Q. Does a lawyer breach his or her obligation to maintain a client’s confidentiality when using an online document automation application for his or her clients, which is provided from a third party vendor?
A. The rules of professional conduct of every state impose an obligation on lawyers to maintain the confidences of their clients. In addition, rules of evidence protect lawyers from testifying against their clients under the attorney-client privilege.
ABA Model Rule 1.6 addresses confidentiality and has been adopted by most states. The rule provides that a “lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation or the disclosure is permitted” by one of the exceptions set out in the next part of the rule, none of which pertain to this situation. Paragraph 16 of the comment to the rule states, “A lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision.”
Opinions that examine the lawyer’s obligation to maintain confidentiality when using technology generally address e-mail. The leading analysis of this is ABA Formal Opinion 99-413 (March 10, 1999). The opinion examined different modes of e-mail transmission and concluded that in all modes, “lawyers have a reasonable expectation of privacy …despite some risk of interception and disclosure.” The opinion also cautions that when a lawyer may send information that is “so highly sensitive that extraordinary measures to protect the transmission are warranted,” the lawyer should consult the client about the mode of the transmission.
Opinion 99-413 is of particular note here because it includes an examination of e-mail transmitted over the Internet, like online forms. The opinion states that confidentiality may be compromised by an ISP’s legal right to monitor what is transmitted through it or stored on its network and by illegal hacking. On the first point, the opinion indicates that by law providers may conduct random monitoring only for mechanical or quality service control checks. Therefore, the interception of content of a communication sent through the Internet would be illegal in either situation. This gives the lawyer a reasonable expectation of privacy that requires no further action, except as noted in the highly sensitive communication.
Although not required under the ABA Opinion or those of various states, encryption makes the possibility of interception even more remote and creates even greater assurances the information will be confidential. Nevertheless, under the analysis of these opinions, the transmission of online forms over the Internet would not breach the lawyer’s obligation to maintain the client’s confidentiality even when the communication is not encrypted.
Note: All information that passes from the client to the attorney over the DirectLaw™ virtual law office platform is encrypted.