Daily Report
ALM Properties, Inc.
Page printed from: Daily Report

Back to Article

Select 'Print' in your browser menu to print this document.

Maintaining client confidences

J. Randolph Evans and Shari L. Klevens

Daily Report

11-27-2012


Attorneys must maintain client confidences and secrets. While obvious, this is one of the most often overlooked obligations attorneys have. Yet the consequences for violating this obligation are no less serious.

The State Bar of Georgia can discipline an attorney for the failure to maintain client confidences and secrets, or for the failure to ensure that others for whom the attorney has supervisory responsibility maintain client confidences and secrets.

Independently, attorneys can face a legal malpractice claim for their failure to maintain client confidences and secrets. The standard of skill, care, prudence and diligence by attorneys practicing law in the State of Georgia includes adequate care to protect client confidences and secrets.

Proximately caused damages for the failure to protect client confidences and secrets range significantly. Victims of domestic abuse whose attorneys disclosed their identities and businesses whose trade secrets were not adequately protected can assert claims, among many others.

The challenges for attorneys in the modern world to protect client confidences and secrets have never been greater. In the past, special care had to be taken to make sure that attorneys and employees understood the risks of innocent elevator talk or casual conversation. As legal malpractice suits illustrate, loose lips can sink ships—including business deals, settlements, cases and negotiations.

Those risks pale in comparison to the risks of the modern world of Facebook, Twitter and Internet search tools. Worse yet, data security is an increasingly important issue for law firms, as it is in other industries.

An estimated 80 major law firms fell victim to cyber-attacks during 2011 alone. For example, hackers have gained access to law firms' networks in an attempt to thwart clients' business deals. Evidence suggests that hackers targeting certain corporations may attempt to gain access to the corporations' information through their outside law firms' networks because they often find them easier to penetrate.

The prospect of a data breach is horrific and could have catastrophic consequences for the clients whose confidential information has been compromised.

These risks require attorneys and law firms to take a fresh look at the protocols, practices and procedures for the protection of client confidences and secrets.

The starting point is to understand that "confidences and secrets" involve much more than just information protected by the attorney-client privilege or the work product doctrine. Instead, the scope of Rule 1.6 of the Rules and Regulations of the State Bar of Georgia extends to "all information gained in the professional relationship with a client, including information which the client has requested to be held inviolate or the disclosure of which would be embarrassing or would likely be detrimental to the client, unless the client gives informed consent."

Importantly, the obligation carries on after the attorney-client relationship has ended. It can include everything from the identity of a client to the termination of the relationship and everything in between.

In light of the obligations imposed by Rule 1.6, combined with the increased risk associated with social media and other technology, law firms should adopt and implement effective protocols, practices and procedures specifically addressed to maintain client confidences and secrets.

To be clear, attorneys do not need protocols, practices and procedures for maintaining client confidences and secrets so that they themselves will do so. The Rules and Regulations of the State Bar of Georgia already mandate that conduct. Instead, because attorneys are charged with making sure that others employed by the law firm maintain client confidences and secrets, the protocols, practices and procedures ensure that both employees who are members of the bar as well as those who are not understand the obligation.

There is no substitute for adopting and communicating to employees the steps for maintaining client confidences and secrets. Effective protocols, practices and procedures should be in writing and should be communicated regularly to every employee of the practice.

Generally, there are three zones for maintaining client confidences and secrets: documents, oral communications and electronic information. Each presents its own challenges, and the steps for preserving confidences and secrets will vary depending on the size, nature and type of practice.

Documents

Documents generated during the course of a representation often contain sensitive client information. All law practices should have a protocol for addressing the various categories of documents, including financial documents (such as billing records), file documents (generated during the course of the representation), and other related documents that might not be client specific.

In addressing these categories, consider document maintenance, retention and destruction protocols. For document maintenance, reasonable steps should be taken to assure that confidential files are kept in secured areas that are not publicly accessible. In practical terms, this means that files should not be kept in conference rooms, lobby areas, hallways utilized by non-employees, or other areas that are not segregated and secure.

Document retention policies should be confirmed in writing, including the method, duration and place of retention. The best practices advise clients at the outset (in the engagement letter or the fee contract) of the document retention rules, including specifically any policies regarding originals, the right of the client to the documents, and the notification procedures that will be followed regarding the ultimate disposition of the documents.

Document destruction policies should also be confirmed in writing. The most important component of such a policy is uniformity. Document destruction should not vary according to indefinite rules that are applied on an ad hoc basis or at the discretion of an attorney or other employee. Such rules inevitably invite heightened scrutiny when the file destroyed happens to involve a matter in dispute. The safer course is to have uniform rules regarding the length of time that documents will be maintained prior to destruction, and the notifications to clients that will be provided before a client document is destroyed.

Oral Communications

Communications about client matters outside of the law office should be discouraged unless it occurs in the course of providing legal services. Clients expect that their business is confidential and attorneys should work hard to make sure it stays that way.

Effective risk management includes training for law firm personnel regarding the importance of maintaining client confidences and secrets as well as the potential consequences for failing to do so. Examples of situations in which the issue may arise, such as inquiries from outside the office, are helpful in defining the boundaries and explaining how to handle various situations. Just trusting employees to know what the boundaries are is too risky.

Leading by example is important. Attorneys who routinely discuss confidential matters with others without regard for secrecy should not be surprised when others in the law firm do the same. The best strategy is to adopt a strict confidentiality standard and then follow it.

Electronic information

In today's high-tech world, there is no substitute for adequate security protocols prepared by professionals. Regardless of whether the practice is a solo practitioner or a large law firm, clients expect that adequate security protocols exist to protect their information. This means that computer systems and Internet access need to be secure. Unsecure access for ease of use is no longer an option.

Following these steps will ensure that client confidences and secrets are properly maintained.

J. Randolph Evans and Shari L. Klevens are the authors of Georgia Legal Malpractice Law, published by Daily Report Books. J. randolph evans is a partner in McKenna Long & Aldridge's Atlanta office, where he is the chairman of the financial institutions practice. shari L. klevens is a partner in McKenna Long & Aldridge's Washington office and is the managing chairwoman of the firm's law firm defense practice.