← Blog Home

Data Security and All the Other Lawyers

2 min read

Data Security and All the Other Lawyers

During a presentation at the ABA’s 44th National Conference of Professional Responsibility last year, a CLE panelist threw out the following. Given that a lawyer has an ethical duty to verify that any vendor a firm works with has in place appropriate safeguards to keep the lawyer’s data secure, why wouldn’t the same duty arise when a lawyer shares data with another lawyer outside of the firm? For example, do lawyers have a duty to make sure any lawyer they co-counsel with has appropriate data security safeguards in place? How about all the lawyers who are adverse to your firm’s clients? After all, data is being regularly exchanged during discovery and contract negotiations just for starters.

I will admit this comment caught me off guard; but I quickly came to realize a legitimate concern had been raised. Think about it. There are no exceptions in the Rules of Professional Conduct that say something along the lines of, ‘don’t worry about data security issues when exchanging digital data with lawyers outside of your own firm.’ Couple that with the reality that there is still a significant percentage of lawyers in active practice who have no idea how to encrypt a file or a mobile device, have no idea what a VPN is, and/or have no intention of using more than one easy-to-remember password for everything they do and hopefully the issue becomes clear. Heck, even failing to scan data coming from lawyers outside the firm for possible malware infections could be problematic.

It’s all about data security and, ethical duties aside, your clients expect you to take whatever steps are necessary to make sure their confidences remain confidential. To your clients, it will make no difference if it was you or your co-counsel who failed to take reasonable steps to prevent the unauthorized access to or inadvertent disclosure of their confidences. The same can be said for sharing data with any lawyer on the other side.

Again, I get it; and yes, trust is a good thing. I’m not suggesting that every time you want to form a co-counsel relationship or negotiate a contract you should have the lawyer complete a 3-page data security questionnaire. That said, what would be wrong with establishing basic guidelines as to the reasonable data security steps both lawyers or firms will take? For example, you might agree to commit to encrypting the data stream for any and all communications that include confidential client information and then decide how to best accomplish that.

Here’s the bottom line. Data security is the name of the game and it’s your reputation that’s at stake. Should the unexpected ever happen, your clients are going to want answers. When the truth is that the misstep was a failure to consider and responsibly address the risks associated with exchanging digital data with other lawyers, well let’s just be honest and admit this is never going to pass muster; but, of course, you already know that.

printfriendly-pdf-button-nobg-md-Nov-01-2022-08-44-54-4335-PM

 

Since 1998, Mark Bassingthwaighte, Esq. has been a Risk Manager with ALPS, an attorney’s professional liability insurance carrier. In his tenure with the company, Mr. Bassingthwaighte has conducted over 1200 law firm risk management assessment visits, presented over 600 continuing legal education seminars throughout the United States, and written extensively on risk management, ethics, and technology. Mr. Bassingthwaighte is a member of the State Bar of Montana as well as the American Bar Association where he currently sits on the ABA Center for Professional Responsibility’s Conference Planning Committee. He received his J.D. from Drake University Law School.

Ethics and Disaster Recovery Planning

3 min read

Ethics and Disaster Recovery Planning

The ABA’s issuance of Formal Ethics Opinion 482 in September of 2018 finally made it quite clear. Lawyers have an ethical duty to develop a disaster...

Read More
Lawyer Advertising, Ethics, and Geo-fencing

2 min read

Lawyer Advertising, Ethics, and Geo-fencing

In the good old days, plaintiff lawyers hoping to find a few new clients would place ads on billboards located near hospitals. From an ethical...

Read More