Is Emailing Confidential Information a Safe Practice for Attorneys?, 0518 COBJ, Vol. 47, No. 7 Pg. 18

Position:Vol. 47, 7 [Page 18]

47 Colo.Law. 18

Is Emailing Confidential Information a Safe Practice for Attorneys?

Vol. 47, No. 7 [Page 18]

The Colorado Lawyer

May, 2018



As technology becomes increasingly complicated and integrated into how we communicate, the rules governing its use must adapt accordingly. Attorneys are held to several ethical and legal obligations when it comes to protecting their clients’ data. Most notably, Colorado Rule of Professional Conduct 1.6(c) states that “[a] lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Because this data is often communicated via email and through the Internet, those within the legal community are held to the highest standards of cybersecurity and discretion when it comes to handling data breaches and cyber events. Unfortunately, though, some attorneys seem to believe that the word “reasonable” allows for a fairly low standard.

The Problem with Email Disclaimers

In my experience, the majority of lawyers depends on the confidentiality statement in their email messages to protect them from data breaches or errant emails. Many have confidentiality notices that read something like: “The information contained in this electronic transmission (including attachments) may contain confidential information. If you are not the intended recipient, please contact the sender and destroy all copies of this communication.” This seems like enough, right? We’re only human after all, and other methods like encryption or secure portals seem cumbersome.

That line of thinking is absolutely wrong. Attorneys are strongly obligated to protect their clients’ data, and email disclaimers actually do very little, if anything, to protect the data contained in email communications. At best, they are a feeble attempt to shift blame from the errant sender to the unwilling accidental recipient. They do nothing for the clients whose information is compromised, and they often jumble together “confidential” and “privileged” as interchangeable notions. Confidentiality is an...

To continue reading