Pennsylvania on the ethics of using smartphones for client data storage
These days most lawyers use smartphones for work-related reasons. Smartphone use has become so common that according to the ABA’s 2022 Legal Technology Report, 81% of lawyers surveyed reported that they used smartphones in the courtroom.
Of course, whenever lawyers use technology, security and ethical risks must be considered, and smartphones are no exception. Fortunately, state ethics bars are rising to the occasion and providing guidance for lawyers who store confidential client contact information on their mobile devices.
For example, a few months ago I wrote about New York Ethics Opinion 1240. In this case, handed down in April, the Committee on Professional Ethics considered whether it’s ethical for lawyers who store current, former, or prospective client contact information on their phones to consent to share their contacts with a smartphone app.
The Committee concluded that if a lawyer found that the contact information included confidential client information, “the lawyer may not consent to share contacts with a smartphone app unless the lawyer concludes that no human being will view that confidential information and that the information will not be sold or transferred to additional third parties, without the client’s consent.”
More recently, Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility addressed a similar issue. In Formal Opinion 2022-500, the Committee considered the ethical considerations that arise when lawyers store client information on a smartphone.
The Committee agreed, in part, with the conclusions reached by the New York committee relating to client contact information stored on mobile devices, but expanded its focus to also address issues concerning others types of confidential information stored on smartphones.
The Committee explained that the Pennsylvania Rule of Professional Conduct 1.6, which addresses client confidentiality, differs from New York’s Rule and precludes a lawyer from revealing “information relating to representation of client,” a concept that encompasses a broader range of data than the New York Rule.
As a result, the Committee determined that if a lawyer’s smartphone contains information relating to client representation, “then the lawyer may not consent to share the information with a smartphone app unless the lawyer concludes that no human being will view that information, and that the information will not be sold or transferred to additional third parties, without the client’s consent.”
Precautions lawyers must take to protect confidential client information governed by Pa.R.P.C. 1.6. In some circumstances, this may include declining to give certain permissions to certain apps, avoid installing certain apps, or choosing not to store confidential information on their smartphones.
The Committee provided the following guidance for lawyers seeking to comport with their ethical obligations to maintain client confidentiality when using mobile devices and interactign online:
• When possible, do not store Rule 1.6 information on smartphones.
• Limit the ability of apps to access data, such as contacts, calendars, photographs, camera, microphone, location, files and more. While lawyers have an ethical obligation to do so, it also makes sense to limit the access of apps as much as feasible to protect the privacy of clients and lawyers.
• Android and Apple make it relatively easy to determine which apps access which types of data. For Apple users, check and set permissions by going to Settings > Privacy. For
Android users, check and set permissions by going to Settings > Apps > tap the App >
Permissions. The manufacturers also provide guidance on their websites.
• Minimize risks by not oversharing on social media.
• Keep device software up to date.
• Use a device passcode.
• Use a password manager.
• Enable Multifactor Authentication (MFA) when available.
• Always check and set app permissions to bar or minimize exposure of extraneous data to apps while retaining their functionality.
The guidance offered in both opinions is useful regardless of whether you’re licensed in those jurisdictions. This is especially so if your jurisdiction has not yet weighed in on these ethical issues.
The bottom line: take care whenever you interact online and when storing confidential client data on your mobile devices. Think before you type, and carefully consider whether to share client-related data, including contact information, with any apps that you download.
Nicole Black is a Rochester, New York attorney, author, journalist, and the head of SME and External Education at MyCase law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at firstname.lastname@example.org.