By definition, lawyers working on trade-secrets issues, whether in litigation or otherwise, have access to their clients’ most confidential information. And, of course, these lawyers routinely communicate with clients via email, including about the trade secrets. Sometimes, even the trade secrets themselves are exchanged via email.
This raises ethical issues. Recently, the ABA Committee on Ethics and Professional Responsibility issued a formal opinion addressing lawyers’ ethical obligations when transmitting confidential client information. The opinion can be downloaded here.
All lawyers who deal with trade-secrets issues should read the opinion. But here are some highlights:
The opinion recognizes that law firms are hacking targets because:
(1) they obtain, store and use highly sensitive information about their clients while at times utilizing safeguards to shield that information that may be inferior to those deployed by the client, and (2) the information in their possession is more likely to be of interest to a hacker and likely less voluminous than that held by the client.
It then discusses applicable ethical rules, concluding that “lawyers must exercise reasonable efforts when using technology in communicating about client matters.” So what are reasonable efforts?
What constitutes reasonable efforts is not susceptible to a hard and fast rule, but rather is contingent upon a set of factors. In turn, those factors depend on the multitude of possible types of information being communicated (ranging along a spectrum from highly sensitive information to insignificant), the methods of electronic communications employed, and the types of available security measures for each method.
The opinion specifically mentions lawyers who deal with trade secrets, since those matters “may present a higher risk of data theft.” The fact-based analysis is often relatively simple in trade secrets cases: if you are transmitting your client’s trade secrets or related information, you may need to use “particularly strong protective measures”:
A fact-based analysis means that particularly strong protective measures, like encryption, are warranted in some circumstances. Model Rule 1.4 may require a lawyer to discuss security safeguards with clients. Under certain circumstances, the lawyer may need to obtain informed consent from the client regarding whether to the use enhanced security measures, the costs involved, and the impact of those costs on the expense of the representation where nonstandard and not easily available or affordable security methods may be required or requested by the client. Reasonable efforts, as it pertains to certain highly sensitive information, might require avoiding the use of electronic methods or any technology to communicate with the client altogether, just as it warranted avoiding the use of the telephone, fax and mail in Formal Opinion 99-413.
There is a simple takeaway for all trade-secrets lawyers: think very carefully about how you are transmitting confidential client info. This requires an open dialogue with the client. You need to figure out how you will be protecting this data while in transit (and at rest, but that’s a separate issue). At my firm, we have the capacity to encrypt individual emails on-demand, which can allow for secure transmission of sensitive data.
But this sensitive data isn’t only shared with clients. Often, it will need to be produced in litigation. Lawyers spend a lot of time negotiating protective/confidentiality orders with attorney’s eyes only (AEO) protections. But don’t forget to securely transmit AEO documents to the other side. For example, my firm uses a secure/encrypted document sharing platform.
Trade-secrets cases often move fast. But this ABA opinion shows that regardless of how intense the litigation becomes, lawyers must be cognizant of their obligations to protect clients’ confidential information.