Get our "4-Step Computer Security Upgrade"
This guide makes it as easy to lock the virtual door to your computer as it is to lock the physical door to your office. In less than an hour, you will learn to encrypt your files, secure your computer when using public Wi-Fi, enable two-factor authentication, and use good passwords.Get it Now!
The duty of confidentiality owed by lawyers to their clients is one of the foundations of the attorney-client relationship. Generally, this duty is memorialized in ABA Model Rule of Professional Conduct 1.6., which states in part that a lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, or the disclosure is impliedly authorized in order to carry out the representation, with certain exceptions listed in Rule 1.6(b).
Lawyers routinely advise clients of the duty of confidentiality and caution clients about protecting the attorney-client privilege. Lawyers take care to ensure that conversations with clients are not overheard and recommend that clients do not discuss their communications with others. Precautions are taken to ensure that communications between lawyer and client are not overheard. Changing technologies add a new layer to the issue of confidential communication.
Lawyers and Electronic Communication
Email has become a mainstay in attorney-client communications, but use of email and other means of electronic communications, including text messages, can give rise to additional confidentiality concerns. While lawyers have used email disclaimers in the past, these disclaimers are generally insufficient to quality as ‘reasonable steps’ to preserve client confidentiality.
In August 2011, the American Bar Association Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 11-459 relating to a lawyer’s duty to protect the confidentiality of electronic communications with clients.
The opinion specifically addresses the use of electronic communications and whether clients may have a reasonable expectation of privacy when using such forms of communication. Specifically, the opinion notes that lawyers should instruct clients to avoid using workplace devices or systems for sensitive or substantive communications between lawyer and client. According to the opinion, the duty of a lawyer to so advise the client arises as soon as the lawyer knows or reasonably should know that the client is likely to send or receive substantive lawyer-client communications via electronic means “where there is significant risk” that the communications will be read by a third party.
The opinion recites four considerations that would tend to establish an ethical duty for a lawyer to warn the client against using a business device or system for electronic communication: Where the client has already communicated by electronic means or has indicated an intention to do so; where the client is employed in a position that would provide access to a workplace device or system; given the circumstances, the employer or a third party has the ability to access the email communications and; that as far as the lawyer knows, the employer’s internal policy and the jurisdiction’s laws do not clearly protect the privacy of the employee’s personal email communications via a business device or system.
According to the opinion, lawyers should ordinarily assume that an employer’s internal policy allows for access to the employees emails sent to or from a workplace device or system. The Opinion recommends that lawyers refrain from sending substantive communications to a client’s workplace email address, and that they caution clients not to send electronic messages to their attorney through such an account, or through a personal email account using a workplace computer or system. The opinion goes so far as to note that a lawyer who becomes aware that the client is receiving personal email on a workplace computer or other device owned or controlled by the employer has a duty to warn that this practice should be discontinued. If the client does continue, the Opinion recommends that the lawyer stop sending electronic communications even using the personal email address.
In addition to the cautions noted in the Opinion, it would be prudent for lawyers to ask specific questions of their clients at the time of the initial consultation which would establish not only the preferred means and methods of communication, but also to uncover potential confidentiality leaks. For example, although many employees may be aware that accessing their personal email via a work computer might potentially allow the employer to view their personal email, the same employee may not be aware that accessing their personal electronic messages via an employer-provided smartphone might raise similar issues. Text messaging, which is becoming more and more popular, particularly with younger clients and lawyers alike, may raise comparable concerns.
But employer-provided computers, systems and smartphones are not the only concern here. Even where a client accesses personal email on a personal smartphone or home computer, lawyers should be sensitive to issues of access by other third parties, such as family members, particularly in cases such as divorces or will contests. Other problems may arise with the use of hotel or library computers as well.
Part of the lawyer’s duty to a client is to educate the client about the nuances of the attorney-client relationship and the obligations of both lawyer and client to preserve that confidentiality. Lawyers should instruct clients specifically about how email and other forms of electronic communication should or should not be used during the course of the representation.
Stephanie Kimbro also commented on the Opinion over at Virtual Law Practice. Kimbro recommends that attorneys use only encrypted email when communicating with clients, or that they institute the use of a system which requires both parties to log into a secure, encrypted area in order to communicate.
It remains to be seen whether the ethical obligations of lawyers will be extended to require encryption of email in certain circumstances in the future.
- 2011-09-21. Originally published.
- 2014-11-20. Republished.