Welcome to our new column addressing the concerns of solos and small firm lawyers: “Rōnin Reports,” named after those samurai who set out on their own as free agents without a master. Please let us know what you think of our column, and tell us if there are any topics you’d like us to address here. You can e-mail us c/o Jeffrey Allen, Editor-in-Chief, at firstname.lastname@example.org.
You have nothing to fear. Our goal is to provide some basic procedures for protecting your clients’ and your data. You’ll merely read about the perils others have experienced. Some anecdotes are from our own experience. We haven’t made every possible mistake (yet), so we’ve tried to learn from others.
Your use of technology is a personal responsibility. You do not have an option on using technology in your practice. The American Bar Association Commission on Ethics 20/20 (tinyurl.com/3op6tx3) found technology affected “nearly every aspect” of legal work, including how we store confidential information, communicate with clients, conduct discovery, engage in research, and market legal services. Laws require non-professional businesses to be aware of encryption and confidentiality procedures. Attorneys should be no less competent than their clients and be aware of and utilize technology to further the legal profession’s goals.
Ethics provisions in most jurisdictions do not mandate an absolute requirement for encryption for data storage or transmission. Yet, some jurisdictions recognize the value of encrypting business records and provide safe harbor against civil penalties if valuable information is encrypted. (For example, Tex. Bus. & Com. Code § 521.002 defines “sensitive personal information” that must be protected if unencrypted as a person’s name, address, etc. If encrypted, no liability attaches to loss of data.) Many lawyers may not consider their professional practices a “business,” but that is a miscalculation.