TIPS & BEST PRACTICE 24. OCT 2017
Encrypted emails safeguard lawyers’ confidentiality obligation
In Germany, lawyers and other professional groups are subject to an exceptional confidentiality obligation. German law punishes infringements with a maximum of one year in prison. The issue at hand is how compatible is the confidentiality claim of legal correspondence with the non-secure medium email.
An incontestable solution: Liability disclaimer
Better safe than sorry, lawyers require clients to sign a declaration of consent for insecure communications, reading, more or less, thusly:
“I hereby consent to allow XXX law offices to send me documents related to my case via email. I am aware that these emails are not encrypted, and accept that they will be sent to me without any additional protective measures.”
The crux: Communicating uneasiness
Clients are made even more leery when their lawyers point out the dangers they expect them to accept. Some law offices go so far as to accentuate the insecure conditions:
“Law offices XXX draw attention to the fact that particularly emails can be read like a postcard by third parties. The undersigned hereby consents to unencrypted email correspondence between the XXX law offices, the undersigned and all correspondence partners until this agreement is revoked.”
Both examples serve to protect the law offices, at the expense of client security. Clients must weigh the loss of confidentiality without access to any alternative options. They would more than appreciate their lawyer providing a suitably secure communication avenue.
A responsible solution: Offer encryption
The WSL patent lawyers also exchange confidential information, as they handle new developments and ideas to be patented or registered as utility models. To protect communications with clients, WSL law offices implemented Zertificon’s Z1 SecureMail Gateway to encrypt emails. The gateway works between the in-house network and the Internet, automatically encrypting and decoding incoming and outgoing emails. Clients not equipped with encryption solutions can just as easily receive encrypted emails as those owning OpenPGP keys or S/MIME certificates. The Gateway is so easy to work with that one of the lawyers could immediately take over the role of administrator.
To best protect their clients, WSL patent lawyers no longer circumvent data protection regulations with declarations of consent, nor do they delegate responsibility onto their clients. The need for secure email communication when dealing with patents may be more pronounced – industrial espionage can incur severe financial damages – than with, say, divorce cases. However, up-to-date, easily accessible encryption is recommended for all branches of law. Clients will appreciate diligent treatment of their data.
To discover how simple the central email encryption solution was introduced at WSL patent law offices, read our user report, “Knowledge protected! Secure client data thanks to email encryption by Zertificon”.
This blog entry describes the situation in Germany. Can you share your knowledge of how lawyers in other countries handle email security? We would be happy to hear from you at email@example.com.