Please ensure Javascript is enabled for purposes of website accessibility

 

February 4, 2022 | Cybersecurity Toolbox

Ethical Obligations – What Must Lawyers Do to Maintain Privileged Information and Comply with Applicable Regulations?

2

AUTHOR
Howard Allen Cohen, B.C.S. | 2021 – 2024 Member, The Florida Bar’s Standing Committee on Technology

I.                   Introduction

Attorneys have always had a duty to protect client information, but each new development in communication technology brings with it new ethics concerns.  The Florida Bar Rules of Professional Conduct do not expressly deal with cybersecurity but the traditional attorney ethics rules have direct application to the use of technology and cybersecurity, as discussed in this article.

II.                Florida Bar Ethics Rules – the Rules of Professional Conduct

The Florida Bar Rules of Professional Conduct[1] provide four duties of attorneys regarding client information and cybersecurity: The duty of competence, the duty of diligence, the duty to protect the confidentiality of client information, and the responsibility to supervise and be responsible for the actions or inactions of nonlawyer assistants employed by the attorney. I set forth the text of these rules and excerpts from their comments that apply to cybersecurity in this section.

The text of the rules is shown in italics.

A.                RULE 4-1.1 COMPETENCE

A lawyer must provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.

1.                  Competence includes safeguarding confidential information.

As stated in the Comments to Rule 4-1.1, “Competent representation may also involve the association or retention of a non-lawyer advisor of established technological competence in the field in question. Competent representation also involves safeguarding confidential information relating to the representation, including, but not limited to, electronic transmissions and communications.”

2.                  Competence requires understanding the relevant technologies.

As stated in the Comments to Rule 4-1.1, “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, engage in continuing study and education, including an understanding of the benefits and risks associated with the use of technology, and comply with all continuing legal education requirements to which the lawyer is subject.”

3.                  Attorneys must understand the technology they are using and any risks associated with it.

Attorneys must understand whether hardware, software or the Internet connection being used is secure or whether the attorney needs to take extra precautions (such as encrypting files or adding passwords) to make sure their work platforms are safe and secure.

4.                  Florida attorneys are required to have three CLE credit hours in “technology” during each of their three-year CLE cycles.

5.                  Florida Ethics Op. 10-2[2] (9-24-2010, rev. 12-13-2010), provides examples of how attorneys must exercise competence with regard to technology, as shown by the introduction to the opinion:

A lawyer who chooses to use Devices that contain Storage Media such as printers, copiers, scanners, and facsimile machines must take reasonable steps to ensure that client confidentiality is maintained and that the Device is sanitized before disposition, including: (1) identification of the potential threat to confidentiality along with the development and implementation of policies to address the potential threat to confidentiality; (2) inventory of the Devices that contain Hard Drives or other Storage Media; (3) supervision of nonlawyers to obtain adequate assurances that confidentiality will be maintained; and (4) responsibility for sanitization of the Device by requiring meaningful assurances from the vendor at the intake of the Device and confirmation or certification of the sanitization at the disposition of the Device.

B.                 RULE 4-1.3 DILIGENCE

A lawyer shall act with reasonable diligence and promptness in representing a client.

C.                RULE 4-1.6 CONFIDENTIALITY OF INFORMATION

(e) Inadvertent Disclosure of Information

A lawyer must make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.

1.                  Comment: The attorney must act competently to preserve confidential information.

The Comments to Rule 4-1.6 provide that

Paragraph (e) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See rules 4-1.1, 4-5.1 and 4-5.3. The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (e) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this rule or may give informed consent to forgo security measures that would otherwise be required by this rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, for example state and federal laws that govern data privacy or that impose notification requirements on the loss of, or unauthorized access to, electronic information, is beyond the scope of these rules. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see the comment to rule 4-5.3.

When transmitting a communication that includes information relating to the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients. This duty, however, does not require that the lawyer use special security measures if the method of communication affords a reasonable expectation of privacy. Special circumstances, however, may warrant special precautions. Factors to be considered in determining the reasonableness of the lawyer’s expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement. A client may require the lawyer to implement special security measures not required by this rule or may give informed consent to the use of a means of communication that would otherwise be prohibited by this rule. Whether a lawyer may be required to take additional steps in order to comply with other law, for example state and federal laws that govern data privacy, is beyond the scope of these rules.

2.                  Examples of breaches of the duty of confidentiality include:

  • Failing to mute when fielding a phone call from your client while on video with court or other third party.
  • Turning on camera while sitting in front of a wall-mounted whiteboard listing your client matters.

D.                RULE 4-5.3 RESPONSIBILITIES REGARDING NONLAWYER ASSISTANTS

(b) Supervisory Responsibility. With respect to a nonlawyer employed or retained by or associated with a lawyer or an authorized business entity as defined elsewhere in these Rules Regulating The Florida Bar:

(1) a partner, and a lawyer who individually or together with other lawyers possesses comparable managerial authority in a law firm, must make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that the person’s conduct is compatible with the professional obligations of the lawyer;

(2) a lawyer having direct supervisory authority over the nonlawyer must make reasonable efforts to ensure that the person’s conduct is compatible with the professional obligations of the lawyer; and

(3) a lawyer is responsible for conduct of such a person that would be a violation of the Rules of Professional Conduct if engaged in by a lawyer if the lawyer:

(A) orders or, with the knowledge of the specific conduct, ratifies the conduct involved; or

(B) is a partner or has comparable managerial authority in the law firm in which the person is employed, or has direct supervisory authority over the person, and knows of the conduct at a time when its consequences can be avoided or mitigated but fails to take reasonable remedial action.

(c) Ultimate Responsibility of Lawyer.  Although paralegals or legal assistants may perform the duties delegated to them by the lawyer without the presence or active involvement of the lawyer, the lawyer must review and be responsible for the work product of the paralegals or legal assistants.

1.                  The Comments to Rule 4-5.3 state:

Subdivision (b)(1) requires lawyers with managerial authority within a law firm to make reasonable efforts to ensure that the firm has in effect measures giving reasonable assurance that nonlawyers in the firm and nonlawyers outside the firm who work on firm matters act in a way compatible with the professional obligations of the lawyer.

Nonlawyers Outside the Firm

A lawyer may use nonlawyers outside the firm to assist the lawyer in rendering legal services to the client. Examples include the retention of an investigative or paraprofessional service, hiring a document management company to create and maintain a database for complex litigation, sending client documents to a third party for printing or scanning, and using an Internet-based service to store client information. When using these services outside the firm, a lawyer must make reasonable efforts to ensure that the services are provided in a manner that is compatible with the lawyer’s professional obligations.

2.                  Duties of supervision remain in place even when everyone is working outside the office.

  • Stay in contact with subordinate lawyers & staff to provide reasonable assistance, instruction & supervision.
  • Use technology as appropriate.
  • Regular communications by phone, videoconference & email can help ensure you’re meeting your supervisory obligations.

3.                  You should take steps to ensure continued professional development of your team.

4.                  To meet our obligations, we must swiftly learn how to use the platform we are given when it is beyond our control.

III.             Security Controls to Protect Client Information

The next section discusses specific risks for disclosure of client information and potential security measures to protect against them. However, general reasonable security controls for attorneys include:

  • Developing a risk assessment and management strategy,
  • Controlling identification, authenticating, and access to the law office’s network and data for any user.
  • Developing information protection processes.
  • Properly maintaining computer systems and installing patches to the operating system and application software as soon as they become available to head off the latest malware.
  • Having an effective backup strategy and using it!
  • Employing software to continuously monitor and detect malware. There are free and low-cost applications available to do this for individual users as well as professional versions for larger offices.
  • Have a plan for incident response.
  • Utilizing technology solutions for the above.

IV.             Risks to Privileged Information and Potential Security Measures

Safeguarding data means protecting confidentiality, security, privacy, integrity, and availability, against authorized access, acquisition, disclosure, use, alteration, destruction, or loss, and offensive intrusion on private matters or space. Electronic information has features that affect both the means required to protect client information and the manner in which the duty is activated in the first place. These risks include:

A.                Diminished control over the nature and amount of information received from others.

B.                 Greater susceptibility to unauthorized access through the Internet or portable media such as thumb drives or optical discs (CD-ROMs and DVDs), which can contain much more information than a paper file.

1.                  Security Measures:

  • Require portable media to be password protected and encrypted.
  • Check for viruses or other malware before using portable media.

C.                Increased opportunity for inadvertent disclosure of client information, such as by including improper recipients in emails, either when replying to ALL in an email or allowing Outlook to erroneously auto-populate the send field in an email.

1.                  Security Measures:

  • Double check emails before sending, including both the TO and CC lines.
  • Consider requiring having a confirmation dialog box appear before the email is sent.

D.                Allowing metadata to be included in documents that the attorney transmits to adversaries, such as in discovery.

Metadata, which is usually not visible, can include the author and the names of any users who edited the document and how it was revised.

1.                  Security Measure: Employ metadata scrubber software what would automatically scan all outgoing emails.

E.                 Unencrypted email may be intercepted and read by third parties.

1.                  Security Measures:

a.                   Consider email encryption

However, these systems can be awkward and may require the recipient to register before reading the email, and so they may not be practical for one-off or routine correspondence except for critical information (e.g., wire instructions).

b.                  Warning clients of the risks of using unencrypted email.

a)                  ABA Formal Ethics Op. 11-459[3] (2011):

A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, to which a third party may gain access. … Whenever a lawyer communicates with a client by e-mail, the lawyer must first consider whether, given the client’s situation, there is a significant risk that third parties will have access to the communications. If so, the lawyer must take reasonable care to protect the confidentiality of the communications by giving appropriately tailored advice to the client.

b)                  Florida Ethics Op. 00-4[4] (2000):

A person seeking legal services has no reasonable expectation of confidentiality in information he unilaterally submits to lawyer by email, regular mail, telephone message, or facsimile transmission; lawyers should post prominent statement to that effect on their websites. Generally, a lawyer may communicate with clients via unencrypted email.  Engagement letters should disclose that unencrypted emails will be used for attorney-client communications and advise of possible risks, including the risk interception of, or unauthorized access to, emails.

F.                 Use of free email services, such as Gmail, allow the service providers to examine their contents.

Google has admitted that it does this for marketing purposes with its Gmail service.

1.                  Security Measure: Obtain your own email server or use an email service that does not scan emails.

G.                Labeling documents or communications as confidential attorney-client communication or work product

However, just because a document or communication is labeled as confidential attorney-client communication or work product does not necessarily and automatically make it so. Courts will examine each communication to see if privilege exists; the communication must indicate that the communication has a legal purpose. See Baklid-Kunz v. Halifax Hospital Medical Center, Case No. 6:09-cv-1002-Orl-31TBS (M.D.,Florida Aug, 14, 2012), in which the court held that hundreds of emails and documents were not privileged, including emails where the in-house attorney was copied, compliance logs, and audit communications by management personnel.

H.                House counsel can take these steps to preserve attorney-client privilege for communications:

  • Identify your role as lawyer for the company.
  • Be explicit about seeking or providing legal advice.
  • Separate business and legal discussions, if possible.
  • Only include those who need to know on communications giving legal advice.
  • Instruct employees to be cautious as to content of emails and to whom they are sent

I.                   Remote or Home Legal Practice Issues

1.                  The risks of using home wireless networks include:

a.                   Virtual assistants and smart speakers

Unless turned off, they listen all the time for trigger words used to invoke their commands (e.g. “Álexa” or “Hey Google”), but may store everything they hear in the cloud, which could be accessed by their vendors. Examples of these include:

  • Dot and Echo from com, which use Alexa
  • Google Assistant in Google smart speakers and Android smartphones
  • Siri from Apple in iOS devices and Apple HomePods

2.                  Security Measures:

  • To maintain privilege and confidentiality at home against virtual assistants and smart speakers, remove these devices from the home office, turn them off, or require them to be muted.
  • Turn off any Drop-In settings.
  • Ensure no one else can overhear privileged communications (calls, Zoom meetings, mediations, etc.).
  • Conduct communications in a private room or send household members elsewhere.
  • Be mindful of your surroundings or prying ears.
  • Turn on notification sound to alert you when speaker is listening.

J.                  Insecure home WiFi, which can be accessed by neighbors or even vehicles on the street.

1.                  Security Measures:

  • Encrypt the data that passes through your home router.

This is easy to do by enabling WPA3 Personal or WPA2 Personal. WPA3 (newer and best) security on the router’s admin page.

  • Do not use WPA and WEP, which are older and not secure. Replace the router if it only has these.
  • Require a hard to guess (and preferably long) password to access the home network.
  • Keep the router up to date.
  • Turn off “remote management,” WPS, and Universal Plug and Play (UPnP) features.
  • Set up a guest network for visitors to use.
  • For more information, see https://www.consumer.ftc.gov/articles/how-secure-your-home-wi-fi-network

K.                Wireless networks (such as at coffee shops or airports)

1.                  The risks of wireless networks include:

  • Insecure
  • Signals may be picked up for long distances
  • Similar issues as in home networks discussed above

2.                  Security Measures:

  • Use a VPN or a Citrix account when using an insecure Internet connection

Individual attorneys can subscribe to inexpensive VPN services. A January 2022 web article that lists the “Best VPNs for the USA” can be found at https://tinyurl.com/2p8btxs6,

  • See California Opinion 2010-179 (lawyer risks violating duty of confidentiality when using public wireless networks for client work).
  • Consider using two-factor authentication to authenticate all users.

L.                 Public Computers, such as at hotels or at another law firm

1.                  The risks of using computers accessible to the public include:

  • Possible key-logging software
  • Other hotel guests being able to see what is done on a hotel computer or set-top device to a hotel TV
  • Prior or subsequent access may capture data used by the attorney or the attorney’s email address.

2.                  Security Measures:

  • Avoid these if possible.
  • If they are used, users should (1) exit or log off at the end of the session, (2) close the browser, and (3) from a trusted computer, change any account passwords that were used during the session.

M.               Connection to the Firm’s Internet by Third Parties

Risk of a foreign computer accessing the firm’s network include the introduction of viruses and possible hacking.

1.                  Security Measures:

  • Employ Network Access Control (NAC) on LAN. The NAC technology can authenticate all LAN devices and places them on an isolated virtual network, or
  • Provide a separate guest wireless network for visitors that does not allow access to the firm’s LAN.

N.                Text and Instant Messaging

These include Apple Messages, Facebook Messenger, Google Chat, WeChat, or other instant messaging (IM) tools.

1.                  The risks of using these messaging services include:

  • Causal, off the cuff remarks can be dangerous.
  • Many of these systems are not encrypted so messages may be intercepted.
  • Risk of disclosure if a non-attorney (g., family member) accesses the device.

2.                  Security Measures:

  • Consider adopting a firm policy on using this method.
  • Consider software to save the messages to the firm’s email system.

O.                Cloud migration creates new security challenges, misconfigurations, and outages.

Jurisdictions have generally approved lawyers’ use of off-site third-party providers’ cloud services and software as a service (SaaS) for creating, backing up, and storing electronic versions of client files if there are reasonable assurances that the accessibility and disclosure of information are protected. The lawyer may obtain such assurances by keeping abreast of developments in technology and relevant law, including privilege; monitoring the cloud provider’s security practices; and/or ensuring that the provider has an enforceable obligation to maintain security and confidentiality and to notify the lawyer in the event of a breach, among other things. See, for example, ABA Formal Ethics Op. 95-398[5] (1995); Florida Ethics Op. 12-3[6] (2013).

P.                 Weak passwords for personal devices

Q.                Multi-factor authentication (MFA) is still not implemented universally

R.                Ransomware is getting worse with new twists, data stealing prior to encryption, malware packaging with other threats, very specific reconnaissance followed by targeting of organizations

S.                  Listservs and chatrooms in which attorneys participate

There is a risk of developing an attorney-client relationship in such discussions, in which case the attorney must not disclose or adversely use the information conveyed. This risk is present even if no actual attorney-client relationship is formed as the non-attorney may think such a relationship exists, or the non-attorney is a potential client.

T.                 Commercial copiers, printers, and scanners usually contain hard disks or other storage media that keep copies of the documents that pass through them.

Attorneys or law firms need to ensure that hard disks or other internal memory in these machines or in computers being replaced or discarded are completely and irrevocably erased before leaving the attorney’s or law firm’s control. See Florida Ethics Op. 10-2[7]; 27 Law. Man. Prof. Conduct 16 (2010)

U.                Mobile devices, such as smartphones, tablets (e.g., Apple iPads), and notebook or laptop computers

These devices can be lost, hacked, or even confiscated, exposing contact lists, usernames, passwords, browser history, and other stored data. This exposure to loss is heightened during travel, particularly international travel.

Easily downloaded third-party mobile applications can act as portals for spreading malware, infiltrating a network, or accessing data.

1.                  Security Measures:

  • All devices should be passphrase or password protected (complying with specific length and character specifications and periodically changed),
  • Incorporate security features including a time-out function requiring reentry of the password after periods of nonuse, and a disabling the device after five wrong password entries.
  • Implement a remote wiping tool in the event the device is lost.
  • Firms also should consider encrypting the devices or at least the information stored on them.
  • Bluetooth-enabled devices should be set to non-discoverable mode, protected with strong passwords, and paired with other devices only when in a trusted location.

V.                Outside vendors are vulnerable attack vectors because:

  • Security is often not a high priority while selecting vendors.
  • It is difficult to assess a vendor’s security.
  • A vendor may have inadequate access controls within its own network.
  • There may be a lack of controls or visibility into the vendor’s access to the law firm’s network.
  • Out-of-date policies, technical controls, and enforcement around third-party remote access.
  • Insufficient contract protections.
  • Unwarranted levels of trust in the third-party vendors.
  • Devices such as commercial copiers that contain hard discs store copies of copied or scanned documents.

W.              Social media

Risk of disclosure of client identity or confidences.

X.                Phishing attacks via emails or attachments.

Y.                House counsel can take these steps to preserve attorney-client privilege for communications:

  • Identify your role as lawyer for the company.
  • Be explicit about seeking or providing legal advice.
  • Separate business and legal discussions, if possible.
  • Only include those who need to know on communications giving legal advice.
  • Instruct employees to be cautious as to content of emails and to whom they are sent.

V.                Relevant Statutes

A.                Florida Statutes

  • Florida Information Protection Act (Fla. Stat. § 501.171)
    • Data Disposal: (Fla. Stat. § 501.171(8))

B.                 Federal Laws Affecting Privacy and Security

[Source: ALAS Cyber Lawyering, Page 105]

  • Administrative Procedure Act (5 U.S.C. §§ 551, 554–558)
  • Cable Communications Policy Act (47 U.S.C. § 551)
  • Cable TV Privacy Act of 1984 (47 U.S.C. § 551)
  • Census Confidentiality Statute (13 U.S.C. § 9)
  • The Children’s Online Privacy Protection Act (15 U.S.C. §§ 6501–06)
  • Communications Assistance for Law Enforcement Act of 1994 (47 U.S.C. §§1001–1010)
  • Computer Security Act (40 U.S.C. § 1441)
  • Consumer Financial Protection Act of 2010 (Pub. L. No. 111–203, 124 Stat. 1376)
  • Criminal Justice Information Systems (42 U.S.C. § 3789g)
  • Counterfeit Access Device and Computer Fraud Abuse Act of 1984 (18 U.S.C. §1030)
  • Driver’s Privacy Protection Act of 1994 (18 U.S.C. § 2721)
  • Drug and Alcoholism Abuse Confidentiality Statutes (21 U.S.C. § 1175;42 U.S.C. § 290dd-3)
  • Electronic Communications Privacy Act (18 U.S.C. §§ 2510–21, 2701–11)
  • Electronic Funds Transfer Act (15 U.S.C. § 1693, 1693m)
  • Employee Polygraph Protection Act (29 U.S.C. § 2001, et seq.)
  • Employee Retirement Income Security Act (29 U.S.C. § 1025)
  • Equal Credit Opportunity Act (15 U.S.C. § 1691, et seq.)
  • Equal Employment Opportunity Act (42 U.S.C. § 2000e, et seq.)
  • Export Administration Regulations (EAR) (15 CFR §§ 730–774)
  • Fair Credit Billing Act (15 U.S.C. § 1666)
  • Fair and Accurate Credit Transactions Act of 2003
  • Fair Credit Reporting Act (15 U.S.C. §§ 1681–1681(u))
  • Genetic Information Nondiscrimination Act (P.L. 110-233, 122 Stat. 881)
  • Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801–09)
  • Health Insurance Portability and Accountability Act (42 U.S.C. § 1306)
  • HIPAA Omnibus Rule (45 CFR Parts 160 and 164) (1 78 Fed. Reg. 5,566 (Jan. 25, 2013)
  • Health Information Technology for Economic and Clinical Health Act (Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009, Pub. L. No. 111-5)
  • International Traffic in Arms Regulations (ITAR) (22 CFR § 120)
  • Privacy Act of 1974 (5 U.S.C. § 552a)
  • Right to Financial Privacy Act (12 U.S.C. § 3402)
  • Telecommunications Act of 1996 (47 U.S.C. § 222)
  • Telephone Consumer Protection Act of 1991 (47 U.S.C. § 227)
  • S.A. Patriot Act (Pub. L. 107–56)
  • Video Privacy Protection Act of 1998 (18 U.S.C. § 2710)

VI.             Additional Resources

A.                Florida Bar Ethics Opinions

The subject index of ethics opinions is at https://www.floridabar.org/ethics/etsubj/

Ethics opinions dealing with cybersecurity issues include the following. The subjects preceding the citation are by me and may not include all topics discussed in the opinions.

  • Chat rooms – Florida Advertising Opinion A-00-1 (Revised)[8]
  • Cloud computing – Florida Ethics Opinion 12-3[9]
  • Discussing the duty of competence in usage of technology. A lawyer must understand fundamentals of technology and understand current trends
  • Devices containing storage media (printers, etc.) – Florida Ethics Opinion 10-2 (Sept. 24, 2010, revised Dec. 13, 2010)[10], which states that Lawyers using devices that contain client information must take reasonable steps to ensure that client confidentiality is maintained and to sanitize the device before disposal or disposition.
  • Digital storage of client documents – Florida Ethics Opinion 06-1[11]
  • Disclosure of Client Information – Responding to Online Reviews – Florida Ethics Opinion 20-l[12]
  • Disclosure of Client Information – Responding to Online Reviews – Florida Ethics Opinion 21-1[13]
  • Metadata – Florida Ethics Opinion 06-2[14]
  • Online consultations & unencrypted emails – Florida Ethics Opinion 00-4[15]

B.                 Florida Bar LegalFuel Resources

LegalFuel has many articles, CLEs available on its website or via YouTube, and podcasts dealing with cybersecurity. See https://www.legalfuel.com/category/technology/cybersecurity/ to access them all.

VII.          Credits

The author thanks the following attorneys and sources that contributed to this article:

  • Pamela E. Hepp, Esq., and Sue C. Friedberg. Esq., Buchanan Ingersoll & Rooney PC, for their CLE, Gaps in the Supply Chain: Managing Third-Party Cybersecurity Risks, October 13, 2021.
  • Ellie Bane, Corporate Counsel, Texas Catholic Health Initiatives (Houston, TX), and Susan F. Koch, Esq., Jackson Walker LLP (Houston, TX) for their paper, If You CC Me, Your Email Will Be Privileged and Other Urban Legends: Legal Ethics and Practical Considerations for Attorney-Client Communications, AHLA Seminar Papers. Volume 2017, Issue 20170201, Physicians and Hospitals Law Institute, Orlando, Florida, February 1, 2017
  • 55:401 Electronic Communications, Lawyers’ Manual on Professional Conduct: Practice Guides, The Bureau of National Affairs, Inc., via Bloomberg Law
  • Cindy Hinkle, Esq., and Kendra Gangush, Esq., Buchanan Ingersoll & Rooney PC, for their CLE, The Ethics of Remote Lawyering, August 4, 2021.
  • Randy J. Curato, Esq., ALAS, Sue C. Friedberg. Esq., Buchanan Ingersoll & Rooney PC, and Kevin Beaver, CISSP, Principle Logic, LLC, Cyber Lawyering, Information Management and Security, Attorneys’ Liability Assurance Society (ALAS) (2020).
  • Federal Trade Commission, Consumer Information, https://www.consumer.ftc.gov/articles/how-secure-your-home-wi-fi-network

[1] https://www.floridabar.org/rules/rrtfb/#chapter4

[2] https://www.floridabar.org/etopinions/etopinion-10-2/

[3] https://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/11_459_nm_formal_opinion.authcheckdam.pdf

[4] https://www.floridabar.org/etopinions/etopinion-00-4/

[5] https://www.americanbar.org/content/dam/aba/publications/YourABA/95-398.authcheckdam.pdf

[6] https://www.floridabar.org/etopinions/etopinion-12-3/

[7] https://www.floridabar.org/etopinions/etopinion-10-2/

[8] https://www.floridabar.org/etopinions/etopinion-a-00-1-rev/

[9] https://www.floridabar.org/etopinions/etopinion-12-3/

[10] https://www.floridabar.org/etopinions/etopinion-10-2/

[11] https://www.floridabar.org/etopinions/etopinion-06-1/

[12] https://www.floridabar.org/etopinions/opinion-20-1/

[13] https://www.floridabar.org/etopinions/opinion-21-1/

[14] https://www.floridabar.org/etopinions/etopinion-06-2/

[15] https://www.floridabar.org/etopinions/etopinion-00-4/

 

ABOUT THE AUTHOR
Howard Allen Cohen is a Florida Board Certified Real Estate and Condominium and Planned Development Attorney who is Of Counsel to Buchanan Ingersoll Rooney PC at its Fort Lauderdale office.


This LegalFuel publication is intended for educational purposes only and does not replace professional judgment. Statements of fact and opinions expressed are those of the author individually and, unless expressly stated to the contrary, are not the opinion of The Florida Bar or its committees. The Florida Bar does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information published. Any feedback should be provided to the author.