Written By Chloe Widmaier
A Introduction
In today’s world, technology has had a dramatic impact on the legal profession.[1] Indeed, lawyers increasingly rely on new technologies to access information, communicate with clients and colleagues, and market themselves and their firms. [2] However, new technologies have also caused many problems. Perhaps the most serious problem is the impact of technology on the crucial duty of confidentiality – the idea that a lawyer will protect their client’s information – and the fact that new technology has compromised the duty. [3] In the United States, the Colorado Bar Association summarised the effect of modern technology on the duty of confidentiality:
It is impossible to predict how technological advances will alter the means by which communications can be conveyed or intercepted. However, regardless of technological developments, the [lawyer] must exercise reasonable care to guard against the risk that the medium….may somehow compromise the confidential nature of the information.[4]
This impact is especially troublesome as the duty of confidentiality is essential in promoting positive public opinion in the legal profession, and is key in encouraging clients to fully confide in their lawyers.[5]
This report will first briefly discuss what the duty of confidentiality entails. Second, it will examine the troubles lawyer’s face when determining who is a potential client when they are dealing with online inquires. Then this report will examine the risks associated with email communication, handling and storing files electronically, and metadata and examine their respective impacts on the duty of confidentiality. Finally, this report will ultimately suggest possibly ways to protect the duty of confidentiality from modern technology.
B An Overview of the Duty of Confidentiality and the Impact of Technology
The duties and requirements of a lawyer, have historically been found in the common law and in equity.[6] However, more recently they have been codified in the Queensland Law Society’s, Australian Solicitors Conduct Rules 2012 (the Rules).[7] Rule 9 of the Rules specifically covers the obligations of lawyers with respect to the duty of confidentiality. [8] According to Rule 9.1, a lawyer, ‘must not disclose any information which is confidential to a client and acquired by that [lawyer] during the client’s engagement to any person who is not…’ a member of the lawyer’s law firm or a barrister or employee of a person engaged by the lawyer’s law practice.[9] While there are a few exceptions, such as if the client authorises the disclosure, generally this is the rule.[10] Barristers are essentially bound by the same rule, through rule 108 of the Bar Association of Queensland’s, Barristers’ Conduct Rules.[11]
Furthermore, ‘confidential information’ has been defined by case law as ‘all communications made by the client regarding their affairs and all information learnt directly or indirectly about the client’.[12] This is a very broad definition intended to ensure that potentially any information a client gives is protected under the duty of confidentiality.
C Potential Clients
The internet raises issues with respect to identifying who is a client and when a lawyer-client relationship arises and with it, the duty of confidentiality. Typically, when dealing with clients, a lawyer’s duties and obligations commence with the execution of a retainer.[13] However, in the online context of internet websites and chatrooms, where individuals are able to submit informal inquires, identifying when an individual is owed a duty of confidentiality is complicated.[14] Some argue it depends on if the lawyer is giving legal advice or legal information – if they are found to be giving legal advice then the relationship and the relevant duties are activated.[15] However, this difference is often difficult to distinguish.[16] Definitions and guidelines– like those from the New South Wales Legal Technology Committee[17] – have been developed to help lawyers determine if they are giving advice or information.[18] However, the best solution is perhaps to always assume that a lawyer-client relationship exists.[19] Nevertheless, this approach presents its own concerns as well. For example, what if both sides in a legal dispute contact the same lawyer? Hopefully, the lawyer in that scenario would realise there would be a conflict of interest and would refer the second party to another lawyer.[20] It has been alternatively suggested that perhaps a better solution is for lawyers to use disclaimers when dealing with online inquires, which may offer some protection. Yet, lawyers should still exercise caution, as disclaimers do not always provided total immunity protection from legal proceedings.[21]
D Emails
Often lawyer’s emails will contain confidential information, which potentially puts that information at risk. This is due to the fact that when an individual sends an email, the information is sent to the internet service provider who breaks it down into packets of information.[22] These packets are then moved on to other servers until they reach the recipients sever where they are reassembled. [23] As the information travels along it is at risk of being intercepted at any moment, especially after it has been converted into the information packets.[24] Indeed, so-called packet-sniffing programs exist which intercept and copy the information in the packets.[25] Furthermore, the ease of emails invites mistakes, as for example, when an email is sent to an incorrect recipient.[26] Indeed, in the case of GT Corporation v Amare Safety[27] the defendant Amare accidently sent 50,000 privileged documents to the plaintiff GT during the discovery stage.[28] The information provided a strategic advantage to GT and indirectly contributed to Amare Safety ultimately losing the case.[29]
