The Risk Manager, Fall 2015

The State Bar of California Standing Committee on Professional Responsibility and Conduct Formal Opinion No. 2010-179 considered this issue by asking:

Does an attorney violate the duties of confidentiality and competence he or she owes to a client by using technology to transmit or store confidential client information when the technology may be susceptible to unauthorized access by third parties?

The Committee concluded:

Whether an attorney violates his or her duties of confidentiality and competence when using technology to transmit or store confidential client information will depend on the particular technology being used and the circumstances surrounding such use. Before using a particular technology in the course of representing a client, an attorney must take appropriate steps to evaluate:

1. the level of security attendant to the use of that technology, including whether reasonable precautions may be taken when using the technology to increase the level of security;
2. the legal ramifications to a third party who intercepts, accesses or exceeds authorized use of the electronic information;
3. the degree of sensitivity of the information;
4. the possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product;
5. the urgency of the situation; and
6. the client’s instructions and circumstances, such as access by others to the client’s devices and communications.

The opinion includes a good analysis of this checklist well worth reading and is readily available via Google. (last viewed on 9/15/2015)