Ohio Bar green lights cloud computing and virtual law firms

NYC Bar on lawyers’ ethical obligations at the border

Stacked3Here is this week's Daily Record column. My past Daily Record articles can be accessed here.

*****

NYC Bar on lawyers’ ethical obligations at the border

Since the election, border crossings have been subject to greater scrutiny by border control agents. This presents a problem for lawyers, who often cross the border carrying electronic devices which contain confidential client information that they are duty bound to protect. Fortunately, the New York City Bar Association provided timely guidance last month when it addressed this issue in Formal Opinion 2017-5 (online: https://tinyurl.com/NYCBarBorder).

This opinion considered the extent of an attorney’s ethical obligation to “protect confidential information prior to crossing a U.S. border, during border searches, and thereafter.” The specific factual scenario at issue involved an attorney who was traveling abroad and was carrying a portable electronic device that stored confidential client data. When the attorney attempted to cross into the United States, an authorized U.S. border control agent demanded that the attorney “unlock” the device. The attorney did not have client consent to disclose any confidential information.

The lengthy, in depth opinion covered a variety of issues, including the ethical obligations of lawyers in this scenario, the limits of the lawful authority of border control agents, and the types of data that may be accessed an reviewed.

The primary conclusions reached by the Professional Ethics Committee were:

Before crossing the U.S. border attorneys must undertake reasonable efforts to protect confidential information;
At the U.S. border attorneys may disclose clients’ confidential information only to the extent “reasonably necessary” to respond to a government agent’s claim of lawful authority;
If confidential information is disclosed during a border search, an attorney must promptly inform affected clients.

The Committee explained that “reasonable efforts” to protect client data will vary. This determination will necessarily turn on “the ease or inconvenience of avoiding possession of confidential information; the need to maintain access to the particular information and its sensitivity; the risk of a border inspection; and any other relevant considerations.”

Importantly the Committee wisely acknowledged that there is no bright line test available to help lawyers ascertain what conduct is reasonable. This is because of “the rapid pace of technological development and the disparities between the practices, capabilities, and resources of attorneys… (which make it) difficult or impossible to identify a list of minimum mandatory prophylactic or technical measures for an attorney to adopt before crossing the U.S. border.”

According to the Committee, one way to avoid the possibility of being required to disclose confidential information at the border is to ensure that no data is stored locally on your mobile devices. Encrypting devices or storing data in cloud are two of the recommended options that lawyers who take data with them when they travel internationally should consider: A lawyer…who handles more sensitive information should consider technological solutions that permit secure remote access to confidential information without creating local copies on the device; storing confidential information and communications in secure online locations rather than locally on the device; or using encrypted software to attempt to restrict access to mobile devices.”

Finally, the Committee concluded that if a lawyer is faced with a purportedly lawful request to access confidential client data, “the attorney first must take reasonable measures to prevent disclosure of confidential information, which would include informing the border agent that the device or files in question contain privileged or confidential materials, requesting that such materials not be searched or copied, asking to speak to a superior officer and making any other lawful requests to protect the confidential information from disclosure. To demonstrate that the device contains attorney-client materials, the attorney should carry proof of bar membership, such as an attorney ID card, when crossing a U.S. border.”

All in all, this is a very useful, well-researched opinion that provides a wealth of information for lawyers who travel internationally regarding their ethical obligations. It offers in depth guidance to assist lawyers in understanding their duties and includes detailed recommendations for preserving client confidences. If International travel is on your agenda in the near future, you’d be well advised to read this opinion prior to your trip.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase, intuitive web-based law practice management software for solo and small law firms. She is also the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She can be reached at niki@mycase.com.