Adopted November 14, 1992; revised July 2018
CBA Ethics Committee
In recent years, there have been significant advances in communications technology. In addition, the cost of many modern communications methods and devices has been decreasing such that the use of email and of smartphones and other hand-held devices to communicate has become commonplace. It can be expected that new and improved communications methods and devices will continue to be developed. A lawyer’s use of these communications methods and devices carries the increased risk of inadvertent or unauthorized disclosure of information relating to the representation of a client. Therefore, lawyers must be mindful of their duty under Rule 1.6 of the Colorado Rules of Professional Conduct (Colo. RPC) “to make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
Summary of Opinion
A lawyer’s duty to make reasonable efforts to prevent misuse of client information extends to the exercise of reasonable care when selecting and using communications methods and devices.
One of the most basic and time-honored precepts of the practice of law is that communications between a lawyer and a client are confidential. Colo. RPC 1.6, cmt. . It necessarily follows that a lawyer has a duty to use reasonable efforts to protect the confidentiality of such communications from inadvertent or unauthorized disclosure, or unauthorized access; this duty is codified in Colo. RPC 1.6(c), which states: “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Comment  to Colo. RPC 1.6 explains: “The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure.” The comment adds:
Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).
Ever-increasing varieties of communications methods and devices are available for a lawyer’s use, such as cloud-based email and smartphones. It is reasonable to expect that, in the future, there will continue to be technological advances that will both facilitate the communication of information and increase the possibility of inadvertent or unauthorized disclosure of, or unauthorized access to, such communications, as well as technological advances that will enhance a lawyer’s ability to protect against such disclosure.
For instance, emails are now in widespread use. The American Bar Association Standing Committee on Ethics and Professional Responsibility (the ABA Standing Committee) has determined that using unencrypted email for professional correspondence is acceptable because it poses no greater risks than other communication modes that lawyers commonly use. ABA Comm. on Ethics and Prof. Resp., Formal Op. 99-413, “Protecting...