6 helpful strategies to safeguard privileged and confidential information in a digital legal environment

In today's fast-paced digital landscape, law firms increasingly rely on electronic communications for their day-to-day operations. Understanding and differentiating between "privileged communication" and "confidential communication" has become more critical than ever. Electronic communications are easily shared, putting them at high risk for mishandling and sabotage. As discussed below, the consequences can be dire – including erosion of the attorney-client relationship, reputational harm, and distinct disadvantages in litigation.

As a former litigator, that last point is particularly chilling. Not only is inadvertent disclosure of attorney-client privileged information easier to achieve in the electronic age, but the ramifications of such disclosure can be far more significant. As such, I believe privileged communications – more than anything else – must be safeguarded with near perfection. If you don’t believe me, consider the scenarios below.

Before we get to that, however, let’s explore the subtle but essential differences between privileged and confidential information. Afterward, we’ll talk about what can happen when highly sensitive information does escape. We’ll then wrap up by discussing some of the best security measures and protocols you an follow to protect your clients’ information in this constantly evolving digital world.

Privileged communication vs. confidential communications: the same or different?

Within legal circles, the unified phrase “privileged and confidential” is used so frequently that it's easy to forget these are two distinct principles. So, before discussing how to protect both kinds of information in the digital age, let’s first take a brief refresher course on the differences and similarities between the two.

Privileged communications

The attorney-client privilege protects confidential communications between an attorney and their client from compelled disclosure in a legal setting, such as a trial or other quasi-judicial proceeding. To safeguard these communications, they must relate to the subject matter of the representation. The privilege extends to all forms of communication, including conversations, emails, texts, and the like. 

Note, however, that for the privilege to attach, it must involve legal advice the attorney gives to the client. By way of example, if an attorney represents a client being sued for negligence, any private communications about the case are privileged. If, on the other hand, those two individuals discuss their golf scores during a meeting, that information is not privileged (you’ve been warned). 

The rationale behind this privilege is to promote open and honest dialogue between clients and their legal representatives. Knowing that their discussions cannot be used as evidence against them, clients are likely to be unabashedly honest, giving their attorneys all the necessary information to represent them effectively.

There are some exceptions, however. For instance, as the privilege holder, the client can waive it. The privilege may also be waived if a communication is forwarded to third parties not essential to the protected attorney-client relationship or the client discloses the privileged information to someone else. 

Among other things, this means that both lawyers and clients must be meticulously careful about who is privy to their privileged electronic communications. Let’s say, for example, that an attorney sends her client a text discussing a harmful document in litigation. The client then forwarded that email to his nephew, who attends law school but is not licensed and has no formal connection to the case. That’s easy (and perhaps understandable) to do, right?

Unfortunately, that seemingly harmless act could constitute a waiver of the attorney-client privilege concerning the subject matter of the underlying text. Let that sink in for a moment.

Confidential communications: a broader ethical duty

While all attorney-client privileged communications are confidential, the reverse is invalid: not all confidential communications are privileged. The concept of confidentiality is broader and extends to almost all information related to the representation of a client. This information includes everything from the substantive details of a case to minor facts like a client's contact information or the fact that an individual sought legal counsel in the first place.

Confidentiality is an ethical duty that binds attorneys. Even if a piece of information isn't privileged, an attorney might still be ethically barred from revealing it outside of specific circumstances. This duty also ensures that clients can trust their lawyers – but it is not absolute. 

While each state has its own ethical rules concerning confidentiality, all have carve-outs, such as when the attorney must reveal the information “to prevent the client from committing a crime or fraud.” (ABA Model Rule 1.6(b)(2).) Thus, it is paramount that both you and your client understand the specific rules (and exceptions) at play in your state.

Navigating the intersection between privilege and confidentiality

Given the overlapping nature of privileged and confidential communications, it can be challenging to discern one from the other in practice. Consider this scenario: A client tells an attorney about past wrongdoings during a consultation, seeking advice on potential legal implications. This discussion is both privileged (protected from disclosure in court) and confidential (the attorney cannot disclose it to others absent a specific exception).

However, suppose the same client casually mentions, during a social gathering (and not in the course of seeking legal advice), that they once considered filing for bankruptcy. In that case, that piece of information remains confidential. The attorney cannot share it with others, but it might not be protected as a privileged communication if it comes up in court.

