New Jersey Advisory Committee on Professional Ethics Opinion 701

Topic: Electronic storage and access of client files

From the Opinion:

“We are reluctant to render an [sic] specific interpretation of RPC 1.6 or impose a requirement that is tied to a specific understanding of technology that may very well be obsolete tomorrow. Thus, for instance, we do not read RPC 1.6 or Opinion 515 as imposing a per se requirement that, where data is available on a secure web server, the server must be subject to the exclusive command and control of the firm through its own employees, a rule that would categorically forbid use of an outside ISP. 

We do think, however, that when client confidential information is entrusted in unprotected form, even temporarily, to someone outside the firm, it must be under a circumstance in which the outside party is aware of the lawyer’s obligation of confidentiality, and is itself obligated, whether by contract, professional standards, or otherwise, to assist in preserving it…The touchstone in using ‘reasonable care’ against unauthorized disclosure is that: (1) the lawyer has entrusted such documents to an outside provider under circumstances in which there is an enforceable obligation to preserve confidentiality and security, and (2) use is made of available technology to guard against reasonably foreseeable attempts to infiltrate the data. If the lawyer has come to the prudent professional judgment he has satisfied both these criteria, then ‘reasonable care’ will have been exercised.”

 

The full text is available at http://njlaw.rutgers.edu…