Lawyers, Risk Aversion, and Privacy.

-- By AngeloAngelino - 06 Dec 2019

Lawyers are risk averse. An attention to privacy is a means to avoiding risk. So why aren’t more lawyers private?   I think it is a fair assumption to say that many (if not most) lawyers are risk averse. From the safety that comes with deciding to enroll in law school, the three years of legal “training” that highlight an adversarial system that assigns blame to the ‘loser’, the security that comes with having a coveted degree in a not always certain economy, and a career built off of mitigating risk for deep pocketed clients, potential attorneys are not only initially more likely to be risk averse but are also conditioned throughout law school and their legal career to cultivate that aversion. Despite the tedious study period for the LSAT and the three grueling years of law school, the decision to go to law school, for many people (including myself!), is the easy way out. 

One way to avoid risk is through ensuring privacy. Encrypting emails prevents undesired third parties from viewing, changing, or otherwise disrupting the confidential communication between the sender and their intended recipient. Connecting to the internet through a VPN masks your location, data, and content of your activity. To mitigate the risk of a data breach or the sale/use of a detailed log of your personal/professional search history and patterns, it seems to be a logical next step to adopt these protective measures to ensure privacy. 

As risk averse individuals, it would follow that lawyers should be willing to adopt these protective measures to safeguard privacy, either for themselves or for their clients. Secrecy, anonymity, and autonomy are all essential components in a lawyer fulfilling their fiduciary duty to their client. However, from my experience with lawyers, privacy concerns are rarely even considered. On a smaller scale, too often you hear of law firm attorneys sending confidential emails intended for internal distribution to opposing counsel. By mandating the encryption of confidential emails, law firms would not only be promoting the general safety of that information but also more simply would decrease the rate of emails being sent to the wrong person by requiring a sort of authentication process. On a larger scale, with increased scrutiny in data privacy and security, corporations are increasingly making efforts to protect their data. But what good are those efforts if their law firm has all of the same information in an unprotected state? In the business of risk mitigation, law firms are enhancing risk exposure for their clients. 

In this context, I think it is interesting to look at the world of finance. If anything, many aspects of the banking industry promotes risk taking, and yet, financial institutions spend a significant amount of time and money on privacy and security. I don’t think this is a perfect comparison as I think their adoption of privacy measures to avoid risk comes is a business decision resulting from extensive federal regulation that could expose them to significant (sometimes personal) liability. The legal industry, on the other hand, lacks a similar level of federal oversight. But given the risk-averse nature of lawyers, should a federal authority even be necessary for a change in practices?

It is difficult to find constructive information about what lawyers do truly think about the intersection of privacy and risk aversion. Law firms have presentations or fact sheets urging the adoption of privacy measures – but who knows if they actually comply with it themselves. Even more than that, if they didn’t comply with those standards, there is no way that they would admit to it.

I’m honestly not sure where there is a logical break. Perhaps lawyers are not as risk averse as I thought they were. Maybe it’s more of an aversion to change? Encryptions services, VPNs, and other means of ensuring your privacy in an increasingly un-private world are still considered “new” despite them being around for years. There are likely few scenarios where lawyers are the first adopters of new technology, and I don’t see this being one of them. Or maybe they are exactly as risk averse as I thought they were, and instead the discrepancy could be in a lack of understanding of the technology that makes lawyers perceive a sense of risk in the adoption of these practices. From an unknowing lawyer’s perspective, not adopting these measures towards privacy both for themselves and their client is the best effort in mitigating risk and fulfilling their fiduciary duty to their client. Either way, I find it concerning that lawyers and law firms that they comprise are unable or unwilling to adopt at mass scale what seems like such an obvious step (in many cases an obvious FIRST step!) in providing legal services to your client. Maybe my view of the lawyer-client relationship will change once I begin my legal career, but in the meantime, it is uncomfortable knowing that many of my peers don’t feel similarly.