The days of practicing law without having to worry about how confidential information is stored and shared are over. As digital technology evolves, clients generate, store, and share everything, from intellectual property to legal documents, in a multitude of places and configurations. As an attorney, it is your job to take measures to ensure that these documents remain secure and confidential, as this is significant from both an ethical and attorney-client privilege standpoint.
Legal practice is governed by professional codes of conduct that prevent the unconsented disclosure of confidential client information. However, this can be waived if there is no probability that the information will remain confidential. This waiver allows access to the information in question by any opponents to litigation, even if they would not normally be granted access during the discovery process.
To stay abreast of the nascent digital technology, the legal world also has to change. In 2014, the United States Supreme Court recognized the need to protect the privacy of an individual’s cell phone communications. Riley v. California resulted in a unanimous decision that amounted to the acknowledgement that a cell phone contains an abnormally large amount of personal data about the individual (photographs, communications, etc.), which would not commonly be carried on their person in other circumstances. This affected the individual’s privacy in the sense that they had a right to privacy during a search of their person. In light of this ruling, the court would probably rule that a lawyer would have a reasonable anticipation of privacy in conversations over a cellular phone.
The current state of advances in communication technology therefore raises the risk of waiver. Additionally, the ECPA (Electronic Communications Privacy Act), circa 1986, made the interception of email communications illegal, and further states that such interception does not affect attorney-client privilege. While this is generally enforced at the state level, there are several federal cases that have reinforced this ruling, holding that digital communications between client and attorney remain confidential.
If you are wondering what your firm can do to protect your client’s confidential information in light of the current digital landscape, here are three policies that should be implemented immediately:
1. Devise an information security policy.
This should encompass all information systems and methods of communication, including email, voice messaging, text messages, cell phones, passwords, cloud access, storage, internet access, and all of your computer workstations, portable or otherwise.
2. Outline a social network policy
This should serve to prohibit the transmission of unauthorized documents or information that relates to clients, cases, or the firm itself on sites like Facebook, Twitter, Google+, LinkedIn and any other sites in this regard.
3. Establish a document management policy
This is specifically to cover the receipt, transmission, updating and storage of client documents and information, and should encompass hard and soft copies, copies stored remotely, or anything covered by an NDA, confidentiality agreement or a court order.
If properly implemented and diligently managed, these policies will help your firm protect confidential client information.