The demand (and requirements) for lawyers to finally protect confidential communications is here and now.
This demand is caused by a series of increased risks that we read about every day.
-Privacy protection regulations like HIPAA
-Inadvertent waivers in in-house email and phone messages.
-Intense state surveillance at the border. Including China, Canada and Israel.
-Communication like email, phone, and instant messaging cannot be trusted anymore.
Attorneys should be very concerned about the current uncertainty of their client’s privacy for email, broad waivers of email privacy through Internet Service Providers (for their websites) and mail provider policies (like Gmail and Yahoo), and intentional or unwitting disclosure by third parties.
Absolute confidentiality is the foundation of legal ethics. Attorneys have legal and ethical obligations to rigorously endure client confidences and secrets are 100% protected. Updated ethics rules require lawyers to take steps to ensure client data is secure. New rules require lawyers to be competent with technology and judges no longer will buy arguments that technology and its threats are evolving too quickly for lawyers to keep up. But information technology security is not taught in Law School.
What can attorneys do since they are also natural targets for espionage because they store and transmit highly sensitive corporate information. Most major U.S. law firms have been victims of security breaches. The U.S. government labeled New York City’s 200 largest law firms “the soft underbelly” of hundreds of corporate clients and the biggest threat to law firms’ data are its attorneys! The biggest threat are attorneys themselves not to mention their staff.
With all the security risks in the news on a daily basis, lawyers: you are put on notice that using unsecured email for sensitive client communications could be considered malpractice, may waive any attached privilege, and expose you to serious liability for leaks unless you take appropriate safeguards now.
Let’s take Intellectual property is an example of a high risk practice area. All communication and document transmissions, and hard copies must be secured. Attorneys must proactively protect trade secrets whether stored on paper or electronically. Trade secrets present difficulties because lawyers can do zilch once their client’s competitors have seen proprietary information.
There are sizable investments associated with acquiring trade secrets, Considering the value of trade secrets and intellectual property, immense costs required to obtain relief for misappropriation of trade secrets means a mere “confidentiality label” is inadequate. Especially on faxes and emails.
Time has come for attorneys to understand these new risks and they must find and use security measures that work with new technologies.
Solving the problem does not have to be an expensive proposition. Even military grade encryption is actually very easy to use. There are free apps for iPhone or Android you can use right now. Secure messaging, secure file transfers, calling and even video can easily and inexpensively be deployed pretty quickly.
United States v. Carroll Towing Co, 160 F.2d 482(2d Cir. 1947) supplies the required parameters:
1. The probability of the kind of incident in question
2. The gravity of the resulting injury
3. The burden of adequate precautions; it is readily apparent that the burden of having inexpensive encryption protocols in place is far less than the gravity of injury caused by sensitive information getting into the wrong hands multiplied by the probability that the event will eventually occur.
Common sense now dictates that a confidential communication should be properly protected, whether that interception is legal or not.
If you need help securing your client’s information and your inside and outside communications, I’ll be more than happy to discuss your options and make sure your existing vendors are on top of their game (without unnecessary costs).
The gravity of injury, and burden of precaution is on you. Don’t stay up worrying all night, when you can contact me at: https://www.integrissecurity.com/index.php?contactus. In the subject line enter: TLS
Ron
My thanks to all who contacted me.