Practical Encryption: Emailing With Your Clients
Scenario: You need to exchange sensitive documents with your client, but in the digital age, printing and mailing physical documents seems slow, expensive, and not exactly “green.”
Typical Solution: Virtually all lawyers rely on email as a primary communication tool, so when it comes time to send documents, they go right into email along with everything else.
Problem: There are a number of practical reasons to be wary of sending documents via email (e.g. versioning, organization), but the real concerns are security related. Emails are easily misaddressed and are often forwarded to third parties without your knowledge or permission. If you attach a highly sensitive document to an email and send it to the wrong person in your address book, there’s nothing to stop that person from reading and disseminating the file in away that’s likely to get you in hot water with your client and your disciplinary body.
Solution: Newer ethics opinions, primarily those regarding cloud computing, have noted that it’s important for lawyers to evaluate the sensitivity of the data they’re handling and to take steps appropriate to the sensitivity. You shouldn’t be afraid to continue using email for most of your routine correspondence and even routine document exchanges, but when handling particularly sensitive data – like your client’s trade secrets, for example – you should go a step further.
Encrypted email allows you to protect your communications so that both the body of the email and any attachments are accessible only if the recipient has the proper decryption key/password. Even if you accidentally direct the email to the wrong address they won’t be able to see a single bit of sensitive information. Better yet, most encrypted email tools include auditing features that tell you when (and by whom) the message was opened or attachments were downloaded. In some cases, you can also set restrictions to prevent forwarding or to force the email to “expire” after a certain amount of time.