KBA Ethics Opinion E-403 (1998) provided a general rule for answering this question when responding to the issue: May a lawyer use electronic mail services including the Internet to communicate with clients without encryption? The opinion held that Kentucky lawyers may use electronic mail services to communicate with clients without encryption unless unusual circumstances require enhanced security measures.
Now ethics experts are raising the question whether this general rule is still valid with all the changes in technology and massive computer hacking going on today. Are these unusual circumstances that a competent lawyer concerned with protecting client confidentiality should heed by using special security measures such as encryption when using the Internet?
The Professional Ethics Committee for the State Bar of Texas Opinion No. 648 (2015) is one of the first ethics opinions addressing this new concern. The opinion responded to this inquiry from a firm:
When they started practicing law, the lawyers typically delivered written communication by facsimile or the U.S. Postal Service. Now, most of their written communication is delivered by web-based email, such as unencrypted Gmail.
Having read reports about email accounts being hacked and the National Security Agency obtaining email communications without a search warrant, the lawyers are concerned about whether it is proper for them to continue using email to communicate confidential information.
The Committee concluded after a careful review of numerous ethics opinions dealing with email communications that:
In general, considering the present state of technology and email usage, a lawyer may communicate confidential information by email. In some circumstances, however, a lawyer should consider whether the confidentiality of the information will be protected if communicated by email and whether it is prudent to use encrypted email or another form of communication. Examples of such circumstances are:
Editor’s note: One of the best risk management procedures for dealing with the use of electronic mail services is to obtain client consent in a letter of engagement for use of email, smart phones, cloud computing, and any other electronic device the firm uses to send client confidential information.