Ohio Board of Commissioners on Grievances and Discipline Opinion 99-2

[WARNING – CPR Opinion – provides advice under the Ohio Code of Professional Responsibility which is superseded by the Ohio Rules of Professional Conduct, eff. 2/1/2007.]

Topic:

whether it is ethically proper under the Ohio Code of Professional Conduct for a lawyer to communicate with clients through electronic mail without encryption.

Syllabus of the Board:

A lawyer does not violate the duty to preserve confidences and secrets under DR 4-101 of the Ohio Code of Professional Responsibility [preservation of client confidences and secrets] by communicating with clients through electronic mail without encryption.  An attorney must use his or her professional judgment in choosing the appropriate method of each attorney-client communication.

Rule: Ohio Code of Professional Responsibility DR 4-101

 

To decide whether attorney’s expectations of confidentiality in e-mail communication are reasonable and whether attorney should always encrypt their emails, the opinion gives some technical explanation on how e-mail is transmitted, which risks are associated with Internet mail and non-Internet mail, what is encryption, an its pros and cons.

 

Cited opinions:

  • District of Columbia Bar, Op. 281 (1998) – electronic mail without encryption is ethically proper under most circumstances.
  • Illinois State Bar Ass’n, Op. 96-10 (1997) – no encryption required “unless unusual circumstances require enhanced security measures.”
  • New York State Bar Ass’n, Op. 709 (1998) – “lawyers may in ordinary circumstances utilize unencrypted Internet e-mail…[unless] the confidential information at issue is…extraordinarily sensitive nature”
  • Ass’n of the Bar of the City of New York, Formal Op. 1998-2 (1998) –  no need to encrypt “all e-mail communications containing confidential client information, but should advise its clients and prospective clients…that security of communications over the Internet is not as secure as other forms of communication”
  • State Bar Ass’n of North Dakota, Op. 97-09 (1997) – unencrypted electronic mail are not unethical, “unless unusual circumstances require enhanced security measures.”
  • Vermont Bar Ass’n, Op. 97-5 – no violation of DR 4-101 “by communicating with a client by e-mail, including the Internet, without encryption.”
  • State Bar of Arizona, Op. 97-04 (1997) –  while “it is not unethical to communicate with a client via e-mail even if the e-mail is not encrypted…it is preferable to protect the attorney/client communications to the extent it is practical.”
  • South Carolina Bar, Op. 97-08 (1997) – since “exists a reasonable expectation of privacy when sending confidential information through electronic mail…Use of electronic mail will not affect the confidentiality of client communications under South Carolina Rule of Professional Conduct 1.6”. Contrary an older opinion: South Carolina Bar, Op. 94-27 (1995).
  • Iowa Bar Ass’n, Op. 97-1 (1997) – “with sensitive material to be transmitted on e-mail counsel must have written acknowledgment by client of the risk of violation of DR 4-101 which acknowledgement includes consent for communication thereof on the Internet or non-secure Intranet or other forms of proprietary networks to be protected as agreed between counsel and client.”

 

The full text is available at http://www.supremecourt.ohio.gov…

 

Related Document: Do I always need to encrypt my correspondence with clients?