7

Given that various email providers have different levels of access to email, and that it shouldn't be considered private communication unless further encrypted, what steps do lawyers need to take to protect client's confidentiality? This question is also merited for things such as text and phone conversations as those conversations could fall under the same sort of arena.

Are lawyers only required to inform clients that email, text, phone is unsafe communication with risks? Or are they in some cases risking a breach of client confidentiality even if they do?

Improve this question
2
  • Is this any different from snail mail letters? (which can technically be opened, read, and re-closed without too much effort)
    – o0'.
    Commented Jun 5, 2015 at 10:18
  • Fair point, I think the accepted answer gets at this.
    – Fernando
    Commented Jun 5, 2015 at 15:36

1 Answer 1

Reset to default
4

What steps do lawyers need to take to protect client's confidentiality? Reasonable steps

Are lawyers only required to inform clients that email, text, phone is unsafe communication with risks? Yes. Sort of. It's not a problem that these channels are unsafe, it's just the risk part. As was stated, US mail carries risk.

Or are they in some cases risking a breach of client confidentiality even if they do? If they do... what? inform clients of risks?

It is up to the lawyer to inform the client of the danger of using email. Certain cases warrant more precaution than others. The lawyer will need to weigh all of this. It is also possible that a heightened level of security makes communication too cumbersome or expensive. What if the client does not want to pay for the extra time it takes you to encrypt/decrypt? What if the client cannot figure out the software? No matter how sloppy the client is, it is incumbent upon the lawyer to protect communication.

It's ABA Model Rule of Professional Conduct 1.6(a) that explains this for us. A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent...

continuing to paragraph (c):

(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

Comment 18 in part (relating to safeguarding information): unauthorized access...does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure.

continuing:

Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).

Comment 19 in part: *When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer's expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement.

Both instances require reasonable efforts - those an ordinary person would use.

ABA Formal Opinion 1-459 tells us that A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, where there is a significant risk that a third party may gain access.

This comment pertains to specific situations, like a client emailing a lawyer from the client's work-computer. It does not specifically apply to hacker-threat.

And to muddy all of this up, it's not only communication and information that is at risk. Property is also at risk and the duty to protect property is higher than the duty over communication. Secret recipes, customer lists, strategic plans - these are all forms of property and lawyers have special duties to safeguard client property. Comment (1) to Rule 1.15 says that a lawyer should hold property of others with the care required of a professional fiduciary. This is higher than the reasonableness requirement for protecting information. The fiduciary duty is the highest standard of care recognized by our legal system (the California rule calls on the lawyer to protect client secrets “at every peril to himself or herself” Cal. Rules of Prof. Conduct R. 3-100(A) (2013); see also Cal. Bus. & Prof. Code §6068(e)(1) (2013)).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .