A new comprehensive opinion by the Ethics Committee of the Israeli Bar states that lawyers who use a free email service provider (such as Gmail) to send and receive attorney-client communications violate their duty of confidentiality under the professional rules of conduct (the ethics rules).
In its opinion, the Ethics Committee addressed the concerns regarding lawyers’ conduct in the digital space, and offered its recommendations for safeguarding the security of client information, in four main aspects:
- Use of external services. Lawyers should use external technology service providers as per the information’s degree of sensitivity and the potential effect on clients. The Ethics Committee’s opinion expressly states that free services do not provide a sufficient level of protection for client information. Consequently, lawyers and law firms should no longer use services such as Gmail, Dropbox, and many other reliable and widely used tools that are free of charge.
- Lawyers should implement and maintain appropriate security measures, including regular software security patches, complex passwords, and encryption of remote connections.
- Lawyers should attend data security training at least once every two years.
- Lawyers should prepare for security incidents in a manner that allows quick recovery and subsequent protection.
Unexpectedly, the Ethics Committee also determined that lawyers must inform their clients of any security breach that might impact confidential information relating to their legal representation. This is in contrast with the Israeli Privacy Protection Regulations on data security, which do not require informing data subjects of security incidents unless the Israeli privacy regulator expressly orders this be done.
CLICK HERE to read the Israeli Bar’s Ethics Committee’s opinion (in Hebrew).