Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

New York Ethics Opinion: May Attorneys Allow an App to Access Their Contacts?

May 3, 2022

I confess that I didn’t see one coming, but I should have!

On April 8, the New York State Bar Association’s Commission on Professional Ethics issued Opinion 1240 which discusses the duty to protect information stored on a lawyer’s smartphone.

Here is the digest language of the opinion: “If “contacts” on a lawyer’s smartphone include any client whose identity or other information is confidential under Rule 1.6, then the lawyer may not consent to share contacts with a smartphone app unless the lawyer concludes that no human being will view that confidential information, and that the information will not be sold or transferred to additional third parties, without the client’s consent.”

The fact scenario is this: “When the inquiring lawyer downloads or accesses an app on his smartphone, the lawyer is sometimes asked whether the lawyer gives consent for that app to access the lawyer’s “contacts” on the smartphone. The lawyer’s contacts include clients in criminal representations.”

The question asked is “May a lawyer consent for an app to access contacts on the lawyer’s smartphone that include the lawyer’s current, former or prospective clients?”

You may want to read the entire opinion, but I’ve pulled out what I saw as the essence of the opinion below.

“Insofar as clients’ names constitute confidential information, a lawyer must make reasonable efforts to prevent the unauthorized access of others to those names, whether stored as a paper copy in a filing cabinet, on a smartphone, or in any other electronic or paper form. To that end, before an attorney grants access to the attorney’s contacts, the attorney must determine whether any contact – even one – is confidential within the meaning of Rule 1.6(a). A contact could be confidential because it reflects the existence of a client-attorney relationship which the client requested not be disclosed or which, based upon particular facts and circumstances, would be likely to be embarrassing or detrimental to the client if disclosed.

Some relevant factors a lawyer should consider in determining whether any contacts are confidential are: (i) whether the contact information identifies the smartphone owner as an attorney, or more specifically identifies the attorney’s area of practice (such as criminal law, bankruptcy law, debt collection law, or family law); (ii) whether people included in the contacts are identified as clients, as friends, as something else, or as nothing at all; and (iii) whether the contact information also includes email addresses, residence addresses, telephone numbers, names of family members or business associates, financial data, or other personal or non-public information that is not generally known.

If a lawyer determines that the contacts stored on his smartphone include the confidential information of any current or former client, the lawyer must not consent to give access to his contacts to an app, unless the attorney, after reasonable due diligence, including a review of the app’s policies and stated practices to protect user information and user privacy, concludes that such confidential contact information will be handled in such a manner and for such limited purposes that it will not, absent the client’s consent, be disclosed to additional third party persons, systems or entities.”

Hat tip to Dave Ries.

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology