Importantly, the obligation carries on after the attorney-client relationship has ended. It can include everything from the identity of a client to the termination of the relationship and everything in between.
In light of the obligations imposed by Rule 1.6, combined with the increased risk associated with social media and other technology, law firms should adopt and implement effective protocols, practices and procedures specifically addressed to maintain client confidences and secrets.
To be clear, attorneys do not need protocols, practices and procedures for maintaining client confidences and secrets so that they themselves will do so. The Rules and Regulations of the State Bar of Georgia already mandate that conduct. Instead, because attorneys are charged with making sure that others employed by the law firm maintain client confidences and secrets, the protocols, practices and procedures ensure that both employees who are members of the bar as well as those who are not understand the obligation.
There is no substitute for adopting and communicating to employees the steps for maintaining client confidences and secrets. Effective protocols, practices and procedures should be in writing and should be communicated regularly to every employee of the practice.
Generally, there are three zones for maintaining client confidences and secrets: documents, oral communications and electronic information. Each presents its own challenges, and the steps for preserving confidences and secrets will vary depending on the size, nature and type of practice.
Documents generated during the course of a representation often contain sensitive client information. All law practices should have a protocol for addressing the various categories of documents, including financial documents (such as billing records), file documents (generated during the course of the representation), and other related documents that might not be client specific.
In addressing these categories, consider document maintenance, retention and destruction protocols. For document maintenance, reasonable steps should be taken to assure that confidential files are kept in secured areas that are not publicly accessible. In practical terms, this means that files should not be kept in conference rooms, lobby areas, hallways utilized by non-employees, or other areas that are not segregated and secure.
Document retention policies should be confirmed in writing, including the method, duration and place of retention. The best practices advise clients at the outset (in the engagement letter or the fee contract) of the document retention rules, including specifically any policies regarding originals, the right of the client to the documents, and the notification procedures that will be followed regarding the ultimate disposition of the documents.
Document destruction policies should also be confirmed in writing. The most important component of such a policy is uniformity. Document destruction should not vary according to indefinite rules that are applied on an ad hoc basis or at the discretion of an attorney or other employee. Such rules inevitably invite heightened scrutiny when the file destroyed happens to involve a matter in dispute. The safer course is to have uniform rules regarding the length of time that documents will be maintained prior to destruction, and the notifications to clients that will be provided before a client document is destroyed.
Communications about client matters outside of the law office should be discouraged unless it occurs in the course of providing legal services. Clients expect that their business is confidential and attorneys should work hard to make sure it stays that way.