Guard Your Castle to Keep Client Confidences Safe

As more and more law firms have moved to mobile computing via laptops, tablets and smartphones, there has been a tendency to forget about security for the computer infrastructure, usually back at the office, which supports all this mobile access to information.

But as this tip is being written, there has been a rash of thefts of servers from law offices in Portland, Oregon. The thieves seem to be looking for information, and may possibly know where to find what they’re looking for, since the only thing taken in the robberies is the servers – not the desktop computers used by the staff.

As a part of your obligation to keep client information confidential, take a careful look at the set-up of your computer network. Make sure that servers are kept in a locked room, that the location of this room is not obvious to clients or causal visitors, and that keys to the server room are locked away in another office rather than left in the door or in a drawer nearby.

Make sure that the server has a strong password and, if it is reasonably new, you might also consider encrypting all your data, however, this will reduce the speed with which documents open and can be saved.

While you are not ethically required to protect confidential information against any and every potential attempt to steal it, the more physical barriers you can erect between a thief and your servers, the better off you and your clients will be.

You don’t need to make it completely impossible for someone to steal a server, you just need to keep them busy long enough for the police to arrive.


  1. ABA Proposed Model Rule 1.6(c) would clarify that a lawyer has an ethical duty to take reasonable measures to protect a client’s confidential information from inadvertent disclosure and unauthorized access.

    What constitutes “reasonable measures to protect a client’s confidential information” depends on the client’s perception of what measures are reasonable in light of the client’s belief about the sensitivity of the information. It also depends upon the circumstances – and the circumstances are varied and constantly evolving.

    Attorneys’ Liability Assurance Society (ALAS), which provides malpractice coverage to major U.S. law firms, recently recommended that law firms “encrypt all protected information sent from or stored on any electronic device” in a 2011 ALAS Loss Prevention Journal article titled “Data and Privacy Protection in a Regulated World.”

    See part 1 of my series on this topic over at the .

    [Disclaimer: I represent ZixCorp, the leading provider of email encryption services.]

Leave a Reply

(Your email address will not be published or distributed)