RI-328
January 25, 2002
SYLLABUS
A law department of a governmental unit may utilize the services of the technical support department of the governmental unit without violating the client confidentiality rules.
The law department of the governmental unit should clearly communicate the confidentiality rules to the technical support personnel.
References: MRPC 1.6(b) and (d); RI-77; RI-111; RI-311; ABA Informal Opinion 1364.
TEXT
A lawyer working for a local government law department helps maintain a local area network (LAN) containing confidential client information. Information contained in the computer's storage includes word processing, case management information and storage of other documents. The local government's technology department, not directly connected with the law department, provides the technical support of the LAN.
The lawyer asks the committee to opine on whether or not granting access to the governmental unit's LAN for technical support purposes violates the lawyer's duty of confidentiality as required by MRPC 1.6.
MRPC 1.6 (b) provides:
"Except when permitted under paragraph (c), a lawyer shall not knowingly:
(1) reveal a confidence or secret of a client; or
(2) use a confidence or secret of a client to the disadvantage of the client; or
(3) use a confidence or secret of a client for the advantage of the lawyer or of a third person, unless the client consents after full disclosure."
Further, MRPC 1.6(d) provides:
"A lawyer shall exercise reasonable care to prevent employees, associates, and others whose services are utilized by the lawyer from disclosing or using confidences or secrets of a client, except that a lawyer may reveal the information allowed by paragraph (c) through an employee."
The comment to MRPC 1.6 points out that a lawyer is impliedly authorized to make disclosures about a client when appropriate in carrying out the representation.
This committee has addressed confidentiality issues in many previous opinions. In RI-77, this committee opined that a law firm may not submit client names and addresses to the law firm's bank lender unless the client consents after consultation. Similarly, in RI-111, the committee offered the opinion that a lawyer may not disclose information learned during the course of representing multiple clients to medical regulatory authorities or to prosecutors without client consent.
Both RI-77 and RI-111 arose from facts that did not fit under any exception to the non-disclosure rule. However, in RI-311, this committee concluded that a legal services agency may report to the Legal Services Corporation the names and addresses of clients of that agency "when required to do so by law," since there is a federal law that requires that disclosure.
The confidentiality mandates of MRPC 1.6(b)(1) prohibit revealing confidences or secrets of the client. Under the facts presented to the committee, the technical support employees who service the legal department's LAN would have access to the client information, but would not be using that information in any way detrimental to the client.
In ABA Informal Opinion 1364, the American Bar Association concluded that it is not a violation of the confidentiality rules to allow bookkeepers, accountants or data processing professionals to have access to lawyers' records to assist the lawyer in the practice of law. Although this opinion was offered under the former Disciplinary Rules, the result is consistent with the current Model Rules of Professional Conduct.
In this matter, the technical support personnel of the local government unit are providing business assistance to the legal department, in the same way as accountants, bookkeepers or other data processing professionals perform services for lawyers. Therefore, consistent with ABA Informal Opinion 1364, this committee finds that the use of technical support personnel to assist a law department with computer-related issues does not in itself violate the mandates of MRPC 1.6(b).
Pursuant to the "reasonable care" requirement of MRPC 1.6(d), the legal department of the local governmental unit should clearly communicate the confidentiality mandates to the technical support personnel. It would be prudent for the lawyer giving that notification to secure a written acknowledgement from the technical support personnel that they have been advised of the confidentiality requirements and that they agree not to disclose confidential information learned as a result of their access to the data. The degree of confidentiality that attaches to the information affects the degree of care the lawyer needs to exercise to protect it. The lawyer must take all necessary steps to assure that particularly sensitive client confidences be maintained outside of the view of technical support personnel.
This opinion assumes there is no reason to believe that individuals obtaining access to the information have any specific interest in the substance of the information obtained. It also assumes that counsel has no reason to expect that any particular individuals with access to the confidential information have any likelihood of using this information to the disadvantage of the client as prohibited by MRPC 1.6(b).