However, even in respect of such dangers, it is unclear if the duty of confidentiality mandates the protection of such communications. While some argue that there is an implied obligation to encrypt email messages it appears that there is no official duty to do so.[30] Indeed, according to the American Bar Association (ABA), despite the risk of emails, the ABA’s policy is that emails are to be treated the same as traditional mail and no encryption is required.[31] However, some still contend that if a lawyer believes that additional security is necessary – if there is a real threat or the information is especially important – then additional security precautions should be taken to protect the information. [32] Furthermore, it has been advised that lawyers should be kept informed of new developments in technology that may reduce such risks at a reasonable cost. [33] Additionally, it has been suggested that lawyers should inform their clients, especially if they are vulnerable, of the dangers of internet email communication.[34] Indeed, email guidelines such as that created by the Victorian Legal Practitioners’ Liability Committee provide valuable suggestions regarding email communication.[35]
E Handling and the Storage of Electronic Files
Currently, a large percentage of the documents a lawyer deals with are received and stored electronically. Electronic files are deceptively easy to amend and send to client parties and other individuals.[36] However, lawyers must be careful when they store or modify documents electronically as accidents can have extremely detrimental consequences.
Indeed, the ease at which documents can be stored invites mistakes. Take, for example, the situation in Hernandez v Esso Standard Oil Co.[37]In that case, a single mouse click by the defendants, Esso Oil, inadvertently merged privileged with non-privileged folders which were sent to the plaintiff, Hernandez. [38] It was held by the court that the click by Esso resulted in a waiver of privilege and caused Esso to lose 2,000 pages of privileged documents.[39] It is therefore necessary to be alert and careful when handling electronic documents.
The fact that a computer can store a significant amount of information also makes storing documents electronically more risky due to the danger of hackers. If a hacker manages to infiltrate a computer system they can easily steal or copy the information being stored without the owner even realising it or at least not until after the data breach has occurred.[40] Combined this with the fact that, under rule 14.2 of the Rules, a lawyer or a law firm may only destroy client documents seven years after the end of the engagement.[41] This means that lawyers have to keep and store a large amount of documents for a long period of time.[42] This in turn, puts confidential client information at an increased risk of being copied or stolen by hackers.[43] However, the situation worsens by the fact that if client instructions or legislative requirements to the contrary then the data may have to be stored even longer, further increasing the risk of it being compromised.
The definition of ‘client documents’ are documents to which a client is entitled.[44] This definition does help to limit the number of documents required to be stored and lawyers often include a provision in their contracts allowing them to destroy the documents after the seven year period. [45] There is still a large risk of the confidential information being taken.[46] While client documents can be protected possibly by implementing encryption programs, there is no true full proof protection, as can be seen by the recent Panama papers scandal.[47]
F Metadata
Lawyers must also be cautious of word processing programs, because these programs create and store metadata. Metadata is commonly referred to as ‘data about data’ and is hidden information contained in word processing programs. [48] The information contained in the metadata includes details describing how, when, where, what and by whom a file was edited or created.[49] Metadata has many useful applications, it can be used to locate relevant documents easily, especially if there are inconsistences in the documents, for example different terminology. [50] However, metadata can also be dangerous as it may inadvertently reveal information regarding a matter.[51]
The Ok Tedi Mine case is an example of metadata being inadvertently disclosed to the opposite party and then being used as leverage. In that case, a mine in Papua New Guinea was operated by BHP Billiton (BHP).[52] The mine was found to have polluted the nearby Ok Tedi River.[53] An action was then brought an action against BHP.[54] Following the commencement of that action a piece of legislation was passed by the Government of Papua New Guinea which made it a criminal offence to sue BHP for polluting the Ok Tedi River and also it made it an offence to assist anyone who sought to bring such an action.[55] However, it was inadvertently discovered through metadata that it was BHP’s lawyers who had drafted the legislation.[56] As a result BHP was charged with being in contempt of the court.[57] Following that decision BHP decided to settle the issue out of court for a undisclosed amount.[58]
Similar to issues with respect to emails, there are ways lawyers can protect their clients from risks related to metadata. Perhaps the best method is for lawyers to resume making paper copies of all their documents, as that would remove all traces of metadata. However, this is considered inefficient and impractical, and it is unlikely this method would be adopted by many.[59] Another more practical way to keep metadata safe is by installing programs that remove the metadata from the documents before they are sent.[60] However, lawyers must remember to use the program or the metadata will remain in the document and may lead to issues as discussed above.
