Last week the ABA made an important change to Rule 1.6, “Confidentiality.” On its face, the change doesn’t seem like much—the drafters added a new section 1.6(c) which states, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
That doesn’t seem like such a big deal, especially since the sentiment already existed in the commentary to the rules. The need to safeguard our clients’ information was already stated in a slightly different form in Comment  to Rule 1.6. And why shouldn’t it be—isn’t it an obvious point? So why would the drafters simply take language that already existed in the commentary, tweak it, and move it to the rule itself? It’s about addressing technology head on.
Lawyers are increasingly using new technologies like cloud storage sites and software as a service (SaaS) to store client data. While helpful, the obvious risk of using these sites is that there is a potential for disclosing information. Plus, this isn’t just about could-computing or websites, it’s about using any new technology, whether it be mobile storage devices, unencrypted wireless routers, iPads, etc. The more we use these technologies, there more opportunities we have to reveal client information. The drafters must have believed that the more frequent use of these types of technologies demands an increased emphasis on the need to protect client information. Thus, by expanding the language and moving it to the actual text of the rule, the drafters are telling the bar that this issue is no longer just commentary, or “secondary guidance.” Now it’s a primary duty.
So now we know that before we use new technologies we have a duty to make reasonable efforts to prevent the release of information relating to the client. But what does that mean? How do you know if the efforts you used were actually “reasonable?” More on that in the next post…