Do you practice good email hygiene?
If not, you could be inviting a cyber-attack.
“E-mail and electronic communications have become everyday communications forms for attorneys and other professionals – fast, convenient, and inexpensive – but also present serious risks to confidentiality,” according to cyber-ethics expert David G. Ries, author of the cybersecurity chapter for the ABA 2021 TECHReport. “It is important for attorneys to understand and address these risks.”
Example: Model Rule 1.6, Comment 19 requires reasonable precautions to prevent the information from coming into the hands of unintended recipients.
“This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy,” says Ries, who was the guest speaker at the June 292 Alta Pro webinar Cybersecurity Ethics. “Special circumstances, however, may warrant special precautions. “
Do you practice in Wisconsin, Texas, Minnesota, Ohio, Illinois, Indiana or Michigan? Is your professional liability coverage managed through Alta Pro? If so, you’re automatically a member of the Alta Pro Risk Purchasing Group (RPG), which offers a wealth of benefits for your practice: free, cutting-edge CLE webinars featuring top experts tackling timely topics; the Pro Practice Playbook; the Pro Practice Blog; Reminger’s ProLink risk management assistance; Reminger’s Claim Repair Hotline; discounts on CLIO practice management software; tax savings on health insurance; and access to the Risk Pro, who can help keep your firm safe and successful. Register here and start enjoying your Alta Pro RPG benefits.
Email Cyber Hygiene Tips
Following are some highlights from the June 29 presentation and manuscript by Ries [contact Alta Pro if you’d like a free copy of the entire manuscript.]
- “Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement.”
- “There are questions about whether unencrypted Internet e-mail affords a reasonable expectation of privacy. Respected security professionals for years have compared the security of unencrypted e-mail to postcards or postcards written in pencil. Comment [19] to Rule 1.6 also lists ‘the extent to which the privacy of the communication is protected by law’ as a factor to be considered.”
- “Some of the newer ethics opinions conclude that encryption may be a reasonable measure that should be used, particularly for highly sensitive information. An ABA ethics opinion in 1999 and several state ethics opinions concluded that special security measures, like encryption, are not generally required for confidential attorney e-mail. However, these opinions, like Comment [19], contain qualifications that limit their general conclusions.”
- “Some ethics opinions express a stronger view that encryption may sometimes be required. For example, New Jersey Opinion 701 (April 2006), discussed above, notes at the end: “where a document is transmitted to [the attorney] … by email over the Internet, the lawyer should password a confidential document (as is now possible in all common electronic formats, including PDF), since it is not possible to secure the Internet itself against third party access.”23 This was over fifteen years ago.
- “In May 2017, the ABA Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 477R, ‘Securing Communication of Protected Client Information.’ The Opinion revisits attorneys’ duty to use encryption and other safeguards to protect e-mail and electronic communications in light of evolving threats, developing technology, and available safeguards. It suggests a fact-based analysis and finds that “the use of unencrypted routine email generally remains an acceptable method of lawyer-client communication,” but “particularly strong protective measures, like encryption, are warranted in some circumstances.” Opinion 477R, consistent with these newer opinions and the article, concludes: A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.”
Why choose Alta Pro Lawyers Risk Purchasing Group over other legal malpractice programs? Because Alta Pro RPG gives insured law firms exclusive access to valuable practice resources and cost-saving programs. When you join the Alta Pro RPG, you can use our Pro Practice Resource Center, filled with practical pointers and risk management tools to keep your law firm safe and soaring. Plus you get exclusive access to free CLE webinars, like our recent, highly popular program on Basics of Cannabis Law. Also: discounts on office essentials, Ask the Risk Pro, malpractice defense hotline and more. Don’t miss out on these fantastic perks. If you’re already a policyholder with Alta Pro but haven’t yet created your RPG account, here’s how to do it.