Enshrined in Law
When thinking about your legal requirements as a solicitor with respect to email, one has to be reminded of a solicitor’s “duty of care” to their client. A solicitor’s duty to his client is to do for him all that he properly can, with of course, proper care and attention. Subject to giving due weight to the adverb “properly,” that duty is a paramount duty.
Writing in The Law Society Gazette Michael Cross says, “I’d like to think that no legal professional would transmit client confidential information across a free webmail service like Gmail or its competitors.” He goes on to state that of course this is not just a problem restricted to this type of email service. All “clear text” emails are inherently insecure. I have been banging on about this very subject for years. Think of your standard email as a postcard, it can be read by anyone who takes the trouble to intercept it on route. Whereas an encrypted email is akin to a registered letter, far more secure.
While we are on the subject of transmitted data, those of you that use services such as Dropbox for off site data storage and or back-up are also putting that data at risk. Not least for the fact that it will likely be stored off-shore and therefore not subject to the same privacy laws as the UK. Indeed the president of the Law Society, Nicholas Fluck has stated that risks generated by cross-border transfer of data are a major challenge to be addressed.
Fixing the Risk with Email Encryption
As I have already said encrypted email is the answer to this particular problem. Historically this was a non-starter because of the complexities of email encryption systems. However this is no longer the case and should not be seen as an excuse not to implement email encryption today. The best of these new breed of products allows you to send encrypted email to someone you have never emailed before and allows them to open and decrypt the email without the need to buy into the service. In fact they can then reply to your email also in encrypted form, all free of charge and without the need to install any software of their PC.
A good product option is Egress’s “Switch”, I have had personal experience of this product and can heartily recommend it. They already have a growing client base of lawyers, healthcare professionals and government departments.
Don’t be accused of Luddite tendencies, if you are using email or Cloud storage in your firm without the precaution of encrypting that data in transit and at rest, you are an accident waiting to happen. Just think how easy it is to click send, without thinking about the full content of the email you have just composed. You might have guidelines but does everyone follow the rules on every occasion? Remember you will have no credible defence to offer and your firm’s reputation will take a hammering. Don’t wait act today!