G Conclusion
Modern technology has substantially changed how lawyers work. While technology has provided many benefits, such as easier means of communication and storage it has also caused many problems. Specifically, it has undermined the duty of confidentiality lawyers owe to their clients. It has made it difficult for lawyers to determine who their clients are in certain circumstances and has led to inadvertent disclosure of confidential information through emails, electronic storage, and metadata. While there appears to be some solutions emerging to address these issues, through software, guidelines, disclaimers, and other means. These do not appear to be complete solutions. It seems that for the foreseeable future confidential information will continue to be at risk.
[1] Law Reform Committee, Parliament of Victoria, When a Stranger Calls: Guidelines for Legal Services on Websites, Phone or E-mail (1999) 29.
[2] Philip Kellow, 'The Federal Court of Australia: Electronic Filing and the E-court On-line Forum' [2002] University of Technology Sydney Law Review 123, 124; Law Reform Committee, Parliament of Victoria, When a Stranger Calls: Guidelines for Legal Services on Websites, Phone or E-mail (1999) 29.
[3] Tuckiar v The King [1934] 52 CLR 335.
[4] Colorado Bar Association Ethics Committee, ‘Preservation of Client Confidences in View of Modern Communications Technology’ (1992) 90.
[5] Queensland Law Society, The Australian Solicitors Conduct Rules 2012 in Practice: A Commentary for Australian Legal Practitioners (Queensland Law Society, 1st ed, 2014) 61; Colorado Bar Association Ethics Committee, ‘Preservation of Client Confidences in View of Modern Communications Technology’ (1992) 90.
[6] Ibid.
[7] Queensland Law Society, Australian Solicitors Conduct Rules (at 21 May 2012).
[8] Ibid.
[9] Ibid r 9.1.
[10] Ibid r 9.2
[11] Bar Association of Queensland, Barristers’ Conduct Rules (at 23 December 2011) r 108.
[12] Legal Practices Complaints Committee v Trowell [2009] WASAT 42.
[13] Queensland Law Society, Duties to Potential Clients (November 2008) Queensland Law Society, 46 <http://www.qls.com.au/Knowledge_centre/Ethics/Resources/Confidentiality/Confidentiality/Duties_to_potential_clients >.
[14] Ibid.
[15] Del O’Roark, The Impact of the Internet on a Lawyer’s Standard of Care & Professional Responsibility’ (September 2008) Bench & Bar, 41 <http://www.lmick.com/_resources/documents/bench_and_bar/2008_bench_and_bar_september.pdf>.
[16] Law Reform Committee, Parliament of Victoria, When a Stranger Calls: Guidelines for Legal Services on Websites, Phone or E-mail (1999) 29, 31.
[17] New South Wales Legal Technology Committee, Guidelines on Social Media Policies (March 2012) New South Wales Legal Technology Committee <https://www.lawsociety.com.au/cs/groups/public/documents/internetcontent/587803.pdf>.
[18] Law Reform Committee, Parliament of Victoria, When a Stranger Calls: Guidelines for Legal Services on Websites, Phone or E-mail (1999) 29, 31.
[19] Ibid.
[20] Queensland Law Society, Australian Solicitors Conduct Rules (at 21 May 2012) r 11.2
[21] Australian Competition and Consumer Commission v TPG Internet Pty Ltd [2013] HCA 54.
[22] Steven Masur, ‘Confidentiality in a High-Tech World’ (2007) 24(5) GPSOLO http://www.americanbar.org/newsletter/publications/gp_solo_magazine_home/gp_solo_magazine_index/confidentiality.html\>.
[23] Ibid.
