How many millions of hours has your law firm already spent on videoconferences during the Covid-19 pandemic? How many virtual client and internal meetings have included discussion of highly confidential and privileged information? And most importantly, what are you doing to ensure that privilege is protected?
Welcome to the online age of lawyering in which lawyers need not only to be mindful of the advice that they provide to their clients but also the forum in which they provide it.
The new normal of legal work via videoconference and electronic means has introduced a new layer of risk to the privacy of client data and thus to the attorney-client privilege as well. Until we are all back in our offices, it is critical that law firms and lawyers account for and develop policies around acceptable use of videoconferencing technology to ensure that they are keeping client information private and privileged.
This article examines some of the common practices and pitfalls of videoconferencing that could lead to waivers of the attorney-client privilege.
Communicating With Clients in Confidence
As all lawyers know, at the heart of the attorney-client privilege is the need to communicate with your client in confidence. Communicating in the presence of third parties who are outside of the protected attorney-client circle prevents the privilege from attaching. Disclosing privileged information to those third parties after the fact also generally waives the privilege.
Lawyers have a duty not only to protect privileged information, but more broadly to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” As new modes of communication are used, the question is whether there is a reasonable expectation of privacy.
It is advisable to take steps to decrease the risk of inadvertent or unauthorized disclosure or access to attorney-client communications, however those communications occur. For example, videoconference providers often offer privacy settings such as password-protected meetings and settings that limit what actions participants can take (e.g., initiating a recording, sharing screens, etc).
To the extent that these additional settings are readily available, law firms should consider implementing them. Knowingly failing to implement commercially and readily available safeguards could later be used as a basis for challenging privilege to your client meetings.
Recording Your Client Meeting
Where exactly did you think that information was stored? Most popular videoconference providers allow users to record meetings. Does the mere act of recording your client calls potentially risk waiving privilege? Based on the terms of service from Zoom, and as described by Blue Jeans, when meetings are recorded on these services, the videos can be stored by these third parties.
In other words, these companies may now have a permanent record of everything that was discussed during your client meeting. In theory that information can be subpoenaed, or the third party can simply decide to share it with others depending on their terms of service. For that reason alone, it is best practice to avoid recording your client videoconferences through third-party applications.
Who Else Can Hear What You Are Saying?
There are countless authorities and articles that discuss why a lawyer ought not to take a client call on a crowded subway train. While the subway trains may not be quite as busy these days, the underlying principle still applies. Lawyers are having more phone calls, more videoconferences, and fewer meetings in controlled settings like conference rooms and business offices.
The kitchen table has become our new office, and with it, we welcome in a host of potential eavesdroppers. It is critical to remain sensitive to who can hear you talking. Sure it is annoying to have to put in earphones every time you get on a client call, but depending on where you are, it may be the appropriate thing to ensure that you are keeping your client’s information privileged.
What Is Zoombombing?
In the early days of videoconferencing, adding a password to a meeting was uncommon. The result was predictable. Zoombombers, as they are called, began appearing in meetings and hijacking them.
Most of the time this activity was harmless, but what if it was not? What if someone was trying to join your videoconference for the express purpose of listening in to what was being discussed? Permitting someone to remain in your conference or on the conference line while discussing privileged items could very well waive whatever protection you had over the information.
This is why it is important that the host of any meeting—especially those with clients—needs to control who enters the meeting. While passwords are one way to “secure” a meeting, they are not always effective. For an added layer of security, hosts might enable virtual waiting rooms for their meetings. Then, it is up to the host to “admit” people into the meeting.
If the host does not recognize a name or phone number, that participant stays outside the meeting, adding an additional layer of security to your client meetings. As with all privileged communications, inviting parties into the conversation who are not within the scope of the privilege can result in a waiver of that privilege.
So beyond monitoring uninvited guests, it is important that hosts of client meetings continue to only invite into the meeting in the first instance those who are covered by the privilege.
This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.
David Saunders (CIPP/US) is a partner and member of Jenner & Block’s Data Privacy and Cybersecurity practice and its Complex Commercial Litigation practice. Clients turn to Saunders for his experience as an adviser, privacy professional, and litigator.
David Greenwald is a partner in Jenner & Block’s Chicago office who litigates high-stakes, complex commercial disputes. He is the editor of Jenner & Block’s Attorney-Client Privilege Update online resource center and its Protecting Confidential Legal Information handbook, and is co-editor of Testimonial Privileges and the second edition of The International Bar Association’s Privilege and Confidentiality: An International Handbook.