ISBA Professional Conduct Advisory Opinion No. 10-01
Topic: Law firm’s maintenance of confidential information while working with third party technology vendor
Digest of the ISBA:
“A law firm’s utilization of an off-site network administrator to assist in the operation of its law practice will not violate the Illinois Rules of Professional Conduct regarding the confidentiality of client information if the law firm makes reasonable efforts to ensure the protection of confidential client information.”
From the opinion:
“A law firm would like to have its computer network managed by an off-site third party vendor for the purpose of monitoring the server and responding to any problems which may develop on the firm’s network. In order to respond to such problems, the vendor would need to have access to the firm’s network in which electronic client files are stored.”
“[B]ecause the offsite third-party computer vendor (“Vendor”), a nonlawyer, would have access to client files when monitoring and administering the law firm’s network, the contents of these files must be protected from disclosure under RPC’s 1.6(a) and 5.3. Thus, the law firm giving access to the Vendor to information in client files must make reasonable efforts to ensure that the Vendor either has in place or will institute reasonable procedures to safeguard the confidentiality of the client information.”
References:
Illinois Rules of Professional Conduct Rules 1.6(a), 5.3, 1.4(b);
ISBA Advisory Opinion No. 03-07 (May 2004);
ISBA Advisory Opinion No. 96-10 (May 1997);
ABA Formal Opinion Nos. 95-398 (Oct. 27, 1995), 08-451 (Aug. 5, 2008); 99-413 (March 10, 1999);
In re Estate of Divine, 263 Ill. App. 3d 799, 635 N.E.2d 581 (1st Dist. 1994);
Massachusetts Bar Association Ethics Opinion No. 05-04;
Restatement (Third) of the Law Governing Lawyers § 60 (2000);
Electronic Communications Privacy Act, 18 U.S.C. § 2510.
The full text is available at http://www.isba.org…