Skip to main content
PRINT EDITION

Client Confidentiality as Data Security

By October 1, 2024November 23rd, 2024No Comments

Abstract: The duty of confidentiality has been a cornerstone of the attorney-client relationship for more than four centuries. Historically, this duty was not difficult to discharge. All a lawyer had to do to comply was not affirmatively share client information in public without consent. But that has all changed. The same technologies that provide unprecedented benefits of authorized access by lawyers and their clients create unprecedented risks of unauthorized access by others. As a result, although the duty of confidentiality was once synonymous with a duty to keep client confidences secret, today the duty necessitates that lawyers keep client confidences secure as well.

This critical shift did not go entirely unnoticed by the legal profession. In 2012, the American Bar Association adopted Model Rule of Professional Conduct 1.6(c) which requires lawyers to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to,” client confidences. This new rule had good intentions and was eventually adopted in some form by every state bar. Yet it has proven ineffective at protecting clients and difficult, if not impossible, to execute for lawyers. Worse, in the more than a decade since its adoption there has not been a single published disciplinary action for violating this duty in the digital context. Not one.

After telling the story of the legal profession’s adoption of a duty of data security and the shortcomings with the current approach to that duty, this Article seeks to outline its next chapter. Specifically, it argues that the lawyer’s duty of data security should not focus exclusively on the regulation of technological safeguards to prevent breaches and should focus instead on regulating the processes that lawyers must take to mitigate harm from potential breaches and the people that lawyers must consult when making data security decisions. This approach draws inspiration not only from professional responsibility scholarship but also from data security best practices from outside the legal profession that can help guide lawyers, protect clients, and incentivize enforcement by state bars despite constant technological innovation.

Download the Full Article

Other Articles from WLR Print Edition

June 1, 2025 in PRINT EDITION

Under the Umbrella of Water Law: Why Rainwater Harvesting Should Constitute a Valid Water Right Authors

Abstract: Rain is a major source of water. It provides for our greatest needs, such as feeding our gardens, crops, rivers, and lakes. As global climate change continues to unfold,…
Read More
June 1, 2025 in PRINT EDITION

Why Medicaid Is Addressing Homelessness with Section 1115 Waivers: A Critical Examination of the United States’ Federalist Mental Health System

Abstract: Housing and health care are deeply interconnected, and their systemic relationship profoundly affects individual and societal well-being. Inadequate funding has undermined the American mental health system for decades, leading…
Read More
June 1, 2025 in PRINT EDITION

A Right to Repress: IPEC v Inslee and the Parental Right to Determine the Gender of a Child

Abstract: Do parents have a constitutional right to determine their child’s gender? No court has held that they do, but that assumption was the basis of a challenge brought in…
Read More