These days, it’s a dangerous world out there for lawyers doing business online.
Two weeks ago, I wrote about two hapless law firms — one that fell victim to ransomware attacks that shut the firm down for three weeks, the other that wound up wiring several hundred thousand dollars payment for a house on behalf of his client to a fake account instead of to the seller. Meanwhile, earlier this month, the ABA released Formal Opinion 477, which cautions that lawyers may need to consider more secure measures of communicating with clients than just standard, unencrypted email. Formal Opinion 477 represents a sharp departure from the ABA’s position back in Formal Opinion 99-413 which concluded that because lawyers have a reasonable expectation of privacy in communicating by email, “it follows that [use of email] is consistent with the lawyers’ obligation to protect the confidentiality of client communications.”
Although Formal Opinion 477 does not exactly forbid lawyers from using email, most of the regular legal tech commentators — Bob Ambrogi, Nicole Black, and Jim Calloway all concur that the opinion requires enhanced precautions when using email — which might take the form of email encryption (Calloway), communication with clients in secure portals (Black), or following special requests for security made by clients (Ambrogi).
Unfortunately, even with Formal Opinion 477’s eleven pages of guidance and detailed blogger commentary, the ABA’s new views on use of email will go unheeded by the solo lawyers who most need the guidance. After all, the lawyers who actually track ABA ethics decisions or follow legal tech blogs are already practicing “safe security.” It’s the vast majority of solo lawyers who are only now coming on board with technology or who lack the time or interest to keep up with legal tech blogs who will remain uninformed, to the detriment of their clients. And even though twenty-six states now impose on lawyers a duty…