This article is for informational purposes only and does not constitute legal advice.
Legal outsourcing opens the door to flexibility and scale, but it also raises a core concern: confidentiality.
Under Rule 1.6 of the ABA Model Rules, lawyers have a duty to protect client information against unauthorized disclosure or access. This obligation does not go away when legal work is outsourced: it intensifies.
Firms that work with remote contractors must prove they can protect what matters most: the client’s trust.
🧠 What Rule 1.6 Actually Requires
Rule 1.6 prohibits a lawyer from revealing information relating to client representation unless:
- The client gives informed consent
- Disclosure is implied to carry out the representation
- Disclosure is otherwise permitted under the rules
Even beyond that, lawyers must make reasonable efforts to prevent unauthorized access or disclosure. That includes how contractors handle emails, case files, passwords, and internal systems.
🛡️ How Resorsi Ensures Confidentiality with Remote Talent
We don’t treat confidentiality as a checkbox. It’s designed into how we operate.
1. Mandatory NDAs and Confidentiality Clauses
Every contractor signs robust NDAs as part of onboarding. These are not generic templates. They are tailored to reflect the sensitivity of legal workflows and explicitly bind contractors to U.S. standards.
2. Secure Tech Stack
We work within client environments or set up secure channels when needed. That includes:
- Access via client VPN or approved cloud systems
- Role-based permissions with limited file access
- Encrypted communication through platforms like Slack, Google Workspace, or Microsoft Teams
If it can’t be secured, it doesn’t get implemented.
3. Access is Purpose-Limited
Contractors only receive access to the systems, folders, or documents directly tied to their responsibilities. No all-access accounts, no shortcuts. Every login and handoff is scoped and traceable.
4. Ongoing Oversight
We help firms build internal workflows to ensure that remote talent is not just technically secure but operationally accountable, including periodic reviews and clear escalation channels.
🔍 Avoiding the Real Risk: Assumptions
Most breaches don’t come from malice. They come from informal processes: unsecured Gmail threads, shared passwords, working from public Wi-Fi, or assuming “it’s just admin work.”
Compliance starts with acknowledging that everything connected to a matter is sensitive, and designing systems that treat it that way.
Final Thought
Rule 1.6 is not a barrier to outsourcing. It’s a call to take confidentiality seriously in every format, in-office, hybrid, or remote.
When firms outsource with intention, structure and controls, they don’t expose their clients. They protect them, and scale responsibly while doing it.
No responses yet