a step change on email. They are fundamentally different in at least the following ways:

• Working documents: a number of collaboration platforms make it possible for several (lawyer and non-lawyer) users to store or work on a “live” version of a document simultaneously within a “workspace” (or similar). While it should be possible to track who made which changes and when those changes were made, disentangling these changes can take time (which adds to the cost of producing evidence in a regulatory investigation or proceeding). Ascertaining the purpose of each simultaneous change may also be challenging. 
• Video and audio: a number of these collaboration platforms record when a video or audio call has been commenced in amongst a chain of chat messages. The chat message can record who joined the call (and when they joined) and the call’s start and end times. These calls can also be recorded and, unless they are properly privileged, such recorded conversations could be produced in a regulatory investigation or court proceeding, noting that issues of admissibility may arise particularly if not all participants to the call are aware of and have consented to its recording.
• Informality: Letters have typically been the more formal or considered version of human communication (one definition of a “letter” in the Oxford English Dictionary Online is: “A written communication addressed to a person, organization, or other body, esp. one sent by post or messenger; an epistle”). Email was initially designed to be the electronic version of written letters or memoranda (mail became “electronic mail”, which became “e-mail”, which has become “email”). Of course it has evolved from there. “Chats”, however, are more akin to the initial “chatrooms” of the early internet years, or SMS/text messaging. Chatrooms were the electronic model of speaking informally in an (electronic) “room”, and dictionaries tell us that “chat” means “to converse in a familiar or informal manner”.  Perhaps for the first time in history, the back-and-forth within an office (eg the hallway, side-of-the-desk or “water cooler” conversations of the office) are being committed to writing in real-time. 

What are the risks from the perspective of privilege? 

Examples include: 

• A larger set of mixed-purpose communications: this means it is harder to establish, as is required, that the dominant purpose of the communications is a privileged one. These communications can extend over long periods of time in one long chain of text.  This can be compared to the functionality of emails, which tend to be organised around chains focused on particular and more clearly identifiable subject matters or topics. Each email also has a “subject” line which provides some indication of purpose. Individual chat messages do not. The preparation of email also requires one necessary conscious step: deciding which email addresses are to be typed into the “To” field and thereby deciding who will receive the email. When using “chat” functions, however, it is reasonably commonplace for a participant to forget precisely who is in the chat group and therefore receiving the messages.  
• Informality may also mean matters are recorded quickly: these chats can be sent without the conscious consideration which has become (or perhaps should have become) more front-of-mind in email communications in the workplace.
• Sensitive information: if LPP does not apply to a chain of chat messages, there may be more risk that an entity will be required to produce material that could be personal, sensitive or potentially reputationally damaging: in one chat message tendered as part of the Banking Royal Commission, a company’s employee referred to a disabled customer’s father (who was trying to cancel an inappropriately sold financial product) as a “bloody whinger”. A senior executive of the relevant company accepted in evidence that this type of internal communication was “totally inappropriate”.   

There is of course a risk that chat messages or recorded meetings are not privileged. Businesses may consider that the types of mechanisms required to safeguard LPP are lower priority in some cases, for example, in relation to low-risk or more routine legal advice being provided over these platforms. 

But there are many instances where that will not be the case. There may be occasions when in-house legal teams should turn their mind to whether the use of collaboration software is suitable for a particular matter or whether it needs to be used with some caution or more specific guidelines. For example: 

• Degree of legal risk: some caution or guidelines might be warranted because the matter raises a particular level of legal risk, for example, an expectation of a major regulatory investigation, probable class action risk or legal issues with high reputational risk. In such cases, the input of in-house legal counsel is usually critical and the loss of LPP may be a material problem for the company. For particularly high-risk matters, it may be that collaboration software should not be used at all.  
• Using the tools appropriately: perhaps the relevant tools should be used in a particular way so that LPP can properly be retained while enabling commercial and engineering/technical/commercial teams to receive legal advice from their in-house legal partners about complex and tricky legal issues. For example, it may be necessary for particular parts of the collaboration platforms to be inaccessible to the wider business.

Is there an easy solution?

It seems there will be no one-size-fits-all solution here. Your business’s approach to this type of issue will turn on a number of factors, including risk appetite, the internal structure of the in-house legal team, and the nature of your legal risk profile for matters. The key message is to have given this thought in advance – before the issue becomes acute in the context of a regulatory investigation or class action proceeding.   

If you get stuck and you’re not sure what to do next, take a look at HSF’s LPP hub (available here) to refresh on LPP. If you need to look into these issues in more detail, get in touch with your usual HSF contact: we’re always happy to talk, particularly about law and tech.