by Sara Romine
Employment lawyers often are asked to represent an executive or employee against his or her current employer. In the course of representing the executive or employee, however, many of those lawyers never think to ask the client how they plan to communicate. Certainly, very few get into the nitty gritty of the specific device the employee intends to use, the device the lawyer will use, the mechanism by which those devices will transmit information, and where information relating to the representation will be stored. But as cybersecurity and legal ethics concerns evolve, these questions are becoming increasingly important and, depending on the jurisdiction, must be answered. To avoid potential ethical and legal pitfalls later, lawyers should consider addressing these issues at the outset of the representation, perhaps in the engagement letter.
I. The Ethical Duty to Warn a Client About Using Employer Technology to Communicate Privileged Information
Both the American Bar Association and the State Bar of Texas have issued ethics opinions suggesting that lawyers may, under some circumstances, need to advise or caution a client regarding the dangers inherent in communicating via devices accessible to a third party. See The Professional Ethics Committee for the State Bar of Texas, Opinion No. 648 (April 2015); American Bar Association Formal Opinion 11-459 (Aug. 2011). This obligation is derived from the Texas Disciplinary Rules of Professional Conduct, which prohibit a lawyer from knowingly revealing client confidential information (Texas Rule 1.05(b)), and the ABA Model Rules of Professional Conduct, which require a lawyer to make reasonable efforts to prevent the inadvertent or unauthorized disclosure of client information (ABA Model Rule 1.6(c)).
This issue frequently comes up in the representation of an employee in a matter adverse to his or her existing employer. For example, in addressing the circumstances under which a lawyer may need to warn the client about security and confidentiality concerns or consider alternative methods of communication, the Texas Bar opinion gave the following examples of situations that merit attention:
· Sending an email to an individual client at that client’s work email address, particularly if the communication relates to the client’s dispute with his employer;
· Sending an email from a public or borrowed computer or where the lawyer knows that incoming emails are monitored or read;
· Sending an email if the lawyer knows the email recipient is accessing the email on devices that are potentially accessible to third persons or are not protected by a password.
The issue, however, extends beyond email communications on an employer-owned email account. The same concerns arise when an employee uses a company smart phone to text or email, or when the employee uses a company scanner to transmit documents relating to the representation. Likewise, confidentiality concerns may be triggered when an employee uses an employer-provided computer or computer network to access his or her personal web-based email account.
Given the prevalence of employer policies permitting the employer to access information received, stored, or transmitted on the employer’s network or devices, a lawyer representing an employee should caution the client regarding the use of the employer’s devices and network for any communications or document storage. ABA Ethics Opinion 11-459 instructs lawyers to “assume that an employer’s internal policy allows for access to the employee’s emails sent to or from a workplace device or system.” For this reason, lawyers representing an employee in a matter adverse to his or her current employer would be well-advised to warn the employee up front about confidentiality concerns relating to potential methods of communication.
II. The Need to Stay Current on Confidentiality and Cybersecurity Concerns.
Although many of these examples arise in the employment context, these concerns are not unique to representations of employees or executives. Instead, in virtually all representations, lawyers may want to assess and discuss with clients the planned methods of communication and the security risks inherent in those methods. The ethics opinions from the Texas Bar and the ABA explicitly note that a lawyer’s practices should continue to evolve as security and confidentiality risks develop. The ethics opinions make clear that, upon accepting a new representation, lawyers should assess security concerns, reasonably inform the client regarding those concern, and—if either the lawyer or the client wishes to proceed with a particular method of communication—obtain the client’s informed consent.
Sara Romine is an associate at Carrington, Coleman, Sloman & Blumenthal, L.L.P. She can be reached at firstname.lastname@example.org.