Here is a recent Daily Record column. My past Daily Record articles can be accessed here.
Pennsylvania Provides Further Guidance on Secure Client Communication
Are you still using email to communicate with your clients about confidential matters? If so, you might want to re-think that approach. Because when it comes to secure communication, the tide is most decidedly turning.
For many years there were rumblings of security issues with email in earlier opinions, and in 2017 the American Bar Association weighed in more definitively when it issued Opinion 477R. In that opinion, the ethics committee concluded that lawyers should avoid using unencrypted email when discussing particularly sensitive matters. Then, during the early days of the pandemic, both Pennsylvania (Formal Opinion 2020-300) and Wisconsin (Formal Ethics Opinion EF-21- 02) ethics committees referenced the ABA opinion’s conclusion and adopted its basic premise regarding secure communication in the context of providing ethical guidance for remote work.
Fast forward to 2022, and the Pennsylvania Bar Association has issued yet another helpful opinion that offers further guidance on the obligation of lawyers when communicating with clients using unencrypted email. In Formal Opinion 2022-400, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility considered the ethical obligations of attorneys when “transmitting information relating to the representation of a client to clients, opposing counsel, judges, and others.”
The Committee reviewed the ethical obligations triggered when lawyers communicate with clients along with the conclusions reached in other jurisdictions related to secure electronic communications. The Committee ultimately determined that in some situations, it is ethically permissible for attorneys to communicate about clients for work-related purposes using unencrypted email.
However, the Committee concluded that prior to doing so should, lawyers should, on a case-by-case basis, evaluate the benefits and risks associated when using unencrypted email given the nature of the information that will be discussed. Attorneys must discuss the risks and benefits of unencrypted communication with their clients, and if the risks outweigh the benefits, compliance with competence requirements may necessitate the use of more secure methods for communication.
According to the Committee, certain information should never be sent using unencrypted email, such as when a client has requested maximum security for certain information or when highly sensitive materials are being discussed or shared. The Committee also provided valuable guidance to help lawyers determine whether unencrypted email is the most appropriate method for a particular communication.
The Committee explained that lawyers should:
Whenever possible, avoid transmitting files containing information relating to the representation of a client as email attachments
Consider using “Encrypt & Prevent Forwarding” features if available
Advise clients not to forward emails or memos to third parties.
Encrypt communications or use passwords for attachments containing client-related information
Reduce the likelihood of unauthorized access by using a central file-sharing portal, cloud storage provider, or similar service
Consider using a client portal to eliminate the need to attach files to email and or use an end-to-end encrypted email service.
The easiest way to protect confidential client information when communicating electronically is to use a secure client portal built for law firms, like the ones built into law practice management software. By doing so, you avoid the hassle of assessing security risks on a case-by-case and email-by-email basis.
Encrypted email can be difficult to set up and often requires the assistance of an IT expert. In comparison, client portals are built into user-friendly software, and no IT assistance is needed to set them up.
Secure client communication portals provide an encrypted tunnel that protects client data and solves the problem of scattered communications. All client portal messages are stored in a secure, centralized online location that is easily accessible 24/7. All messages are connected with the appropriate case file, and your client’s confidential information is protected from prying eyes.
If your law firm is still using unencrypted email to discuss confidential client issues and has not yet transitioned to a more secure communication method, there’s no time like the present to make that change. The writing is on the wall: unencrypted email is an outmoded and ethically questionable way to communicate about client matters. Make the switch to an encrypted form of electronic communication today, and rest easy knowing that your law license, and your client’s data, are protected.
Nicole Black is a Rochester, New York attorney, author, journalist, and Senior Director of SME and External Education at MyCase legal practice management software. She is the nationally-recognized author of “Cloud Computing for Lawyers” (2012) and co-authors “Social Media for Lawyers: The Next Frontier” (2010), both published by the American Bar Association. She also co-authors “Criminal Law in New York,” a Thomson Reuters treatise. She writes regular columns for Above the Law, ABA Journal, and The Daily Record, has authored hundreds of articles for other publications, and regularly speaks at conferences regarding the intersection of law and emerging technologies. She is an ABA Legal Rebel, and is listed on the Fastcase 50 and ABA LTRC Women in Legal Tech. She can be contacted at email@example.com.
Nicole Black is a Rochester, New York attorney, author, journalist, and the head of SME and External Education at MyCase law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at firstname.lastname@example.org.