Text messages and instant messaging applications such as WhatsApp and WeChat are used by some practitioners to communicate with their clients. While messaging can be a convenient and efficient communication tool, its use gives rise to a number of challenges and risks for law firms including record retention, data security and confidentiality.
Law firms using text messages and messaging apps need to be alert to and manage these risks by implementing clear processes and procedures governing how, when and in what circumstances they are to be used and how messages are to be preserved and retained.
Data Security and Confidentiality
Practitioners have a duty to maintain the confidentiality of communications with their clients. This can potentially be difficult to uphold where messages are sent by practitioners using their own devices or personal messaging accounts or applications which are outside the law firm’s control.
Personal accounts can lack the robust security of corporate accounts and may increase the vulnerability of communications to unauthorised access. Likewise, if the practitioner leaves the firm, or the device is lost or stolen, the messaging data may not be accessible by the firm.
Many firms do not permit staff to receive and send communications to clients from personal email accounts. Should the use of text message and messaging apps be treated any differently? Best practice says no and not to use text message and messaging apps on personal devices and accounts for client communications. Messages should only be sent from accounts which the firm can control, access and retrieve data from.
Text messaging and other messaging apps also have different levels of encryption and privacy protections, with some social messaging apps being subject to surveillance. Firms using messaging applications need to consult with their IT providers to understand and manage these security risks.
Preserving privilege
Practitioners and their clients also need to be alert to the potential for inadvertent disclosure of confidential and legally privileged communications when using messaging apps. Without clear guidance, a client may unknowingly waive their right to claim privilege over their communications. For example, if you communicate with a client via a ’chat app’ and the client were to add a new user to the chat, some have history sharing features which can enable the newly joined person to see past exchanges, which could include privileged material.
Maintaining a complete and accurate file and supervision of staff
Another critical challenge with messaging is the ability to maintain a complete, accurate and up to date client file or single source of truth.
If messages are sent and received on the practitioner’s mobile phone or third-party apps and the practitioner leaves the firm, the data may exit with them and may not be retrievable.
An incomplete record of client communications can make it difficult to defend professional negligence claims. The absence may be relied upon by a court to draw an adverse finding against the practitioner and lead to a preference for the evidence of the client over the practitioner.
The risks do not stop there. Where more than one practitioner is working on a matter and communications are conducted by messaging, it can be impossible for other staff to have visibility of what is happening on the file, and for work to be supervised.
Accordingly, it is critical that firms have in place clear processes and procedures for uploading or transferring messages to the client file contemporaneously as they are sent or received.
Is email a more suitable form of communication?
By their very nature, messages sent via text and messaging apps are typically brief and less formal and don’t lend themselves to including the context and nuance of emails or letters. Accordingly, messaging will usually be an unsuitable vehicle for the provision of legal advice where clients are relying on the communication to make informed decisions.
Another factor to consider is that communicating by text and messaging apps in real time can also lead to unrealistic expectations that you will respond immediately and the potential for being overwhelmed with messages from clients.
Risk Management Tips
It is best practice not to use text message and messaging apps on personal devices and accounts to communicate with clients. Messages should only be sent from accounts which the firm can control, access and retrieve data from.
At the outset of the retainer, law firms should set clear limits and expectations with clients about the use of messaging—if it is to be used, the types of things they should and should not be communicating with you in messages and why. If a client does message you about something which you think is not appropriate for that forum, tell them that you will respond via a more secure communication channel such as email or by phone.
Limit any messaging to administrative matters. Avoid sending or receiving confidential information or documents or giving legal advice.
If you do use messages, ensure that they are regularly uploaded or transferred to the client file as they are sent or received.
Firms should also consider how and when messages are to be destroyed in accordance with their matter retention policies.
Consult with your IT provider to assist you in understanding and managing the cyber security risks of using messaging technology and managing those risks. For example, consider whether multifactor authentication can be enabled and systems for backing up messaging data.
