Internet Security a Virtual Requirement

Published on: 
The American Bar Association's Model Rules of Professional Conduct have no formal ethical prohibition against conducting legal practice over the Internet. In fact, the eLawyering Task Force of the ABA's Law Practice Management Section has created guidelines for such a practice, emphasizing the need for a secure, encrypted website to maintain client confidentiality in representation, retainer terms and online payment.

Otherwise, the task force notes, it would be “difficult or impossible to comply with the rules of professional conduct that deal with … client confidentiality.”

It is a lawyer's ethical duty to protect all documents on behalf of clients. ABA Rule of Professional Conduct 1.15 requires that client files be “appropriately safeguarded”; failure to do so is a failure in the overall duty to act competently in the best interests of a client.

But with all online activities increasingly done over wireless connections — whether by laptop or smartphone — where does that leave file confidentiality?

Earlier this year, the California bar issued opinion 2010-179 to address that issue. The opinion identifies what lawyers should consider when contacting clients or sending files over a wireless connection:

  • whether the wireless connection has a reasonable level of security, which should include use of precautions such as encryption of e-mails and files;

  • whether wireless transmission of client files and messages has equal legal protection against third-party interception or unauthorized access, such as phone calls or stored computer files;

  • whether network security is appropriate to the degree of sensitivity of the information;

  • whether an inadvertent disclosure of privileged or confidential information or work product would have severe consequences;

  • whether the need for urgent and immediate communication overrides security concerns; and

  • whether the client has specified that wireless communication is not confidential enough or that a particular kind of communication must be encrypted.

In addition to requiring security for client communication and files, they require that a lawyer be competent when measured against the standard of care in the local community. If competitors are using encrypted smartphones for wireless messages, or relying on landlines for such usage, that is the standard of care against which a firm is measured. Firms that don't meet it are willfully less competent — and open to charges of malpractice.

A final note of caution, with ramifications that are still unclear, is the issue of cloud computing, in which software and servers are owned by service providers and reside in a remote “cloud” location.

The firm that uses cloud computing purchases Internet-based document assembly, document management, practice management, and time and billing programs just like any other service, but does not control storage or reliability.

That can be a problem because cloud computing services have already suffered major service breakdowns that make programs unavailable — particularly if specialized legal software is not backed up on different servers.

Although no major cloud computing data breaches have been publicized, that possibility also exists. The firm that uses cloud computing does so knowing it may have connection, security or reliability problems. It's a virtual risk that requires careful evaluation.

This Coach’s Corner Article is listed under the following categories:

This Coach’s Corner Article is categorized for the following audience(s):