4 Ways to Ensure Security and Ethics in Law Firm Emails

Editor’s Note: This post is written by the chief operating officer of Brainloop Inc., a provider of SaaS solutions.

By William O’Brien, COO, Brainloop Inc.

Today’s legal professionals have to be more digitally-savvy than ever if communication confidentiality and privileges are to be maintained. While conducting business through electronic communications – most commonly, via email – allows for convenience, speed and portability, many methods are inherently unsecure and ethically suspect.

Emails sent through popular office platforms like Gmail or Outlook are often unencrypted, meaning that once a user hits “send,” the content within the communication crosses a number of servers and can be viewed by several third-party and unintended recipients. While this may not seem like a concern when simply saying hello, confirming dinner reservations, or marketing to potential clients, it becomes a major vulnerability when exchanging sensitive or confidential legal information, including contracts, invoices, personal records, and advice. Emails can not only put client data and communication at risk, but will also be increasingly viewed in court and by ethical panels as open, and therefore not protected, communications.

In 2011, the American Bar Association (ABA) addressed this issue in Opinion 11-459, stating that a legal professional must warn a client “where there is a significant risk that the communications will be read by [an] employer or other third party.” Such a risk exists when sending information via unencrypted email.

On a national level, some states started discouraging the use of email within the legal sector many years ago, such as South Carolina (1995) and Iowa (1996). Today, an increasing number of state ethics panels are continuing on with permitting email communication, but are issuing opinions that indicate that the era of tolerance and accommodation of unsecure and unencrypted emails is coming to an end.

There are a number of evolving rules governing electronic communications in the legal sector, but we must face reality as the principles continue to develop and change – email is here to stay, but it will change to become more secure.

So, what can law firms and valued clients do to remain secure and adhere to ethical principles when digitally exchanging sensitive data? These guidelines are a good place to start:

• Discuss agency policies specific to electronic data.

Create new or update existing policies governing the law firm’s electronic data. Ensure the list of policies cover everything from specific rules when sending emails, to the inadvertent production of privileged documents. Regularly discuss these policies by offering training seminars.

• Encryption is king.

Ensure all employees are sending encrypted emails. This might be through a simple “Settings” on your email application or, for further employee convenience and intuitiveness, a legal firm can implement technology tools that carry encrypted digital communications as a standard security feature.

• Invest in confidential communication platforms.

Sometimes, encryption just isn’t enough when handling critical, personal client data. Law firms should benefit from online collaboration but can’t afford to make any compromises when clients expect full protection of their information in accordance with national data protection laws or to maintain evidentiary privileges. It is possible to fulfill all requirements, without compromising collaboration, by investing in confidential communication platforms, such as secure datarooms. This allows all digital files – be it emails or documents – to remain fully protected, at all times.

• Stay ahead of the vulnerability curve – anticipate and accommodate changes.

With cyberattacks making headlines and news of governmental figures turning to personal email to manage work-related tasks, legal professionals should stay up to speed on industry news, especially as it relates to information security. If an IT department or CSO is available within a law firm, regularly check in to ensure the firm is adhering to cyber safety protocols. Learn and follow best communication practices. Reading up on ever-evolving industry ethics requirements is just as important to ensure end-to-end compliance and complete peace of mind.

While each law firm and practitioner has a unique way of operating, the guidelines above should be implemented throughout the industry as a whole, establishing a new standard for maximum security. With a growing number of high profile hacker attacks, spy programs, and sophisticated technical tricks for stealing confidential business information, cybersecurity should be a top priority within the legal profession – starting with implementing proper technologies, tools and policies to ensure attorneys and their support staff are being as ethical as possible with how data is handled.

Email doesn’t have to be a risk within an organization and it doesn’t always have to be unethical, so long as one takes the appropriate steps to remain secure.