Further examples:

• A client discussing a business strategy with their attorney is a privileged communication. However, the attorney seeing the client at a restaurant and keeping that meeting secret is a matter of confidentiality, not privilege.
• Email communications between an attorney and a client discussing a case are privileged. Yet, the fact that the client visited the attorney's office, absent any conversation content, remains confidential but not necessarily privileged. 

This differentiation could be necessary where, for example, the timing of the client’s first visit with a lawyer damages the client’s position in later litigation. In some circumstances, the lawyer might be compelled to testify about the timing of that first meeting. Absent exceptional circumstances, however, the lawyer would not be required to testify as to the privileged discussions that occurred in that meeting. 

Why understanding the differences between “privileged” and “confidential” is more critical in the digital landscape

In today's tech-reliant environment, understanding the distinction between "confidential" information and "attorney-client privileged" information is more critical than ever. To illustrate this point, recall what we just discussed. While nearly all information a lawyer possesses about a client is deemed confidential, only specific communications relating directly to legal advice or representation enjoy the shield of privilege protection. 

When I was still practicing, it was the electronic disclosure of that privileged information that used to keep me up at night. The privilege, after all, keeps a client from having to disclose covered communications in a court of law. 

In certain circumstances, even an inadvertent disclosure will constitute a waiver of the privilege – not only for that particular piece of information but all related communications (a “subject matter waiver”). This slip-up can devastate a client’s position in litigation, where previously protected information could now be admitted as damaging evidence. 

Imagine that your client, a business owner, has been sued for sexual harassment. In the early days of your representation, you exchanged extensive email communications with the client about any prior sexual misconduct allegations against him. 

The client eventually admits that this is the third employee who has threatened suit but that he made all the other allegations “disappear with a big check and a non-disclosure agreement.” You reply to that email with a text that says, “I’m not sure our plaintiff will respond to a settlement offer in the same way your past employees did.” Your client forwards your text to his friend/bookkeeper with the message, “How much money do we have to spend on this case?” 

In the three seconds that it took your client to forward your text, he may have just opened the floodgates for the plaintiff to discover all of your formerly privileged communications on the subject of prior sexual misconduct allegations. Worst of all, your client’s waiver of the privilege overrides your ethical duty to keep this information confidential. 

It’s no wonder so many litigators develop heartburn from thinking about how quickly and mindlessly the privilege can be destroyed. In our scenario, even though it was the client who caused the waiver, the situation remains potentially damaging to the attorney's professional reputation. 

For example, what if the press released a story with the headline “Billionaire loses sexual harassment case after texts and emails with the attorney are admitted at trial?” Despite who was at fault for destroying the privilege, this kind of press would almost certainly result in lost business and harm to the attorney's standing in the legal community. 

That’s why the digital age, with its convenience and speed, requires an extra layer of vigilance from legal professionals to ensure that privileged information remains uncompromised.

Maintaining confidentiality and privilege in the digital age

So, let’s talk about ways to protect this quickly disseminated information. We all know that the promise of digital tools and platforms – efficiency, accessibility, and innovation – beckons enticingly. But in their shadows lurk challenges that could compromise data privacy, client confidentiality, and the attorney-client privilege. 

Thus, it is pivotal for legal practitioners to devise practical strategies for keeping these foundational pillars intact. Let’s dive a bit deeper into this modern maze by identifying potential issues and then providing strategies to ensure the protection of digitally transmitted information.

1. Prioritize client education

Since your clients are the sole owners of the attorney-client privilege, their decisions about whom to share digital information with are especially critical. The nightmare scenario discussed above is a perfect example of how easily a client can destroy the privileged or confidential nature of communications in the digital age. As the attorney, you need to make sure your clients understand all of the simple things they can do electronically to jeopardize their case. 

Moreover, even the most sophisticated clients may not always understand the complexities surrounding the security offerings of different communication channels – nor do they always appreciate the full ramifications that ensue when sensitive information is released. 

Strategy: Make client education an integral part of your onboarding process. Guide them on how their electronic habits could impact your ability to protect privileged and confidential information. Ensure they use secure communication methods, emphasizing the importance of digital security tools. 

