At the core of the attorney-client relationship is the shroud of confidentiality afforded both verbal and written communications with clients. Client confidentiality is addressed in ABA Model Rule 1.6 which prohibits a lawyer from revealing information relating to the representation of a client without the client’s informed consent.
Today’s ever-evolving technologies can make it difficult for lawyers to know with certainty whether their communications with clients are at risk of being improperly revealed as a result of new and changing threats.
Although the ABA and some states generally approved the use of unencrypted email to communicate with clients in the late 90s or early 2000s, most states have yet to address any specific technical requirements needed to reasonably protect the confidentiality of electronic client communications.
The issues become more complex when you consider the various types of communication used in communicating with clients today – in addition to e-mail, attorneys may communicate via text message, instant message, and third party portals.
Email generally travels across insecure connections and is relayed through non-secure servers, some of which retain a copy of that email after sending it along to its destination. When that email is not encrypted, it can be easily read by anyone accessing it on any of those servers, whether with malicious intent or not.
Despite this, Total Attorneys’ recent Small Law Firm Technology Survey revealed that many small firm attorneys are communicating with clients over e-mail that is not encrypted.
This, Are Your Client Communications Secure? infographic lays out the path an email travels between the sender and recipient, along with statistics about the use of email and other types of electronic communication among small firm and solo attorneys. You can also request a free copy of the full report on that page.
Given the mandate to protect confidentiality of client information, lawyers should investigate the technical protections in place. At a minimum, confirm whether or not your client e-mails are encrypted and if not, be thoughtful about the information transmitted through unencrypted channels.