Is It Safe to Email Your Clients Sensitive Data?

Many months ago, I had a foreign national ask me if it was “safe” to email his documents to his prospective employer’s immigration attorney so that the attorney could process and prepare his case. He asked me this question in a public forum and in wanting to understand his definition of “safe,” I posed the following two questions: 1. By safe, did he mean to ask if it was okay to email documents to a professional that had been introduced to him by his prospective employer but whom he had never met? Sure! In fact, this is a fairly standard operating procedure for many law offices. But I suspected maybe the true nature of his question was the next one: 2. What security risks does a foreign national take when emailing sensitive, private, personally identifiable documents to his prospective employer’s immigration attorney?

This is where the answer would get interesting! No matter the size of the law office or legal organization, the duty to maintain your client’s confidences is fundamental to the client-attorney relationship. The duty to employ technology that is secure, safe and instills confidence in your clients is also very achievable.

In fact, I wasn’t alone in my thinking. The prior month, the American Bar Association (ABA) released its Formal Opinion 11-459, entitled, “Duty to Protect the Confidentiality of E-mail Communications.” This opinion focused more on an attorney’s ethical obligation to warn a client whom they know or reasonably should know might have their communications read by a third party as a result of using a company-supplied email address. Still, the opinion reminded all attorneys of the need to “consult with clients on the mode of transmitting highly sensitive information relating to the clients’ representation,” a matter than had been raised over a decade ago. (See ABA Op. 99-413, 1999.)

Where does that leave an immigration attorney?

I told the foreign national that a responsible attorney should utilize a secure, encrypted method for allowing his or her client to upload and download highly sensitive data, rather than just relying on good-ole fashioned email. (After all, we are talking about passports, birth documents, marriage documents, tax documents, etc.) Why go through all that trouble instead of regular email? Because the technology already exists! Yes, the technology for a practitioner (and his staff and clients) to communicate in an internally robust messaging system where you can message multiple individuals, grant them access to view, upload and download sensitive data, all in one organized record retention system already exists! The transmission and retention of the information stays within the confines of your organization’s private and secured database. It’s like your own Facebook universe, but just for your law firm and your clients. You can do all that without having to rely on an external emailing system. (It also conforms to ABA formal opinion recommendations, as well as other state legal ethics rules.) The benefits of this non e-mail based communication are many. Removed from the equation is the added responsibility of compiling and compartmentalizing external communications that are received through systems like Outlook. Beyond data security and client confidentiality, it is a comprehensive docketing tool for case management. Communications in this system are automatically cataloged in each foreign national’s secure online record. This way, practitioners can leverage this technology to increase the free flow of information with their clients and colleagues yet still maintain confidentiality. Technology so cutting-edge we called it EDGE.

The funny thing about a public forum is that after extolling the virtues of a secure solution (I didn’t name names), I still had naysayers chime in voicing their preference to stick with email as their modus operandi. This was and still is surprising to me. Technology will continue to progress but so too will the hackers, thieves and the “third party” interceptors. I’d like to think we (the collective we) should be looking out for our clients’ best interests? (At least, I think Greg Smith would agree with me on this.)