Lawyers, Email, And Preserving Confidentiality in 2015

10
Nov
2015

Nicole Black

It’s well known that standard email is inherently unsecure. As emails travel to their intended destination, they traverse untold number of servers and can be intercepted and viewed by virtually anyone with technological know-how. This is because emails are unencrypted and are akin to postcards written in pencil and this inherent security flaw in email as it now exists arguably places confidential client data at risk.

Even so, lawyers have used email with the ethical blessing of the various bar associations since the late 1990s, which is when the American Bar Association’s Standing Committee on Ethics first approved the use of email by lawyers without requiring client consent. In ABA Formal Opinion No. 99-413 the Committee concluded: “Although earlier state bar ethics opinions on the use of Internet e-mail tended to find a violation of the state analogues of Rule 1.6 because of the susceptibility to interception by unauthorized persons and, therefore, required express client consent to the use of e-mail, more recent opinions reflecting lawyers’ greater understanding of the technology involved approve the use of unencrypted Internet e-mail without express client consent.”

In the 1990s, there more secure methods of online communication were unavailable, however time have changed. Because of the rapidly changing technological landscape and the availability of newfound means to encrypt and protect electronic communications, the issue of an attorney’s obligations to protect confidential attorney/client communications is being reconsidered.

For example, in Formal Opinion No. 11-459, which was issued in 2011, the American Bar Association’s Standing Committee on Ethics and Professional Responsibility considered whether lawyers have an ethical obligation to warn clients of the risk of third party access to all types of electronic communication between attorney and client. 

After reaching the narrow conclusion that, in employment cases, lawyers have an obligation to warn clients of the risk of discussing the case using employer-owned devices or accounts, the Committee explained that regardless of the type of case, lawyers must assess whether client consent is required when communicating via email: “A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, to which a third party may gain access. The risk may vary. Whenever a lawyer communicates with a client by e-mail, the lawyer must first consider whether, given the client’s situation, there is a significant risk that third parties will have access to the communications. If so, the lawyer must take reasonable care to protect the confidentiality of the communications by giving appropriately tailored advice to the client.”

So, what’s a lawyer to do? The answer: forego email and start communicating and collaborating with clients using encrypted communications. 

According to the results from the ABA’s 2014 Legal Technology Survey Report,that’s exactly what some lawyers are already doing, with the number of lawyers communicating and collaborating with clients online increasing every year from 9% in 2011 to 19% in 2012, 32% in 2013, and 33% in 2014. 

Many of these lawyers are either using some sort of encrypted email or are migrating to web-based client portals as a more secure method of client communication. The latter option is often appealing because cloud computing platforms that incorporate encrypted client communication provide a ready-made solution to this problem, offering a much more secure method of communication that is superior to unencrypted email.

For more interesting—and sometimes eye opening—statistics about lawyers, email, and encrypted communications gleaned from the 2014 survey, check out the infographic below. You can view the full infographic here.