Are you a legal professional? Visit our professional site

The Cryptic Ethics of Unencrypted Emails

Computer passing an email to another computer
By Joseph Fawbush, Esq. on July 10, 2019 3:28 PM

You may be an extremely competent attorney. You may be one of the most ethical practitioners around. Unless you have a certain level of technological savvy, however, you will almost certainly run afoul of the American Bar Association’s Model Rules of Professional Conduct when communicating electronically with clients.

Online Security Is Part of the Practice of Law

Attorneys have an obligation to take reasonable efforts to safeguard electronic communications to prevent unauthorized disclosure of confidential client information. According to the ABA, these reasonable efforts depend on:

  • The level of sensitive information involved
  • The level of risk in sending an unencrypted email
  • The cost and difficulty of adding safeguards
  • Whether these safeguards will hinder a lawyer’s ability to represent clients

The takeaway is that lawyers must determine on a case-by-case basis whether basic unencrypted email is a safe enough method of communication. In most cases, you’ll need to take additional security measures.

Online security methods do require varying levels of cooperation from clients, so you may need to have a discussion with your clients about secure communication. If a client is technology-challenged, the best option may still be snail mail.

Using Encrypted Electronic Communication

A relatively easy way to add security to online communication is to encrypt emails. Fortunately, sending encrypted emails has become easier in recent years. Encryption is built into Apple products and Microsoft Outlook. To encrypt an Outlook message, follow these directions. Gmail has a “confidential mode” that requires the recipient to use a passcode sent by text to view the email, along with other security functions. There are also plenty of encryption messaging apps available.  

Client Portals

Some law firms also choose to use client portals, which can be built into law practice management platforms. These tools allow clients to access communication and documents after logging in. Client portal software varies in price, functions, user friendliness, and security, so it can pay off to research the available options.

Why Prioritizing Cybersecurity Matters

Solo and small firm practitioners have enough to worry about without becoming cybersecurity experts. Sending encrypted emails can seem an unnecessary bother. Yet ABA’s Model Rule 1.1, Comment 8 requires that attorneys “keep abreast of changes in the law . . . including the benefits and risks associated with relevant technology.” It appears that 36 states have adopted that amendment as of this writing.

Attorneys have the responsibility of protecting confidential client information. Should an unauthorized disclosure occur, the blame will fall on the law firm that houses the confidential information.

Related Resources: