How to Encrypt Attorney-Client Communications, by Lisa Needham, Lawyerist Blog (with hat tip to Allen Mihecoby, CLAS, RP!)
If you have decided you need to get serious about client data protection, you will need to consider encrypting both your data and your communications. We have previously covered how to encrypt your data and will focus here on how to encrypt your email communication.
What Is Encryption?
Simply by using the Internet, you are probably using some sort of encryption scheme during some activities, whether you know it or not.
Encryption is simply the act of turning your data into unreadable gibberish. If your data is intercepted or hacked, the thief now has nothing but a pile of garbage.
End-to-end encryption is a must for transferring sensitive data across the internet. In end-to-end encryption, your data is encrypted while it travels towards your intended location and the same encryption occurs on the reverse trip. Your bank (hopefully) uses end-to-end encryption. Your practice management software (hopefully) uses end-to-end encryption if it stores and syncs data remotely. This sort of encryption is done for you without any effort on your part, as it is just a standard feature of the infrastructure you are using to bank or update client data or similar activities.
Why Do You Need to Care?
A few years ago, the ABA issued a formal ethics opinion stating that if there is a significant risk that a third party might gain access to the email, attorneys have to warn clients about that risk.
This poses a problem, because unlike your bank and practice management software, email is usually unencrypted. This is true whether you are using a desktop client or a web-based email like GMail. . . .