Is it permissible for lawyers to send information to their clients in unencrypted e-mails? Indeed, what are a lawyer’s ethical obligations to clients when creating, sending, or storing sensitive information? The American Bar Association (“ABA”) says it depends whether the unencrypted e-mail or storage method is “reasonable” under the circumstances.
On May 11, 2017, the ABA’s Standing Committee on Ethics and Professional Responsibility published Formal Opinion 477, which addresses securing communication of protected client information. The Opinion seeks to balance a lawyer’s ethical obligations with the requirement to manage cybersecurity risks. The Committee concludes that “[a] lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.”
To read the entire article on the Association of Corporate Counsel website, click here.