New York Bar on lawyers' obligations to protect client data on a hard drive

By Nicole Black
BridgeTower Media Newswires

Technology offers many benefits. If you read my column regularly, you already know that. Technology provides nearly limitless options for lawyers seeking to run their law firms and practice law more effectively. Mobile and cloud computing enable access to your law firm’s data from just about anywhere using an internet-enabled device. Digital evidence makes trial presentation more manageable and more effective. Artificial intelligence software can provide insights gleaned from large amounts of data that allow you to make more informed, strategic decisions on topics ranging from where to file an action to which contract clauses should be removed.

It’s not all rainbows and unicorns, however. With those benefits come some risks. Sure, technology can increase efficiency and profitability and save your law firm time and money, but sometimes an inevitable result is that it can increase complexity.

You need look no further than a recent New York ethics opinion for an example of this premise in action. In Ethics Opinion 1239 (online: https://nysba.org/ethics-opinion-1239/), issued in March, the Committee of Professional Ethics addressed the scope of lawyers’ ethical obligations when required to provide data stored on a law firm's hard drive as part of the discovery process.

Specifically, the Committee considered the steps lawyers faced with that situation must take “to protect the confidential information of other clients stored on that hard drive who are not parties to the litigation and who have not waived the attorney-client privilege or consented to the disclosure of the client’s confidential information.”

The Committee acknowledged the ethical complexities encountered when one of the attorney’s clients waived privilege, but the hard drive also contains information related to other non-waiving clients. In that scenario, the Committee explained that the attorney has an obligation to consult with the non-waiving clients “about the reasonable efforts the attorney will undertake to preserve the confidentiality of their confidential information stored on the lawyer’s hard drive.”

Following that discussion, should any non-waiving clients refuse to consent, the next step is for the attorney to take reasonable steps to preserve the confidential information of those clients, including seeking alternative methods of responding to the discovery demand. The Committee explained that “(d)epending upon the facts presented, the legitimate interests of the waiving party client and the counterparty in the litigation may be satisfied by less intrusive means than mirroring the entire hard drive containing the confidential information of the non-waiving non-party clients.”

Next, the Committee provided a list of steps that lawyers can take to reduce or eliminate the impact on the clients refusing to consent to the disclosure of their confidential information.

Those steps include: “(a) seeking to establish agreed search terms or other protocols that a mutually acceptable ESI vendor could implement; (b) in the event the waiving client’s electronic file has been stored in a fashion that allows for segregated duplication, securing an agreement to produce only that portion of the file that concerns the waiving client; (c) negotiating a confidentiality order limiting production for “attorney eyes only”; (d) seeking the appointment of a special master to review the privilege issues; (e) seeking in camera review of the confidential information by the court (see N.Y. State 1057 (2015)); (f) in the absence of agreement, moving to reargue the motion leading to the court’s decision outlining less intrusive means by which the legitimate goals of the litigation may be advanced; (g) in the absence of a court order revisiting the terms of the order, moving to stay enforcement pending appeal; and (h) appealing.”

If you’ve found yourself in this situation in the past, the opinion is obviously worth reading since it provides lots of helpful guidance. Even if you haven’t yet encountered this issue, read it anyway. It provides food for thought on the importance of ensuring that you always keep client confidentiality top of mind and carefully consider the intricacies of that obligation when technology is involved.

—————

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase legal practice management software. She is the nationally-recognized author of "Cloud Computing for Lawyers" (2012) and co-authors "Social Media for Lawyers: The Next Frontier" (2010), both published by the American Bar Association. She also co-authors "Criminal Law in New York," a Thomson Reuters treatise. She writes regular columns for Above the Law, ABA Journal, and The Daily Record, has authored hundreds of articles for other publications, and regularly speaks at conferences regarding the intersection of law and emerging technologies. She is an ABA Legal Rebel, and is listed on the Fastcase 50 and ABA LTRC Women in Legal Tech. She can be contacted at niki.black@mycase.com.