What ABA Rule 1.6 Actually Requires From Your Document Sharing Workflow in 2026
If a malpractice insurer, a corporate client, or a referral source has asked about your document security process, this is the page that gives you the answer.
The exact language of ABA Rule 1.6(c)
“A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
The phrase “reasonable efforts” is doing a lot of work in that sentence. It does not mean “best efforts.” It does not mean “perfect protection.” But it does mean something more than hoping your staff remembers to double-check the recipient field.
ABA Comment 18 to Rule 1.6 makes clear that what constitutes reasonable efforts depends on factors including the sensitivity of the information, the likelihood of disclosure without safeguards, and the cost of the safeguard. In 2026, an automated solution that costs less than one hour of paralegal time per month is a hard argument to walk away from.
The bar is moving. Insurers are asking. Corporate clients are including data security questions in outside counsel questionnaires. “We train our staff” is no longer a sufficient answer.
What fails the reasonable efforts standard
Three approaches that most law firms rely on, and why each leaves a gap in the standard.
Manual document review
Relying on paralegals to spot and remove sensitive content before sharing fails at volume. One busy afternoon is all it takes.
Staff training programs
Training reduces incidents but cannot eliminate them. A trained paralegal who forgets once, or reviews too quickly, creates the same exposure.
Microsoft Purview without active IT management
Purview requires E5 licensing plus a trained IT administrator actively managing policies. Most law firms have neither. The tool exists on paper; the protection does not.
Documented, automated sharing protection
Dataguard runs automatically on every outbound document. No employee action required. Every protected share is logged. This is what reasonable efforts looks like in practice.
Three steps. Zero behavior change from your team.
DataGuard runs automatically in the background. Your paralegals don't learn a new tool. They just stop accidentally sending things they shouldn't.
DataGuard lives inside the tools you already use
No new tools for your team to learn. DataGuard installs directly into Outlook, Gmail, OneDrive, Google Drive, SharePoint, and Clio, the tools your team already uses every day.
Every outbound document is scanned automatically
When a document is about to leave the firm (via email, a shared link, or a file attachment) DataGuard reads it against your privacy policies before it reaches anyone outside.
Sensitive content is removed. The share goes through clean.
SSNs, diagnosis codes, government IDs, and other restricted information are stripped from the document. The recipient gets a clean file. Your team gets a summary of what was removed. The audit log records the event.
When your insurer asks: here's the answer
Dataguard generates an audit log of every document that was reviewed and protected before sharing. That log is the documentation your malpractice insurer is asking for: a consistent, automated process with a paper trail.
Common insurer questions Dataguard answers: “Do you have automated controls on outbound document sharing?” / “What is your process for ensuring sensitive client information is removed before documents are shared externally?” / “Do you maintain an audit log of document sharing activity?”
See What Reasonable Efforts Looks Like in Practice
20 minutes. We'll walk through how Dataguard documents, protects, and logs every share, and what that means for your insurer questionnaire.