Today’s post comes from Anthony Lucas at the Jernigan Law Firm.

Be Careful When Sending Client Information by Email

As technology changes and security threats increase, several states, including North Carolina, have modified their rules of professional conduct for lawyers to include a duty of technological competence.

When using email to communicate about client matters, lawyers must “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” (MRPC Rule 1.6). The ABA’s Model Rules of Professional Conduct recommend a factor based approach to assist in determining what constitutes reasonable efforts.

The factor based approach is based on the type of information being communicated, the type of electronic communication used, and the types of available security measures for each method. Some of the factors to consider include:

  • the sensitivity of the information,
  • the likelihood of disclosure if additional safeguards are not employed,
  • the cost of employing additional safeguards,
  • the difficulty of implementing the safeguards, and
  • the extent to which the safeguards adversely affect the lawyer’s ability to represent clients.

As technology changes, the cost of security safeguards decreases, and the availability of security safeguards increases, what constitutes reasonable efforts also changes. For example, the factor base analysis leans in favor of email encryption for sensitive matters as the cost of email encryption has declined significantly and can be purchased from a major email provider for as little as $2/user/month.

Despite the decreasing cost of encryption, the ABA’s Model Rules of Professional Conduct do not require routine emails with clients that do not contain sensitive information to be encrypted. However, those emails should still be protected with basic security methods, including using secure internet access, implementing firewalls and anti-malware/anti-spyware/antivirus software of the devices used to send and store client information, and applying all necessary security patches and updates to software.

ABA Formal Opinion 477R discusses a lawyer’s obligations when transmitting information related to the representation of a client over the internet and should be reviewed carefully.