Yesterday, the ABA issued a formal opinion on attorney email encryption, providing that while encryption is not required always, it may be – and to determine if it is, a lawyer must understand certain things, including how information is transmitted and where it is stored.
Model Rule 1.4 may require a lawyer to discuss security safeguards with clients. Under certain circumstances, the lawyer may need to obtain informed consent from the client regarding whether to the use enhanced security measures, the costs involved, and the impact of those costs on the expense of the representation where nonstandard and not easily available or affordable security methods may be required or requested by the client. Reasonable efforts, as it pertains to certain highly sensitive information, might
require avoiding the use of electronic methods or any technology to communicate with the client altogether.
Great summary of (and link to) the opinion here.
H/T to Jim Calloway @ Law Practice Tips.