Attorney’s Duty to Protect Smartphone Data

Ethics: More Remote Misconduct
April 10, 2022
Sanctions Imposed for Fabricated and Unproduced Text Messages
April 20, 2022

“An attorney who stores the confidential identity of their clients on a smartphone must not consent to share contact information with an app unless that information won’t be shared with any human, the New York State Bar Association said.” D. McAfee, New York Bar Outlines Attorneys’ Duty to Protect Smartphone Data (bloomberglaw.com) (Apr. 13, 2022).

Mr. McAfee reports that the New York Bar ethics opinion states: “Insofar as clients’ names constitute confidential information, a lawyer must make reasonable efforts to prevent the unauthorized access of others to those names, whether stored as a paper copy in a filing cabinet, on a smartphone, or in any other electronic or paper form.”

N.Y. State Bar Opinion 1240 (Apr. 8, 2022), states:

To that end, before an attorney grants access to the attorney’s contacts, the attorney must determine whether any contact – even one – is confidential within the meaning of Rule 1.6(a). A contact could be confidential because it reflects the existence of a client-attorney relationship which the client requested not be disclosed or which, based upon particular facts and circumstances, would be likely to be embarrassing or detrimental to the client if disclosed.

The opinion lists a series of relevant factors to consider in determining confidentiality and states:

If a lawyer determines that the contacts stored on his [or her] smartphone include the confidential information of any current or former client, the lawyer must not consent to give access to his [or her] contacts to an app, unless the attorney, after reasonable due diligence, including a review of the app’s policies and stated practices to protect user information and user privacy, concludes that such confidential contact information will be handled in such a manner and for such limited purposes that it will not, absent the client’s consent, be disclosed to additional third party persons, systems or entities.

It concludes:

If “contacts” on a lawyer’s smartphone include any client whose identity or other information is confidential under Rule 1.6, then the lawyer may not consent to share contacts with a smartphone app unless the lawyer concludes that no human being will view that confidential information, and that the information will not be sold or transferred to additional third parties, without the client’s consent.

UPDATE:  see New York Ethics Opinion: May Attorneys Allow an App to Access Their Contacts? | Sensei Enterprises, Inc. (May 3, 2022).

Share