Formal Opinion 477 provides new guidelines when using e-mail communication with clients. The new standard balance the protection levels needed when using electronic communication with clients. The standard of ‘reasonable effort’ to unauthorized access of internet client communication needs to be followed. In general attorneys should consider the following when using electronic means of communicating with clients.
1. The sensitivity of the information;
2. The likelihood of disclosure if additional safeguards are not employed;
3. The cost of employing additional safeguards;
4. The difficulty of implementing the safeguards; and
5. The extent to which the safeguards adversely affect the lawyer’s ability to represent clients.
For most communication unencrypted e-mails are adequate for most routine ‘low risk’ client communication providing the attorney has basic and adequate security measures. These security measures should include:
1. Secure Internet access methods to communicate and store client information, such as secure Wi-Fi, the use of a Virtual Private Network (VPN), or another secure Internet portal;
2. Unique complex passwords that are changed periodically;
3. Firewalls and programs protecting against Malware, Spyware, or Viruses;
4. Regularly applying all necessary security patches and updates.
For sensitive client communication more security measures may include encrypted e-mails and other related technologies.