St. Mary's Law Journal
Attorneys have an ethical obligation to protect their clients' confidences. Attorneys are required to consider what possibilities exist for unintended disclosure through technology, how they can adapt to these new realities to fulfill obligations of effective representation and maintenance of client trust and confidences, and how attorneys can employ a tripartite approach to information security to better protect client information. Under the general obligation to maintain confidentiality as set out in Rule 1.6 of the Model Rules of Professional Conduct, attorneys are precluded from revealing “information relating to the representation of a client.”
The legal profession has started to educate its practitioners about confidentiality issues involving the use of technology. Attorneys should review all relevant technology-related publications by the American Bar Association, state and local continuing legal education providers, academics, and government agencies. Technology changes rapidly, and while attorneys are quite busy keeping up with their own cases and substantive developments in their particular practice areas, it is now likely that maintaining some familiarity with technological advances will be part of the “reasonableness” required to guard client confidences. Attorneys should address security through prevention, detection, and remediation. It appears reasonable for attorneys to employ information assistance experts to design and implement security plans and to conduct periodic audits to provide the necessary client protection and statutory compliance. If a security breach does occur, attorneys should be willing to notify their clients and take reasonable measures to protect their clients' interests.
Bill Piatt and Paula DeWitte, Loose Lips Sink Attorney-Client Ships: Unintended Technological Disclosure Of Confidential Communications, 39 St. Mary's L.J. 781 (2008).