THE DAILY RECORD

Monday, November 17, 2014

WESTERN NEW YORKS SOURCE FOR LAW, REAL ESTATE, FINANCE AND GENERAL INTELLIGENCE SINCE 1908

LegalLOOP

The ethics of communicating

with clients online
Ive been writing about cloud computing where your data
In another recent case, the security of encrypted email was
and software are stored on servers owned and maintained by a called into question. Lawyers have long used traditional unenthird party since 2008. And for years now Ive asserted that crypted email to communicate with clients, ever since bar assoWeb-based computing is the future and that lawyers can ethi- ciations began to approve this practice in the late 1990s.
cally use it for the purposes of storing confidential client inforHowever, more recently the American Bar Association cast
mation as long as they exercise reasonable care in
some doubt on the use of email for all client communichoosing their legal software providers.
cations when it acknowledged the lack of security
This is a position supported by all applicable ethics
offered by unencrypted email and issued ABA Formal
decisions handed down throughout the United States in
Opinion 11-459 and concluded: Whenever a lawyer
recent years, including the most recent one from the
communicates with a client by email, the lawyer must
New York State Bar Association, Op. 1020. In this
first consider whether, given the clients situation, there
decision, the Committee for Professional Ethics conis a significant risk that third parties will have access
cluded: Whether a lawyer for a party in a transaction
to the communications. If so, the lawyer must take reamay post and share documents using a cloud data
sonable care to protect the confidentiality of the comstorage tool depends on whether the particular technolmunications by giving appropriately tailored advice to
ogy employed provides reasonable protection to confithe client.
dential client information and, if not, whether the
Due to fears about the security of unencrypted email,
lawyer obtains informed consent from the client after By NICOLE
some lawyers have turned to encrypted email in an
BLACK
advising the client of the relevant risks.
effort to address this perceived security risk. UnfortuHowever, even though cloud computing has repeat- Daily Record
nately, the Electronic Frontier Foundation recently
edly received the green light by ethics committees Columnist
reported that many ISPs have been intercepting cusacross the country, some lawyers continue to express reticence tomer data and stripping emails of their encryption layer
about cloud computing, citing security concerns. This reluctance (http://tinyurl.com/effemail). So even encrypted email is suscepis misguided in light of recent revelations about security issues tible to tampering.
affecting more traditional means of client communication and
In another case, we learn that even communications relayed
information storage provide.
using snail mail are now at increased risk of interception. The
For example, as proof that traditional methods of storing infor- ABA Journal reported last month that (t)he U.S. Postal Service
mation are not foolproof, theres the report of a recent breach approved nearly 50,000 requests last year to monitor the mail of
notification issued by a California criminal defense law firm after Americans in its mail covers program, raising concerns about
a hard drive containing backup files from one of the firms lack of oversight. (http://tinyurl.com/abamail). The monitoring
servers was stolen from the trunk of a car. The breach notifica- requests were made by both by law enforcement and the Postal
tion letter that was sent out to their clients in August can be Services own inspections unit and attorney-client communicafound here: http://tinyurl.com/breachletter. So, even though the tions were sometimes targeted, with no requirement in place to
firm used onsite servers to store their client data, confidential notify lawyers when this type of information is accessed.
client information was nevertheless obtained by outsiders.
Continued ...

Reprinted with permission of The Daily Record 2014

THE DAILY RECORD

Monday, November 17, 2014

WESTERN NEW YORKS SOURCE FOR LAW, REAL ESTATE, FINANCE AND GENERAL INTELLIGENCE SINCE 1908

Continued ...
In other words, no matter how your law firm stores information
or communicates with clients, there are risks. Whether your firm
uses paper, server-based software, or cloud-based software, outside access to confidential client information is a possibility.
There is no such thing as absolute security and the ethics committees have long recognized this fact. Instead, regardless of how
the information is stored or transmitted, your duty is not to
ensure absolute security but to instead take reasonable steps to
protect that information. Vet any third-party provider who will
have access to confidential client data and carefully consider the
sensitivity of the data that will be discussing, regardless of the
format of your communication.

The use of cloud computing tools to store confidential client

data and discussions is no more or less ethical than any other
type of method. Instead, your ethical obligation is to ensure that
whatever method you choose is reasonable under the circumstances.
Nicole Black is a director at MyCase.com, a cloud-based law
practice management platform. She is also of counsel to Fiandach
& Fiandach in Rochester and is a GigaOM Pro analyst. She is the
author of the ABA book Cloud Computing for Lawyers, coauthors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She speaks regularly at conferences regarding the
intersection of law and technology. She publishes three legal blogs
and can be reached at niki@mycase.com.

Reprinted with permission of The Daily Record 2014