Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Increasingly, law firms are offering clients protected access to their personal case information over the Internet. The new client services are in response to client expectations — clients expect their attorneys to use the most modern communications technologies, including the Internet. Using the Internet, through the firm’s Web site, to communicate with clients and other attorneys can be fast, efficient and cost-effective. Providing confidential information over the Internet, however, can increase legal liability for the law firm. As of now, courts and bar associations provide little guidance for lawyers facing these new ethical and legal issues. Before initiating any new client offering, attorneys must carefully analyze the nature and elements of their fiduciary obligations to clients. Law firms must initiate new notice, contractual and technical actions to make certain that the Internet information stays sheltered. By undertaking such actions, law firms will be able to mitigate or eliminate their liability in the event a client’s personal information is stolen or inadvertently revealed. ADVANTAGES OF INTERNET CLIENT SERVICES Probably the most obvious advantage to using Web site-based Internet client services is speed. A lawyer, or the lawyer’s agent, can disseminate confidential information quickly and with ease. Internet client services move at the speed of light, while paper communications move at the speed of the U.S. Postal Service. Generally, Internet client services appear at the intended destination within seconds to minutes after a request is made. Moreover, a lawyer can reach large groups of people — clients, co-counsel or opposing counsel — with the same effort as reaching a single person. A team of lawyers working on a litigation project can use Internet client services to keep their clients up to date, or solicit comments — particularly in matters that involve many clients, such as class actions. Clients reap the timesaving benefits as well; with none of the hassle of scheduling a call with an attorney, many client questions can be answered. Another advantage of using Internet client services is cost. Communication via fax and mail are each an order of magnitude more expensive than posting content on an Internet site. In addition, storing e-content transferred from an Internet client services site to a client’s computer is easier and more cost-efficient than storing paper documents, especially for the space-conscious client. A client can store 10 million pages of text for less than $10, should the client desire to have his or her own copy of the Internet client services site content. POTENTIAL LIABILITY The flexibility of Internet client services and the ease-of-use, however, damages a law firm’s ability to protect its client’s confidential information. A law firm is subject to civil liability for an injury caused by any wrongful act or omission of any principal or employee of the firm who was acting in the ordinary course of the firm’s business or with actual authority. Stolen information, including information extracted from an Internet site, is not protected by the attorney-client privilege. The rationale is that the law has granted secrecy so far as its own process goes; clients and attorneys must take sufficient measures to prevent interception by third persons. Thus, in the case of Internet-based data located on the firm’s Web site, the attorney bears the risk of insufficient precautions. This, in turn, gives rise to legal liability — i.e., a suit against the firm by its own client. Once client data is transmitted onto the Internet, as is the case when a client’s request for data from a law firm’s Internet site is honored, it potentially becomes available to third parties. Unencrypted Internet client service content appears in clear text. A system operator or other knowledgeable persons in the system can view clear-text messages when a client “views” his or her personal data via the Internet. Internet communications, including the transaction commonly described as reading content stored on an Internet site, may pass through dozens of computers before reaching its final destination. Each of the systems may be managed and monitored by a different network administrator or system operator and each operator may have a different attitude toward online privacy. Operators can read plain text Internet client services e-content passing through the computers. Furthermore, each of the systems through which the communication passes may be capable of capturing and storing the confidential online communication. Findings of fact in a recent federal district court decision, American Civil Liberties Union v. Reno, 929 F.Supp. 824 (E.D. Pa. 1996), support the view that e-content exchange is not secure. The court pointed out that Visa and MasterCard do not consider the Internet to be sufficiently secure for processing online credit card transactions. Under the Electronic Communications Privacy Act, the reading of e-content messages exchanged over public Internet systems by someone other than the sender or receiver is a felony (18 U.S.C. 2701-05 (1994)). However, reading the e-content exchange may be a legitimate, and even necessary, function of a network system operator monitoring the traffic load on the network to ensure proper functionality. Although interception is illegal and a violation of a federal statute, a lawyer still has a duty to protect his or her client’s secrets, confidences and documents. Accordingly, the criminality of the interception of e-content exchange from a lawyer’s Internet site is not enough to prevent a loss of privilege. Thus, lawyers should consider the possibility of the loss of privilege through illegal e-content exchange interception. Most importantly, and as a general rule, a lawyer cannot trust Internet security and should not use unencrypted Internet client services when security is an issue. As lawyers’ use of Internet client services increases, so too does the risk of inadvertently disclosing privileged electronic communications to a third party. LIMITING LIABILITY Prudent attorneys and law firms purchase liability insurance to help defend against the liabilities associated with offering clients protected access to their personal case information over the Internet. However, law firms must also initiate new client notices, update contracts and take technical action as well. Traditionally, full and proper disclosure combined with strict adherence to applicable ethical rules and legal standards have reduced or eliminated law firm liability. Such action is equally applicable to Internet transactions. Law firms should post notices both in their Internet site terms of use agreements and on each Internet search result transaction that informs clients of the risk their search involves. This will eliminate unreasonable expectations of privacy by the client. Such notices will also reduce or eliminate the possibility of innocent interceptor of client information. Law firms should seek to place the risk of an unsafe Internet site with the Internet site providers. This means executing indemnification and hold-harmless clauses in Internet site provider service contracts. The legal allocation of liability should be assigned to those with control. For example, if a law firm hires a third party to create and run the firm’s Internet site — including client access to personal case information — such Internet service providers should be the optimal target of liability. Such risk shifting is likely to produce a more secure client service. A contractual shift in liability to the Internet service provider is clearly appropriate since they normally have superior technical means to limit third party access to client transactions and the means to reduce the possibility of negligence. Under such risk shifting, the law firm’s service agreement would require the Internet service provider to pay the full cost of harm associated with third party interceptions. Additional risk shifting should also be considered. In particular, the law firm should ask its client for indemnification in exchange for the client service. Law firms should consider using encryption and other technology to protect client information that has been made available on the firm’s Internet site. This may include requiring the client to install new and additional hardware or software. Bick is of counsel to WolfBlock Brach Eichler of Roseland and is an adjunct professor of Internet law at Pace Law School and Rutgers Law School. He is also the author of “101 Things You Need To Know About Internet Law” (Random House 2000).

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.