The Akron Legal News

Login | March 29, 2024

ABA writes new detailed electronic ethics opinion

RICHARD WEINER
Technology for Lawyers

Published: June 23, 2017

The American Bar Association on May 11 released a highly detailed ethics opinion on the confidentiality and security of electronic client communications.

Opinion 477 updates the prior ABA opinion on electronic security, which dated from 1999 (yes, you read that right). Opinion 477 is basically an expanded discussion of the implications of Model Rule 1.6 (c) (Confidentiality), note 18 (reasonable efforts or “reasonable under the circumstances” Ohio has an equivalent rule.)

Here is an overview of a small bit of this lengthy opinion of what constitutes “reasonable efforts” to protect client electronic confidentiality. These actions apply to everyone in the firm—lawyers and staff alike.

First, understand the threat. If you can read you have to know by now that all client electronic data is threatened as a natural consequence of its existence.

Next, have a clear idea of where the data is stored and how it is transmitted. That includes what form the communications are in, how the ESI is accessed, knowledge of all devices in the system, etc.

Knowing all that, research all security measures, both in hardware and software lands. This includes everything from strong passwords to physical firewalls.

Then apply that knowledge to the nature of your data to come up with a reasonable plan for keeping that data secure and private. Different data types will likely require different types of security—a friendly email is different from a merger’s financials. Get the right solution for each challenge.

If the solution is in the cloud, make sure that the provider is appropriately secure. In line with that, completely vet all outside electronic service providers for their ability to meet appropriate security standards.

The opinion recommends that all client confidential data be labeled as such. Personally I’d just regard all firm data as confidential and leave it at that.

Having decided and implemented all of that, then train everyone, lawyer and non-lawyer alike, on all of the security measures.

There is also an obligation on the part of attorneys to communicate all of these measures and their effects and protocols to clients.

So get crackin’!

Find the whole opinion at http://www.americanbar.org/content/dam/aba/images/abanews/FormalOpinion477.pdf


[Back]