ETHICS OPINIONS: Do I always need to encrypt my correspondence with clients?


ABA American Bar Association Standing Committee On Ethics And Professional Responsibility, Formal Opinion 99-413 & 11-459 NO Opinion 99-413: Unencrypted e-mail sent over the Internet are not unethical  because “transmission affords a reasonable expectation of privacy from a technological and legal standpoint … [BUT] A lawyer should consult with the client and follow her instructions, however, as to the mode of transmitting highly sensitive information relating to the client’s representation. 

Confirmed by Opinion 11-459

Alaska Alaska Bar Association Ethics Committee, Opinion 98-2 (1998) NO An attorney is free to communicate using e-mail (…) there may be circumstances involving an extraordinary sensitive matter that might require enhanced security measures, like encryption.
Arizona State Bar of Arizona, Committee on Rules of Professional Conduct, Opinion 97-04 (1997) MAYBE While “it is not unethical to communicate with a client via e-mail even if the e-mail is not encrypted (…) it is preferable to protect the attorney/client communications to the extent it is practical.”
California The State Bar Of California Standing Committee On Professional Responsibility And Conduct, Formal Opinion No. 2010-179 MAYBE Before using a particular technology in the course of representing a client, an attorney must take appropriate steps” evaluating several circumstances. “Encrypting email may be a reasonable step for an attorney to take in an effort to ensure the confidentiality of such communications remain so when the circumstance calls for it, particularly if the information at issue is highly sensitive and the use of encryption is not onerous.”
Delaware Ethics Op. No. 2001-2 (2001) NO The transmission of confidential information by way of e-mail or mobile (or cell) phone, absent extraordinary circumstances, does not violate Rule 1.6”. Encryption unnecessary.
District of Columbia District of Columbia Bar Legal Ethics Committee, Opinion 281 (1998) & 302 (2000) NO “In most circumstances, transmission of confidential information by unencrypted electronic mail does not per se violate the confidentiality rules of the legal profession. However, individual circumstances may require greater means of security.”

Confirmed later in passim in opinion 302/2000.

Electronic mail without encryption is ethically proper under most circumstances.

Florida Florida Ethics Op. No. 00-4 (2000) NO “An attorney may communicate with the client using unencrypted e-mail under most circumstances.”
Illinois Illinois State Bar Association Committee on Professional Ethics, Opinion 96-10 (1997) NO No encryption required “unless unusual circumstances require enhanced security measures.”
Iowa Iowa Supreme Court Board of Professional Ethics and Conduct, Opinion 97-1 (1997) MAYBE with sensitive material to be transmitted on e-mail counsel must have written acknowledgment by client of the risk of violation of DR 4-101 which acknowledgement includes consent for communication thereof on the Internet or non-secure Intranet or other forms of proprietary networks to be protected as agreed between counsel and client.”
Georgia 1999 Formal Advisory Opinion Board’s unofficial answer to Georgia Bar’s Computer Law Section, which asked for the issuance of opinion re encryption- The Board refused the issuance but made remarks


NO Remarks reported by Robert C. Port, Whoops! You’ve Got Mail!, 6 Ga.B.J. 16, 18 (2001): “in view of the criminal consequences for intercepting electronic mail correspondence of others, a lawyer would clearly be justified in concluding that correspondence with a client by electronic mail would be confidential and that the use of such electronic mail in communicating with a client would not have disciplinary consequences.” 
Hawaii Hawaii Ethics Op. No. 40 (2001) NO An attorney may transmit information relating to the representation of a client by encrypted or unencrypted e-mail sent over the Internet without violating HRPC 1.6(a).
Kentucky Kentucky Bar Association, Ethics Opinion KBA E-403 (1998) NO A lawyer may use “electronic mail services including the Internet to communicate with clients without encryption (…) unless unusual circumstances require enhanced security measures
Massachusetts Massachusetts Bar Association Ethics Opinion, Opinion 00-1 NO A lawyer’s use of unencrypted Internet e-mail to engage in confidential communications with his or her client does not violate Massachusetts Rule of Professional Conduct 1.6(a) in usual circumstances.”
Maine Professional Ethics Commission, Opinion 195 (2008) NO The Commission concludes that, as a general matter and subject to appropriate safeguards, an attorney may utilize unencrypted e-mail without violating the attorney’s ethical obligation to maintain client confidentiality”.
Missouri Advisory Committee of the Missouri Supreme Court, Opinion 990007 MAYBE “Whether e-mail communication is appropriate may depend on the setting in which the client will send and receive e-mail as well as the nature of the particular communication. Any communication with the client regarding this subject should be in plain language, as much as possible, and should discuss the various ways in which e-mail might be intercepted or accessed by someone else.”
New York New York State Bar Association Committee on Professional Ethics, Opinion 709 (1998) NO lawyers may in ordinary circumstances utilize unencrypted Internet e-mail  (…) [unless] the confidential information at issue is (…) extraordinarily sensitive nature.
Association of the Bar of the City of NY, Formal Opinion 1998-2 (1998) NO No need to encrypt “all e-mail communications containing confidential client information, but should advise its clients and prospective clients (…) that security of communications over the Internet is not as secure as other forms of communication”.
North Carolina N.C. Ethics Op. 215 MAYBE In using e-mail lawyers must use reasonable care to communicate maintaining information confidential.
North Dakota State Bar Association of North Dakota Ethics Committee, Opinion 97-09 (1997) NO Unencrypted electronic mails are not unethical, “unless unusual circumstances require enhanced security measures.”
Ohio Supreme Court of Ohio Board of Commissioners on Grievances and Discipline, Advisory Opinion 99-2 (2000) NO No violation of confidentiality duty “by communicating with clients through electronic mail without encryption. [But]  An attorney must use his or her professional judgment in choosing the appropriate method of each attorney-client communication.”
Pennsylvania Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility, Opinion 97-130 (1997), Reprinted in ABA/BNA Lawyers’ Manual on Professional Conduct. Available only to members of PA Bar but not currently posted members’ portion of the PA bar website NO “A lawyer may use-emails to communicate with or about a client without encryption.” [But] “A lawyer should not un-encrypted email to communicate information concerning the representation, the interception of which would be damaging to the client, absent the client’s informed consent after consultation
South Carolina South Carolina Bar Ethics Advisory Committee, Opinion 97-08 (1997) NO It “exists a reasonable expectation of privacy when sending confidential information through electronic mail (…)  Use of electronic mail will not affect the confidentiality of client communications under South Carolina Rule of Professional Conduct 1.6.”
Texas NA
Utah Utah State Bar, Ethics Advisory Opinion Committee, No. 00-01 (2000) NO A lawyer may, in ordinary circumstances, use unencrypted Internet e-mail to transmit client confidential information without violating the Utah Rules of Professional Conduct.
Vermont Vermont Bar Association Committee on Professional Responsibility, Opinion 97-5 NO No violation of DR 4-101 “by communicating with a client by e-mail, including the Internet, without encryption.
Virginia Virginia Ethics Op. No 1791 (2003) NO Rule 1.4 outlines content areas of communication, rather than the method of communication….The rule in no way dictates whether the lawyer should provide that information in a meeting, in writing, in a phone call, or in any particular form of communication. In determining whether a particular attorney has met this obligation with respect to a particular client, what is critical is what information was transmitted, not how”.


Related Document: MEMO – Do I always need to encrypt my correspondence with clients?