Respected security professionals have compared email to postcards written in pencil—they can be viewed or altered by third parties easily.

Hackers are targeting law firms to steal sensitive client information more and more. A security breach can diminish your firm’s reputation and can also have serious legal and financial ramifications.

It is also ethically required for attorneys to take reasonable measures to safeguard information relating to clients, according to the ABA Model Rules 1.1 and 1.6 and Comments.

Why Email Encryption is Important

Email encryption can be an effective precaution to help prevent data theft.

Encryption is a strong security measure that protects stored and transmitted data (laptops, smart phones, wireless networks and email). It scrambles information according to a certain pattern, so that only the users who have access to that pattern or “key” can unscramble it and make it readable. Encryption technology is also effective in the event of a physical device theft since the data is unreadable without acquiring the key.

According to the ABA, only 29% of attorneys reported using email encryption for confidential/privileged communications/documents sent to clients.

Email encryption has now become easy to use and inexpensive with commercial email services. Consider implementing an email encryption policy at your firm, if you are not already.

If encrypted email is not available at your firm, a strong level of protection can be provided by putting the sensitive information in an encrypted attachment instead of in the text of the email.


Erin McCartney, Esq.
Information provided by Attorney Protective is not intended as legal advice. This publication provides best practices for use in connection with general circumstances, and ordinarily does not address specific situations. These best practices are not intended to meet or establish the standard of care, and sometimes recommend practices that exceed the standard of care. Specific situations should be discussed with legal counsel licensed in the appropriate jurisdiction. By publishing practice and risk prevention tips, Attorney Protective neither implies nor provides any guarantee that claims can be prevented by use of the suggested practices. Though the contents of Attorney Protective’s Best Practice Database have been carefully researched, Attorney Protective makes no warranty as to the accuracy, applicability or timeliness of the content. Anyone wishing to reproduce any part of the Attorney Protective Best Practices Database content must request permission from Attorney Protective by calling 877-728-8776 or sending an email to [email protected]. Additionally the rules cited in the contents of this article may have since changed. You should check the laws and model rules in your state for specific information on the topics addressed here.