Editor’s Note: Excellent considerations published on the Texas Bar Blog on securing communications in today’s technology-rich landscape.
Extract from article by Brad Johnson
While the opinions provide numerous considerations and suggestions relating to the protection of client information in electronic communications, here are just a few considerations a prudent lawyer may need to make:
- What type of information is involved and is it of a sensitive nature? When dealing with sensitive information or information at a higher risk for theft or intrusion, more protective security measures may be necessary.
- Is a communication (such as an email or a text message) encrypted? For sensitive client information, encryption may be warranted.
- In evaluating whether to communicate with a client through a mobile app or social media messaging, a lawyer should determine whether a third party (including the service provider) may have access to the information. While some platforms may provide for encryption of communications, others do not or may not make that the default setting. (For instance, the most recent Facebook Messenger app for iOS and Android devices provides users the option to activate encryption for a message but does not provide encryption as a default setting. By contrast, messages sent through a desktop version of Facebook Messenger do not currently have the same option for encryption.)
- Who else may have access to a client’s email account or electronic device? Are accounts and devices password protected? Does anyone else know the client’s password, and does the client always log out of accounts? Does the client utilize public or shared computers to check his or her email? A lawyer may need to advise a client as to the risks associated with sending information electronically and the use of accounts and devices that may be accessible by third parties.
- What if the lawyer’s electronic device is lost or stolen? A prudent lawyer should plan ahead and, depending on the circumstances, consider methods for remote disabling or destruction of data on such devices.