Many states in the U.S. require attorneys to let clients know if their data has been lost or stolen. That can include emails sent to clients, which often contain potentially damaging confidential information.
One solution for law firms is to encrypt the data on hard drives or portable storage media, and to encrypt outgoing emails.
The Cost of Not Encrypting
With the widespread availability of automated and manual encryption, the civil penalty for failure to notify even one person of a data breach can be more than it costs to encrypt all of your emails for an entire year.
In addition to potential civil liability for failure to encrypt emails, attorneys could also face ethical sanctions. The ABA recently posted a formal opinion warning attorneys about their ethical obligation to protect electronic client data on hard drives and in email.
The ABA indicates that in some situations, it might be sufficient to tell clients they should not use workplace email or even workplace computers to send and receive attorney-client communications.
But it also strongly warns that in some situations, attorneys should go further and encrypt electronic communications. Attorneys must also make sure they comply with the encryption requirements of government agencies as well as other state and federal laws.
Why Encrypt Outgoing Email?
If you use good enough encryption, you can take advantage of "safe harbor" provisions built into some of the data-security laws. And it can help you avoid and win grievances from clients whose emails were breached.
Moreover, the proliferation of mobile smart phones and tablet computers make it much easier for someone to access an email you send to a client, even when they are not at work. You simply can't warn clients about every potential problem anymore. And, your staff probably communicates directly with clients, leaving open even more room for damage.
It might just be better to encrypt all outgoing emails to clients automatically.
The Good News: Encryption is Affordable
Desktop and cloud-based encryption services have dropped in price, are easy to use, and are secure. The price per seat can be well under $100 per year, which is a small price to avoid stiff civil fines and career-damaging grievances. It can also tell your clients that their personal information is safe with you. Some of these services don't even require them to store multiple encryption keys.
Greenview Data's Hosted Email Encryption technology is so good, it's used by healthcare providers who must comply with HIPAA/HI-TECH and by financial, accounting and law firms.
Disclaimer: The information provided here is not intended to be legal advice, but merely conveys general information related to technology issues that are in the news; and does not create an attorney-client relationship. If you need legal advice, speak to a qualified attorney.