Blog

Best Practices for Attorney-Client Communication

Law Firms

Everyone knows about attorney-client privilege. Yet, with the rapidly changing way we communicate, there are new risks to this privilege. Your law firm should be taking action to adopt best practices when it comes to communications and data storage technologies.

To help you understand these best practices, this article contains two lists. The first is for best practices for your firm and the second is best practices for each individual in the firm. Although not comprehensive lists, they are a good place to start to ensure attorney-client privilege stays intact.

**Note: Consult with your state and local bar to verify you are meeting rules specific to your area.

Best Practices for Your Law Firm

  1. Adopt encryption technology and password protocols.
  2. Conduct a risk assessment of all technology devices in your firm. This includes computers, tablets, PDAs, mobile phones, and flash drives. Determine what safeguards you have in place and what needs more security measures.
  3. Upgrade firewalls, antivirus software, and other security measures.
  4. Provide education to your staff on attorney-client privilege (ACP). This should include intentional and inadvertent disclosures. Make sure all members of your firm understand the risks involved.
  5. Create a confidentiality policy.
  6. Assign someone to be the ACP lead for your firm. They will review the confidentiality policy annually and suggest changes as needed. They will also be sure that each person in the firm reads the policy each year.
  7. Educate the firm on internal threats such as lost technology and external threats such as hackers or spyware.
  8. Educate your firm on best practices for communicating in the digital world and how to store these communications. 
  9. Determine best practices for your firm members regarding the use of mobile devices which contain clients' personal information.
  10. Review your social media policies. Be sure to address text messages, instant messaging, and other instant Internet communications.
  11. Review policies to determine how you will handle employee terminations regarding network access, technology devices, and data.
  12. Understand the potential threats to a system being used to transfer information.
  13. Keep cloud storage safeguards up to date. 
  14. Be sure your cloud storage providers use best practices for protecting stored data.
  15. All technology devices should lock after a predetermined period of inactivity.
  16. Allow all devices to be wiped clean remotely in case they are lost or stolen.
  17. All devices should have tracking devices to report locations.

Best Practices for Individual Lawyers

  1. Encrypt emails, documents and data.
  2. Do not use public wireless connections for firm related work, particularly when sharing sensitive information. If you have to use public wireless, be sure to use encryption.
  3. USB flash drives and storage banks should be encrypted.
  4. Keep encryption tools up to date.
  5. Use password detection on devices, flash drives, storage, and documents. Passwords should be changed often and should be at least 12 characters long. Do not share your passwords.
  6. Wipe clean all storage devices before discarding them.
  7. Consider following a strict protocol, such as never communicating with clients about a case via text or instant messaging.
  8. If something is ACP, add Attorney-Client Privilege to the email subject line.
  9. Make no assumptions about ACP. Before communicating on a new device or via a new method, check to be sure these communications maintain ACP.
  10. Do not use personal email or personal devices for work purposes.
  11. Do not store electronic documents on home systems. Always use the firm's network.
  12. Eliminate metadata when sending documents to external email addresses.
  13. Do not add third-party apps to your smartphone to avoid malware that can compromise your data.
  14. Put Bluetooth devices in non-discoverable mode. When pairing your Bluetooth with a device, make sure to use passwords. Only use Bluetooth in trusted areas.
  15. Avoid using auto-fill functions when using email. You could inadvertently send a sensitive email to the wrong person.
  16. Avoid posting work-related information on social networks.
  17. Don't “friend” judges or clients or anyone connected to your cases.
  18. Write your online profile judiciously. Do not include any sensitive information.
  19. Use a disclaimer at the end of your emails (*see our blog on email disclaimers).
  20. If using a public computer, be sure to log out of your email and close the browser. If possible, delete the browser history.
  21. Use clawback agreements during litigation to reduce the risk of waiver.

New call-to-action

 

Topics:

Cyber Liability Self-Assessment

Smart businesses confidently endure cyberattacks because they quantified their risk and planned for it.

Quantify:

  • Lost productivity
  • Lost work product
  • Loss of current and future revenue
  • Reputation damage
  • And more
Get Your Self-Assessment

Business Plan Guide for Growing Law Firms

“Law school teaches you about the law, but it doesn't teach you how to run a law practice.” - Austin, TX-based attorney

So, we put together a guide to help you grow your law firm.

Download the Guide
Trustpilot
Get a Quick Estimate For Your Law Firm
Quick Estimate