State Bar Has Spoken: It’s Ethical To Use Email, But Beware…

State Bar Has Spoken: It’s Ethical To Use Email, But Beware...It may be hard to believe, but this issue was before the California State Bar and the focus of their formal opinion 2010-179. The irony is the opinion was issued over 5 years ago in 2010 and a lot has changed since then, particularly on the security frontier. However, the precautions and recommendations the State Bar speaks to in the opinion are far more applicable today then perhaps envisioned in 2010.

The information age has ushered in a host of new tools that make communication between attorneys and their clients faster and easier than ever. Foremost among these tools is email. But just because attorneys can communicate with clients via email, does that mean they should? We need to keep in mind; we are now in an era of intentional efforts to garner more of what you wish to be kept private and secure through things like clone phishing, spear phishing, bots, malware, ransomware and packet sniffing. What? Yes, the terminology and malicious intrusive efforts make using free WiFi, weak passwords and failure to exercise reasonable safeguards a very dangerous practice these days, not to mention reader beware when getting a curious email from a person you know. If you’re intrigued about some of the above terms, there are plenty of resources available to learn more about what will make you nervous.

According to the California State Bar, the answer to our use of email is a matter of discretion. Or, in other words, what’s reasonable under the circumstances. It’s the duty of an attorney to ensure that email communications are secure, and to obtain their clients’ consent to the use of email in advance. We can’t forget that our ethical obligation is to protect at “every peril” the confidential information of our clients, a good portion of which is transmitted via email. Is it really “every peril” and, if so, what does that mean? With this in mind, we’d like to take a moment to take a closer look at the factors that govern the ethical use of email and suggestions from the State Bar. In other words, what’s reasonable.

Prior Disclosure to Client

It’s recommended that attorneys receive written consent from clients before engaging in email correspondence. This waiver should explicitly outline the potential security risks associated with email communication and the measures the attorney will take to keep communications secure. It should also specify whether or not confidential information may be contained in emails. Easy enough – just insert something in your retainer agreement.

Personal or Business Email

To ensure accountability and confidentiality, attorneys should always use a devoted professional email address when communicating with clients. It is essential that attorneys segregate personal and professional correspondences.

Device Security

If emails are sent and/or received through mobile devices – including, but not limited to smartphones, tablets and laptops – attorneys must take preventative measures to keep unauthorized users from gaining access to correspondences with clients. Devices and email accounts should always be password protected, and laptops should lock quickly after a short period of non-use. After all, encryption doesn’t do you any good if they are able to access your data because your device didn’t lock in a timely manner. It goes without saying that a strong password is a safe password, not to mention being familiar with the security features of your smartphone, laptop and tablet.

Encryption Protocols

It is the attorney’s responsibility to familiarize themselves with, and then employ methods of email encryption that prevent them from being intercepted and read by anyone other than their intended recipient(s).

Wi-Fi Security Considerations

Public wireless networks are notoriously insecure. If you don’t believe me, simply read up on packet sniffing and you’ll think again about the coffee shop or hotel’s free wireless offer which should be avoided whenever possible. Attorneys should take care to secure their private Wi-Fi networks against intruders as well. Meaning: have a solid password, don’t name the network with your own name “Jeff’s WiFi” and consider using the hot spot capabilities of your smartphone for connecting your laptop. If available, attorneys should use wired, rather than wireless internet connections when communicating with clients via email.

Consider checking out our other State Bar opinion related posts on our blog. In addition, at Hahn & Bowersock, we offer an ethics-approved MCLE course, “Practicing Law in a Technology World,” designed to educate attorneys about these and other related issues pertaining to electronic correspondence and discovery. Contact us today at 800-660-3187 or email jeff.koller@hahnbowersock.net for more information.