Lawyers Have a Duty to Protect Client Information Stored on Smartphones
Updated: Nov 15, 2022
What do a computer virus and a smartphone app have in common? They want to spread themselves to as many people as possible. What is the difference between a computer virus and a smartphone app? A smartphone app can only be sent to another person if the user consents.
Giving consent means you agree to allow information from one application to be sent to another. The receiving application can do any number of things, from seeing if your contacts also use the application, giving you a chance to connect with them, to sending your contacts an invite to download the application for themselves.
For most people, the worst that can happen when you give consent is that your friends may be mad you have contributed to the amount of spam they receive on a daily basis. However, for attorneys, the consequences of giving consent to a smartphone app can be far more severe than an angry email from a friend.
Since smartphones and social media have become ubiquitous, the law has been playing catch up, leaving judges to interpret laws that have been on the books for decades to fit brand-new technologies.
Besides the law, the ever-changing landscape of smartphones and social apps means we are more connected with each other now than ever. In fields such as the law, where privacy and confidentiality are vital, a simple click of the mouse or swipe of the finger can lead to an accidental exposure that can cause a serious issue for an attorney or client.
The New York State Bar Association Committee on Professional Ethics has released Ethics Opinion 1240, which states that it is an attorney’s duty under New York Bar Association Rule 1.6 to protect client information stored as contacts on smartphones. In the committee’s opinion released on April 8, 2022, paragraph 3 states:
Rule 1.6(c) of the New York Rules of Professional Conduct requires a lawyer to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure or use of, or unauthorized access to” the confidential information of current, former and prospective clients […].
Paragraph 4 of the same opinion continues:
“Rule 1.6(c) has been interpreted to require a lawyer to take reasonable care to protect clients’ confidential information when carrying electronic devices containing such information across the border […], when using an online storage provider to store clients’ confidential information […], and when sending emails containing confidential information […].
There is no doubt that today’s technologies, including smartphones, give us unprecedented convenience. Whenever we want to interact with the world, all we have to do is say the wake word for whatever device we use. For Alexa, you can even change the wake word to “Computer,” so we can all feel like Captain Kirk on the Starship Enterprise.
However, with the convenience of a fully interactive system comes the risk of having your information hacked and stolen. For example, on your smartphone, a careless agreement to an unread End User License Agreement or agreeing to grant an app access to your contacts can cause private, confidential, and potentially embarrassing information to be made public. Even if you correct your mistake, with the internet, once information is made public, it is nearly impossible to have it thoroughly scrubbed from public view.
Even without opinion 1240, it is a good idea to go through your smartphone and apps to ensure you are not sharing information you do not want to be public. With 1240, it is now our professional, ethical obligation to do so.