Sign In
    Wisconsin Lawyer
    June 01, 2015

    Take Reasonable Care to Secure Online Information

    A lawyer’s ethical duty is not to provide airtight online security but to be aware of the risks associated with technology and to take reasonable steps to secure client information.

    Dean R. Dietrich


    I’ve heard a great deal about the need for lawyers to be aware of security when using the Internet. What does this really mean?


    Lawyers have a duty to communicate information to clients on a confidential basis and to be aware of the different types of security that should be used when communicating information over the Internet. The obligation to know about technology and the risks in using technology in your law practice goes beyond email communication to things such as social media, blogs, and the use of cloud services to store information. A discussion of all the issues relating to the use of technology in the practice of law is beyond the scope of this article but it is important for every lawyer to understand the basics.

    Dean R. DietrichDean R. Dietrich, Marquette 1977, of Ruder Ware, Wausau, is past chair of the State Bar Professional Ethics Committee.

    The ABA Model Rules of Professional Conduct were amended in 2012 to provide initial guidance on this topic. First, new language was added to the comment to Model Rule 1.1, relating to the duty of competence. This new language states:

    “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”

    This language acknowledges the obligation of the lawyer to keep abreast of the benefits and risks associated with the use of technology in his or her law practice.

    The language of Model Rule 1.6, regarding confidentiality, was also amended by adding new provisions to the ruleregarding confidential lawyer-client communications. Model Rule 1.6(c) now provides that lawyers must “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” This new language in the rule speaks directly to the duty of the lawyer to exercise reasonable care when communicating with clients through Internet-based tools.

    The comment to this change indicates that lawyers should consider a number of factors when determining whether his or her efforts are reasonable. These factors include 1) the sensitivity of the information; 2) the likelihood of disclosure if additional safeguards are not used; 3) the cost of using additional safeguards; 4) the difficulty of implementing the safeguards; and 5) the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (for example, by making a device or important piece of software excessively difficult to use).

    The important things to take away from these changes are the ongoing duty to be knowledgeable about the risks of using technologies, such as potential security breaches or improper communication of information, and that the lawyer must take reasonable measures to ensure the confidentiality (and security) of information transmitted during the course of representation.

    This does not mean that every lawyer must become an electrical engineer or an expert in technology but rather that a lawyer must take steps to be educated about security and use reasonable security measures to ensure confidentiality of information. The Committee on Professional Ethics will be authoring an opinion shortly on cloud services, another important kind of technology used by many lawyers.

Join the conversation! Log in to comment.

News & Pubs Search

Format: MM/DD/YYYY