Law Firm Intranet Security and Confidentiality: What ABA Rules Require

ABA Model Rule 1.6: Confidentiality of Client Information

Rule 1.6 requires that attorneys make reasonable efforts to prevent unauthorized access to or unauthorized disclosure of client information. This rule applies directly to the technology systems attorneys use, including your intranet.

The word reasonable is doing a lot of work in this rule. What counts as reasonable depends on the sensitivity of the information, the likelihood of unauthorized access, the cost of security measures, and the extent to which additional safeguards would meaningfully reduce risk.

For a law firm intranet, reasonable measures include role-based access controls that limit who can see each matter’s documents and communications, audit logging that tracks who accessed what and when, and authentication requirements that prevent unauthorized users from reaching the platform.

When Esquire Interactive designs your intranet, ABA Rule 1.6 compliance is not a feature we add at the end. It is one of the first design requirements we address.

ABA Model Rules 1.7 and 1.9: Conflicts of Interest and Former Clients

Rules 1.7 and 1.9 govern conflicts of interest involving current and former clients. These rules have direct implications for how your intranet’s access controls are designed.

When an attorney or staff member is screened from a matter because of a conflict, that screen needs to be enforced at the system level, not the honor system. An intranet that does not prevent screened individuals from accessing matter documents and communications provides the appearance of a conflict screen without the substance.

Esquire Interactive designs ethical wall architecture into the core of every law firm intranet we build. We configure SharePoint’s security model so that screened individuals can be excluded from the matter’s workspace, documents, and communications.

ABA Model Rule 1.1: Technology Competence

ABA Model Rule 1.1 requires attorneys to maintain the legal knowledge, skill, thoroughness, and preparation reasonably necessary for competent representation. Comment 8 specifies that competence includes keeping abreast of changes in the law and its practice, including the benefits and risks of relevant technology.

This technology competence duty means attorneys are expected to understand the risks of the systems they use. It also means that when your firm makes decisions about intranet architecture, those decisions should be informed by someone who understands both the technology and the professional responsibility implications.

Having an attorney-led development team is a direct response to this requirement. When the people making architectural decisions about your intranet understand the professional stakes, the resulting system reflects that understanding in how it handles access, data, and compliance controls.

Microsoft SharePoint Security Features We Configure

Because we build on SharePoint within your firm’s Microsoft 365 environment, we leverage Microsoft’s enterprise-grade security infrastructure as the foundation for your intranet’s security posture. Specific security features we can configure include:

• Multi-factor authentication (MFA): required for all intranet access, adding a second verification layer beyond passwords.
• Role-based access control (RBAC): permissions defined by role, such as partner, associate, paralegal, and administrator, so each user accesses only what their role requires.
• Document versioning and audit trails: every document save creates a version record, and SharePoint logs every access, edit, and download for audit purposes.
• Data encryption: SharePoint encrypts data at rest and in transit within the Microsoft 365 environment, meeting enterprise data protection standards.

WANT A DETAILED WALK-THROUGH OF HOW WE BUILD SECURITY INTO YOUR SPECIFIC INTRANET?