Proposed Formal Opinion Interim No. 08‑0002 (Confidentiality and Technology)
The State Bar Standing Committee on Professional Responsibility and Conduct (COPRAC) is charged with the task of issuing advisory opinions on the ethical propriety of hypothetical attorney conduct. In accordance with Tab 19, Article 2, Section 6(g) of the State Bar Board Book the Committee shall publish proposed formal opinions for a public comment period of no less than 60 days.
Proposed Formal Opinion Interim No. 08‑0002 considers whether an attorney violates the duties of confidentiality and competence he or she owes to a client by: 1) using a computer to which the organization employing the attorney and its supervisors have access; 2) using computer software to which the software developer has access; or 3) using a public or home wireless connection.
The opinion interprets rules 3-100, 3-110 of the Rules of Professional Conduct of the State Bar of California; and Business and Professions Code sections 6068, subdivision (e)(1).
The opinion digest states: To comply with his or her duties of confidentiality and competence, an attorney must take appropriate steps to evaluate:
- the level of security attendant to the use of a particular technology in the course of representing a client;
- the legal ramifications to a third party who intercepts, accesses or exceeds authorized use of the electronic information;
- the degree of sensitivity of the information;
- the possible impact on the client of an inadvertent disclosure of privileged or confidential information or work product; and
- whether reasonable precautions may be taken when using the technology to increase the level of security.
With regard to use of a computer to which the organization employing the attorney and its supervisors have access, the attorney must consider the purpose of, and limitations on, the access and whether the organization itself or an individual with access may have an interest in the information that is in conflict with the client’s interest. The attorney may need to take precautions to ensure that any interested persons will not be able to access the information or, absent informed client consent, the attorney may need to consider whether he or she can competently represent the client without using the computer in connection with the representation.
With regard to access to confidential information by a software developer, the attorney may use the software as long as the attorney does not have a reason to believe the information will be used improperly. However, he or she may need to discuss the issue with the client to determine appropriate methods of proceeding if the information at issue is highly sensitive or the software developer has an adverse interest in the matter.
With regard to use of a public or home wireless connection, the attorney risks violating his or her duties of confidentiality and competence unless appropriate precautions are taken, such as using an adequate encryption device and a personal firewall. Depending on the situation, including if the information at issue is of a highly sensitive nature, the attorney may need to avoid using the wireless connection entirely, or notify the client of possible risks associated with use of the wireless connection and seek the client’s informed consent to do so. Generally, the attorney should not use an unsecured public wireless connection that does not require a password for access.
At its September 10, 2009 meeting and in accordance with its Rules of Procedure (State Bar Board Book Tab 19, Art. 2, Sec. 6(g)), the State Bar Standing Committee on Professional Responsibility and Conduct tentatively approved Proposed Formal Opinion Interim No. 08‑0002 for a 90‑day public comment distribution.
ANY KNOWN FISCAL/PERSONNEL IMPACT
State Bar Standing Committee on Professional Responsibility and Conduct
January 04, 2010
DIRECT COMMENTS TO:
Office of Professional Competence, Planning and Development
The State Bar of California
180 Howard Street
San Francisco, CA 94105