Client confidentiality is a core tenet of the legal profession. Clients need to trust that whatever they share with their solicitor stays between the two of them. Otherwise, why would they share sensitive information?
This makes perfect sense. Unfortunately, however, maintaining client confidentiality can be easier said than done.
Cyber attacks on law firms are increasing. Even the tightest-lipped solicitors are at risk of confidentiality breaches—unless they take the appropriate precautions. Such slip-ups can be incredibly damaging.
Not only do breaches erode trust between clients and their lawyers, but they can also negatively impact cases, ruin a firm’s reputation, and see solicitors land in hot water.
Let’s examine client confidentiality in more detail, analysing what information lawyers do and don’t need to keep confidential, client confidentiality in the information age, how lawyers can safeguard up their clients’ sensitive information, and explaining why it’s best not to go overboard.
What information do lawyers need to keep confidential?
Lawyers have a duty of confidentiality, which applies to all confidential information they acquire about a client’s matters. This is known as lawyer professional privilege (LPP).
As the Solicitors Regulation Authority (SRA) puts it, solicitors must “keep the affairs of current and former clients confidential unless disclosure is required or permitted by law or the client consents.”
This confidentiality still applies even after a solicitor has stopped working for a client. Indeed, even if a client dies, then the right to confidentiality passes to the former client’s personal representatives.
What doesn’t need to be confidential?
Confidentiality applies to all information regarding the retainer in which a firm is instructed. In other words, not all information.
Imagine you’re walking out of court and your client steals a passer-by’s handbag. In this event, providing information regarding the theft wouldn’t breach your duty of confidentiality, as it’s unrelated to the matter on which you were originally advising.
What’s more, LPP doesn’t apply to communications that are made with the intention of the client committing a crime or a fraud. In other words, if a client tells you they’re planning to commit a crime, you should feel no pressure to withhold this information from the authorities.
Client confidentiality in the information age
More information gets shared on social media and via apps each day. Every day:
- WhatsApp users send 100 billion messages
- Twitter users send over 500 million tweets
- Instagram users post 95 million photos
If you’re a lawyer, you need to take extra care when using social media. There are plenty of ways your tweets or posts could inadvertently breach client confidentiality.
For instance, if you use Facebook to check in at a coffee shop during a client meeting, you could inadvertently disclose your client’s location as well. This may be an issue if your client wishes to remain anonymous, or if they don’t want it to be known that they’re using legal representation.
Photos can also be problematic. You may be more mindful than lawyer and politician Kris Kobach, who accidentally revealed notes on proposed immigration policy in a photo with Donald Trump back in 2016. You should always be hyper-aware of what might be in the eye of a camera lens. Your daughter could take an impromptu photo while you’re catching up on some work at the dining room table; if there’s any sensitive information visible in the image, you need to make sure that photo doesn’t get posted online (and is deleted from her device).
Steps lawyers need to take
Does this mean you need to stop using social media? No. But you do need to reconcile the norm of sharing information online with the need to keep client information confidential.
Here are a few things you can do to ensure you’re protecting client information:
- Go private on Facebook. This is a simple step for all lawyers (and for anyone using Facebook, for that matter). Go to “Settings,”, then “Privacy,” and set all of the visibility options so that only “Friends” can see your profile. If you want to market your law firm on Facebook, set up a separate Facebook page—and be extra mindful of the information you’re sharing on it.
- Only work with tools that prioritise data security. With Clio, for example, we’re audited daily by TrustedSite and we apply both in-transit and at-rest encryption using industry best practices (such as HTTPS and TLS). Our hosting facilities are audited annually for security certifications (such as SOC 2 and ISO27001), while we continuously monitor for potential vulnerabilities to ensure your data is always protected.
- Use two-factor authentication. Using two-factor authentication to protect your online accounts is one of the most effective steps you can take to protect client information. Read about why it works and how to implement it in this list of mobile security tips (two-factor authentication is number four on the list).
- Be wary of live mic technology. Assume someone is always listening. Consider that several firms have served Amazon with lawsuits in recent years, arguing that Alexa unlawfully saves users voice recordings without consent.
In short, you want to do everything you can to prevent unauthorized access to client information. As we head into 2023, that means a lot more than just closing the door each time you meet with clients.
However, don’t go overboard
LPP is vitally important—but it’s not an excuse to pursue strategic lawsuits against public participation (SLAPPs). In other words, to try and force others to keep your clients’ information confidential too.
The SRA is currently investigating 29 such cases, and has warned solicitors to “stop using terms in correspondence such as ‘private and confidential’ and ‘without prejudice’ unless there is a legal reason to do so.” They want to clamp down on solicitors throwing the term ‘confidential’ about in the hopes of quashing potentially embarrassing leaks.
Proceed with caution
Client confidentiality is a huge issue. Failure to protect your clients’ valuable information will land your firm in hot water, threaten a case’s outcome, and will erode any trust you’ve built. Indeed, solicitors must be more cautious than ever. A single photo uploaded to social media might spell disaster. Be careful about what you disclose, and if in doubt, check out the SRA guidance in full.
For more information on how to safeguard client confidentiality, check out our free recorded webinar, Client Confidentiality in the Digital Age, and know that your bases are covered.
We published this blog post in November 2017. Last updated: .
Categorized in: Business