Legal Use Case: Protecting Confidential Client Communications

he American Bar Association (ABA) first addressed in 1999, updated on May 11, 2017 with guidance on protecting confidential client communications (477R), and expanded on October 17, 2018 to track and notify data loss (483). The ABA declined to specify any particular steps lawyers should take but outlined a set of considerations lawyers might use to make their assessment:

“A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.”

The best approach to securing a client’s legal, personal, or company information is to encrypt all communications, data, and files so that any breach of a Lawyer’s business, storage devices, end-user devices, or electronic exchanges with the client is protected from unauthorized access. That sounds easy except the process of encrypting files or even utilizing an application’s password protection requires human involvement which can lead to errors or lack of use. For example, reusing passwords, using simple passwords, sharing passwords in the clear, forgetting to protect data, or more commonly bypassing the process because of the extra steps and required time.

Deploying Bonafeyed’s data-defined protection platform, a legal practice can safeguard data shared between counsel and their clients to remain secure and private when breached by cybercriminals or internal non-authorized users. Bonafeyed uses patented technology to prevent infiltrators from monetizing clients’ data on the black market and stops prying eyes in their tracks.

Bonafeyed’s data security technology can easily be deployed by a Firm. Clients perform a simple 2-factor authorization from Bonafeyed’s Cy4Secure Arbiter cloud service, which validates recipients and allows access to protected data. Most importantly, each data communication can be independently encrypted/protected. No two data files or elements share the same encryption key. When encrypted data is lost, stolen, abandoned, or forgotten, it remains protected, demonetized and permanently inaccessible once keys are deleted or retired, ensuring Lawyers and their Firms exceed ABA’s consideration of client privacy.