[24] Ibid.
[25] Ibid.
[26] Law Reform Committee, above n 17, 42.
[28] Guzya; Hill, ‘Commercial litigation: How a click of a mouse can cost thousands’ (2011) 39 American Bar Law Review 191, 192.
[29] Ibid.
[30] Charles Luce, Lawyering on the Internet: Confidentiality, Solicitation, Ethics and Etiquette (1998) Money White <http://www.moyewhite.com/ethics/netethic.htm>.
[31] American Bar Association Committee on Ethics and Professional Responsibility, ‘Protecting the Confidentiality of Encrypted E-mail’ (1999) 99-143 American Bar Association 99.
[32] Ibid.
[33] Charles Luce, Lawyering on the Internet: Confidentiality, Solicitation, Ethics and Etiquette (1998) Money White <http://www.moyewhite.com/ethics/netethic.htm>.
[34] Charles Luce, Lawyering on the Internet: Confidentiality, Solicitation, Ethics and Etiquette (1998) Money White <http://www.moyewhite.com/ethics/netethic.htm>; Charles Luce, Lawyering on the Internet: Confidentiality, Solicitation, Ethics and Etiquette (1998) Money White <http://www.moyewhite.com/ethics/netethic.htm>.
[35] Legal Practitioners’ Liability Committee, E-mail guidelines, (23 May, 2007) Legal Practitioners’ Liability Committee < http://lplc.com.au/bulletins/e-mail-guidelines/>.
[36] Hill, above n 28, 192.
[37] (3) 1485 WL 1967364 (US, 2006).
[38] Ibid.
[39] Ibid.
[40] Hill, above n 28, 193.
[41] Queensland Law Society, Australian Solicitors Conduct Rules (at 21 May 2012) r 14; Queensland Law Society, Can I destroy client files after 7 years? (2011) Queensland Law Society <http://www.qls.com.au/Knowledge_centre/Ethics/Resources/Client_documents_and_liens/Can_I_destroy_client_files_after_7_years>.
[42] Ibid.
[43] Ibid.
[44] Queensland Law Society, The Australian Solicitors Conduct Rules 2012 in Practice: A Commentary for Australian Legal Practitioners (Queensland Law Society, 1st ed, 2014) 61; Fordham v Legal Practitioners complaints committee (1997) 18 WAR 467.
[45] Queensland Law Society, The Australian Solicitors Conduct Rules 2012 in Practice: A Commentary for Australian Legal Practitioners (Queensland Law Society, 1st ed, 2014) 61; Fordham v Legal Practitioners complaints committee (1997) 18 WAR 467.
[46] Ibid.
[47] James Temperton and Matt Burgess, The security flaws at the heart of the Panama Papers (6 April 2016) Wired <http://www.wired.co.uk/news/archive/2016-04/06/panama-papers-mossack-fonseca-website-security-problems>.
[48] Hill, above n 28, 192.
[49] Ibid.
[50] Dan Pinnington, Beware the Dangers of Metadata (2004) Lawyers’ Professional Indemnity Company, 1 <http://www.practicepro.ca/lawpromag/metadata.pdf.>.
[51] Ibid.
[52] Stephen Warne, A good summation of Microsoft Word metadata issues for lawyers (17 March 2007) The Australian Professional Liability Blog < http://lawyerslawyer.net/2007/03/17/a-good-summation-of-microsoft-word-metadata-issues-for-lawyers/>.
[53] Ibid.
[54] Ibid.
[55] Ibid.
[56] Ibid.
[57] Ibid.
[58] BHP Billiton, BHP Billiton Withdraws from Ok Tedi Copper Mine and Establishes Development Fund for Benefit of Paupa New Guinea People (8 February 2002) BHP Billiton < http://www.bhpbilliton.com/investors/news/bhp-billiton-withdraws-from-ok-tedi-copper-mine-and-establishes-development-fund-for-benefit-of-papua-new-guinea>.
[59] Donna Payne, ‘Metadata: The Good, the Bad, and the Misunderstood’ (April 2013) 30(2) GP Solo < http://www.americanbar.org/publications/gp_solo/2013/march_april/metadata_the_good_the_bad_and_the_misunderstood.html>.
[60] Ibid.