A New Ethics Standard for Client Email?

A long time ago, in a galaxy far, far away the ABA issued Formal Ethics Opinion 99-413, the gist of which was to give law firms a free pass when it came to email encryption. Since 1999, technology has evolved by leaps and bounds, the ABA has updated its model rules, and cybersecurity is a national concern.  Therefore, it should be no surprise the ABA chose to revisit its 18 year-old position on email and electronic communications.

The New ABA Standard

Is email encryption required by the new ABA opinion?  Yes and no.

As Bob Ambrogi reports in his blog:

In this new opinion, the committee declined to draw a bright line as to when encryption is required or as to the other security measures lawyers should take. Instead, the committee recommended that lawyers undergo a “fact-based analysis” that includes evaluating factors such as:

  • The sensitivity of the information.
  • The likelihood of disclosure if additional safeguards are not employed.
  • The cost of employing additional safeguards.
  • The difficulty of implementing the safeguards.
  • The extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).

However, special security precautions may be required “to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.” ABA Formal Opinion 477.

The Oregon Standard

The last bit of ABA Formal Opinion 477 may sound familiar to Oregon lawyers.  In this article written by Helen Hierschbiel in 2010, the bar gave us some insight on the topic of electronic communications, including email:

Although use of electronic communications is not a per se violation of the duty of confidentiality, special precautions may be necessary in particular circumstances. For example, if information is particularly sensitive or subject to a confidentiality agreement, a lawyer may need to implement special security measures. Also, if a client requests it, a lawyer may be required to avoid, or be allowed to use, a particular type of electronic communication notwithstanding expectations of privacy in the communication method.

While the article cites to a model rule that was later amended, the parallels between Hierschbiel’s language and that of the new opinion are hard to miss.  Bottom line? Email encryption is required if the circumstances warrant it.

Choosing an Email Encryption App

Fortunately, Bob Ambrogi has come to our rescue yet again.  In his article, Encryption so Easy a Lawyer Can Do It, Bob discusses three incredibly simple solutions that allow lawyers to send encrypted messages.  No more clunky interface requiring the sender to transmit keys before the recipient decrypts the message.  No more need for both parties to use the same software.  (Although a simple plug-in may be needed, depending on the software you choose.)

With secure cloud-based solutions Enlocked, Virtru, or Delivery Trust, Ambrogi concludes:

What all three programs have in common is that they make encryption as easy as the push of a button.  If you use email to communicate with clients or colleagues about sensitive matters – and what lawyer does not? – you have no excuse not to encrypt.

What To Do Next

  • Encrypt all client email, not some client email.  Why?  Mainly to eliminate guesswork, reduce risk, and preserve your sanity.  Not convinced?  Consider how clients might view on again/off again encryption: some messages are worth protecting and other’s aren’t?  Hmmm….
  • Put sensitive content behind a secure client portal.  Many practice management programs have this functionality, but if yours doesn’t, consider Slack.
  • Discuss electronic communication policies with clients and reiterate them in your fee agreement or engagement letter.

All Rights Reserved Beverly Michaelis 2017

The Best Legal Blog Posts of 2016

2016-word-cloudIf you’ve followed my blog for a year or more, you know I generally publish a “Year in Review” post.  This December I thought I’d take a slightly different approach. Instead of a comprehensive list, I’m filtering it down to my personal favorites. And while it may be controversial, I’m calling this compilation The Best Legal Blog Posts of 2016.  There is plenty of good stuff out there, but this is the best that has appeared here.  Mostly my content, but also sourced from other great writers.

Client Relations

eCourt and court procedures

Finances

Marketing

Security

Staffing

Technology

Time Management

All Rights Reserved 2016 Beverly Michaelis

2016 ABA TECHSHOW Takeaways: 10 Security Steps to Take Now!

The incomparable Tim Baran from Legal Productivity has done it again. His post, 10 Actionable Privacy, Security & Encryption Takeaways From #ABATECHSHOW is a must-read for all lawyers.  (Important enough that I bumped the post I was planning to publish today.)

Included in Tim’s roundup:

  • Password managers
  • Secure web browsing with HTTPS Everywhere
  • No-track search engines
  • Using false answers to security questions to foil ne’er-do-wells
  • Encrypted telephone conversations and text messages
  • Encrypted files in the cloud
  • Protecting your smartphone camera
  • Using multi-factor authentication
  • Turning on automatic updates
  • Communicating over VPNs in lieu of insecure public WiFi

This is the best of the best.  Take two minutes from your day and read Tim’s post!  While you’re at it, consider subscribing to the Legal Productivity RSS feed for great practice tips on technology, mobile lawyering, marketing, organization, making money, and wellness.

The Latest Thoughts on Cybersecurity: 2016 ABA TECHSHOW

The 2016 ABA TECHSHOW started off sizzling hot with an interesting presentation on Cybersecurity.  Here is my Storify Recap:

Cybersecurity