2. Opportunity meets responsibility

The allure of modern legal practice tools is undeniable. They promise faster communication, organized case management, and even predictive analytics. For every advantage, however, there's a lurking risk of data breaches, unauthorized access, and potential misuse.

Strategy: Before integrating any new tool or platform, conduct comprehensive research and seek references from other law firms that have successfully used those tools. Understand who developed the tools and why, read online reviews, and assess security protocols. A digital tool should not just be new; it should be necessary and secure.

3. Encryption

In simple terms, encryption is a manner of altering text so that unintended recipients cannot decipher the plain words that have been exchanged. In today's digital environment, encryption is not an option; it's a mandate. Whether it's client communications, case details, firm files, or internal team discussions, the data's sanctity relies on proper encryption. 

Strategy: Choose platforms that utilize end-to-end encryption. There needs to be more than just using those platforms, however. Users must proactively update software regularly, as many updates address security vulnerabilities. Make sure everyone on your team understands encryption's importance and remains vigilant about avoiding unencrypted forms of communication.

4. Guidelines and audits

While digital platforms have made communication more straightforward, accessible, and secure, they've also introduced ambiguity regarding protecting these communications. Not every email, message, or video call is automatically secured by the attorney-client privilege – especially for those who have a habit of “cc’ing” or “bcc’ing” others on every communication. 

For example, while it may be acceptable to cc an attorney’s administrative assistant on a privileged email (if maintaining the confidentiality of such emails is part of the assistant’s known and regular duties for the firm), it may not be okay to cc the client’s administrative assistant – particularly if the email pertains to litigation regarding other of the client’s employees.

Your guidelines should also address how the firm’s attorneys treat the sensitive information they receive. Arguably, if an attorney forwards this type of information to his home email address – especially one that other household members regularly access – he may be jeopardizing the sanctity of the client’s information.

Strategy: Develop clear internal guidelines delineating the boundaries of privileged communication in the digital realm. Guidelines should include physically typing out each email recipient’s full email address (every time) so that auto-fill capabilities don’t allow sensitive information to get into the wrong hands and not forward sensitive client information to personal email addresses. Then, ensure that these guidelines are not only documented but are ingrained in the team's modus operandi. Regular audits can help reinforce these practices.

5. Continuous learning

Let’s face it: technology is dynamic. As tools evolve, so do the threats they may pose. It’s crucial to ensure that your entire firm, from IT professionals to partners to interns, is updated on the latest protocols and risks. 

Remember, since 2012, the ABA model rules have required that lawyers remain educated about the latest advancements in legal technology. Most state rules now have a similar requirement. Thus, failing to engage in relevant learning opportunities is not only unwise, it may violate your ethical duties as an attorney.

Strategy: Invest in continuous learning. Learning opportunities entail hosting workshops, paying for online courses, or having key personnel attend relevant conferences. Reputable vendors will offer regular training opportunities – take advantage of them. Encourage a culture of curiosity and learning (as well as a dose of healthy fear) to make sure everyone on your team stays knowledgeable about the latest in legal tech and its implications. 

6. Navigating ethical gray zones

Digital innovations often outpace the evolution of legal guidelines. Consequently, current rules may require clear direction, and the ethical compass becomes blurred. 

For example, what do your lawyers do when they need to email a client but know that the client’s emails are typically reviewed by her secretary before being printed and handed over? (The answer, of course, lies in the onboarding education you provide to clients at the outset of the representation. Make sure all attorneys in the firm are complying with this critical aspect of client education.)

‍

Strategy: Organize regular ethical deliberation sessions to discuss and debate potential dilemmas arising from digital tools. Encouraging such open conversations can lead to collective decision-making aimed at fiercely protecting privileged and confidential information. Before these discussions, ask your colleagues to read recent resources focusing on the intersection of law, technology, and ethics, so you have a starting point for focused discussions.

‍

The digital universe continues to offer a promising future for the legal profession. New technologies hit our industry every day. From sophisticated offerings like artificial intelligence to simple platforms like social media, every advancement carries a further risk that the sanctity of privileged and confidential information will be compromised.

If law firms don’t approach this new frontier with a blend of caution, curiosity, and commitment, they may not be able to uphold the ethical traditions that define the profession. It’s up to us to devise new strategies for this new world. Are you up to the challenge?

‍