How Can Attorneys Protect Their Contacts?
Smartphones contain several potential confidentiality concerns. According to the opinion, attorneys must understand how smartphones work, including applications, online activity, or otherwise, before using them. Attorneys must also consider whether their smartphone use in these respects puts their clients’ confidential information at risk and must protect that information. The opinion emphasizes the need to pay attention to what applications access from the smartphone.
Another consideration is who or what is reviewing the information: human or machine review. For instance, the opinion provides that access cannot be granted “unless the lawyer concludes that no human being will view that confidential information, and that the information will not be sold or transferred to additional third parties, without the client’s consent.”
Contacts, as the opinion points out, potentially contain numerous pieces of identifying information about the person the contact represents: phone numbers, email addresses, work or residence addresses, employer, birthday, nicknames, and a notes section that could contain further information about the individual or how the phone owner knows the person. Indeed, even the client’s identity alone may be confidential. Smartphone applications that request access to the phone owner’s contacts may exploit that information for marketing, soliciting, or disseminating information.
The Committee advises that the ethical obligations under Rule 1.6(c) require an attorney to make reasonable efforts to prevent confidential client information from disclosure. When a smartphone application asks for access to an attorney’s contacts, the first step is to determine whether any are confidential under Rule 1.6. Besides reviewing the definition of “confidential information,” the opinion also advises attorneys to consider whether the smartphone could identify them as an attorney, their practice area, or their contacts as clients.
If there is confidential information in the contacts, the attorney cannot consent to sharing it. The only exceptions are where (1) the attorney concludes no person will view the confidential information, and (2) the information will not be sold or transferred by the application to additional third parties without client consent. Attorneys must review the application’s policies and practices to ensure they understand the risks and can decide whether the exceptions apply.
What Can the Decision Teach Us?
Litigation Section leaders suggest there is much to learn from the decision. “One of the big takeaways is to be very careful in terms of sharing any information online or giving any third parties access to your contacts, emails, things like that,” advises Michael S. LeBoff, Newport Beach, CA, cochair of the Section’s Professional Liability Litigation Committee. For example, LeBoff advises practitioners to consider the access allowed to devices such as jointly used computers, Amazon’s Alexa devices, or others with AI technology.
Even though technology is constantly evolving, Section leaders say attorneys must always assess the risk when faced with new concerns. “A cell phone is similar to a file folder that contains client information,” reminds John M. Barkett, Miami, FL, cochair of the Section’s Ethics & Professionalism Committee. “You do not want to lose it. You do not want to make it available for someone to peruse through it. You do not want someone looking over your shoulder or sitting next to you to read it. So, you have to protect it,” recommends Barkett.