Skip to main content
PRINT EDITION

Client Confidentiality as Data Security

By October 1, 2024November 23rd, 2024No Comments

Abstract: The duty of confidentiality has been a cornerstone of the attorney-client relationship for more than four centuries. Historically, this duty was not difficult to discharge. All a lawyer had to do to comply was not affirmatively share client information in public without consent. But that has all changed. The same technologies that provide unprecedented benefits of authorized access by lawyers and their clients create unprecedented risks of unauthorized access by others. As a result, although the duty of confidentiality was once synonymous with a duty to keep client confidences secret, today the duty necessitates that lawyers keep client confidences secure as well.

This critical shift did not go entirely unnoticed by the legal profession. In 2012, the American Bar Association adopted Model Rule of Professional Conduct 1.6(c) which requires lawyers to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to,” client confidences. This new rule had good intentions and was eventually adopted in some form by every state bar. Yet it has proven ineffective at protecting clients and difficult, if not impossible, to execute for lawyers. Worse, in the more than a decade since its adoption there has not been a single published disciplinary action for violating this duty in the digital context. Not one.

After telling the story of the legal profession’s adoption of a duty of data security and the shortcomings with the current approach to that duty, this Article seeks to outline its next chapter. Specifically, it argues that the lawyer’s duty of data security should not focus exclusively on the regulation of technological safeguards to prevent breaches and should focus instead on regulating the processes that lawyers must take to mitigate harm from potential breaches and the people that lawyers must consult when making data security decisions. This approach draws inspiration not only from professional responsibility scholarship but also from data security best practices from outside the legal profession that can help guide lawyers, protect clients, and incentivize enforcement by state bars despite constant technological innovation.

Download the Full Article

Other Articles from WLR Print Edition

March 1, 2025 in PRINT EDITION

What’s Important to Write About? A Century of Washington Law Review Topics

Abstract: This Article examines the topics of all lead articles in Washington Law Review during its past ninety-eight years of publication. The analysis illustrates the changing interests of legal academics,…
Read More
March 1, 2025 in PRINT EDITION

Tenant Rights Deserve Consumer Protections: The Case for Overturning State v. Schwab

Abstract: Tenancy is a precarious housing arrangement—tenants do not own their homes yet depend on housing stability as a foundation for engaging in almost all aspects of life. For more…
Read More
March 1, 2025 in PRINT EDITION

Washington’s Implementation of Legalized Cannabis: A Model for Other States and the Federal Government

Abstract: This Article examines the process and outcomes of cannabis legalization in Washington State, offering insights for other states and potential federal legalization schemes. It begins with an overview of…
Read More