← Back to Blog

Border Crossings & Client Data: What Every Lawyer Needs to Know

March 12, 2026 · 7 min read Law Firm IT Cybersecurity

US Customs and Border Protection agents can demand your passwords, search your devices, and seize your electronics — all without a warrant. For lawyers carrying client files, case notes, and privileged communications, this isn't just an inconvenience. It's a professional liability.

⚠️ The Legal Reality

The Law Society of BC has issued guidance warning that permitting border agents to access devices containing privileged client information may be a breach of your professional responsibilities. The Canadian government's travel advisory urges Canadians to "expect scrutiny" at US border crossings.

Why This Matters Now

US law permits CBP agents to search electronic devices during border inspections. While CBP reports that the overall incidence of device searches remains small, recent media reports indicate these searches are increasing — and they can happen to anyone, including Canadian legal professionals travelling for work.

If you refuse to hand over your password, your device can be confiscated and you may face significant delays. If you comply, you may be exposing privileged client information to a foreign government agency — a potential breach of your obligations under the Code of Professional Conduct for British Columbia.

Neither option is good. The answer is preparation.

The 7-Step Travel Protocol for Law Firms

Based on guidance from the Law Society of BC and the Federation of Law Societies of Canada, here's what your firm should implement — with IT support to make it practical.

1

Use Dedicated Travel Devices

The safest approach is a clean laptop and phone that contain zero client data. Your IT provider can maintain a pool of forensically wiped travel devices, pre-configured with VPN access so you can securely connect to your firm's systems once you've cleared the border. No local data means nothing to find.

2

Move Everything to the Cloud — Then Disconnect

If you use cloud-based document management (NetDocuments, Clio, SharePoint), your files aren't stored on the device itself. Before crossing the border, delete the cloud apps, clear your browser cache and cookies, and remove any synced offline files. Reinstall everything once you arrive. A border agent can search your device, but they can't compel you to access a remote server in another country.

3

Separate Work and Personal Accounts

If you use one device for everything, create separate user profiles for work and personal use. Clearly mark privileged documents as "Solicitor-Client Privileged" so they can be identified during any prospective search over which you would claim privilege. Your IT team can configure device profiles that make this separation clean and enforceable.

4

Encrypt Everything and Use Two-Factor Authentication

Full-disk encryption (BitLocker on Windows, FileVault on Mac) protects data at rest. Two-factor authentication on your accounts means that even if a border agent accesses your device, protected cloud accounts behind 2FA won't be easily accessible without a second factor. This won't prevent initial device access, but it adds a critical layer if the device is seized for further examination.

5

Delete Local Email, Contacts, and Calendar Data

Your smartphone syncs email, contacts, and calendar entries automatically — all of which may contain client names, case details, and privileged communications. Before travelling, remove your work email account from your phone, delete synced contacts and calendar data, and restore them through cloud sync after you arrive. Your IT provider can automate this with a mobile device management (MDM) profile.

6

Establish a Firm-Wide Travel Policy

Don't leave this to individual lawyers to figure out on their own. Create a written policy that covers cross-border travel by all legal counsel and staff. Define which devices can cross the border, what data must be removed, and what the protocol is if a border agent demands access. Train everyone on it annually.

7

Talk to Your Clients

Some clients may not be comfortable with their confidential information being on any device that crosses an international border — period. Have that conversation before you travel. Document their preferences. This isn't just good practice — it's your professional obligation.

What to Do at the Border

The Law Society of BC advises lawyers to be straightforward with border officers. Be prepared to explain the purpose of your travel and, if appropriate, your connection to a Canadian law practice — without divulging confidential client information.

Practical Tips at the Crossing

  • Carry a printed itinerary — don't rely on your phone to answer travel questions
  • Know what's on your device — if you followed the protocol above, the answer should be "nothing privileged"
  • Don't be intentionally vague — answer questions about your travel honestly and directly
  • If asked to unlock your device — you may wish to comply while asserting that the device contains solicitor-client privileged information and requesting that such information not be reviewed
  • Consider seeking legal advice in advance regarding your options if a border official demands access to the entirety of your device

How Your IT Provider Can Help

Most of these recommendations require IT support to implement properly. A managed IT provider experienced with law firms can:

  • Maintain a pool of clean travel devices — pre-configured, forensically wiped, ready to go
  • Configure cloud-based document management so no files are stored locally on devices
  • Deploy MDM (Mobile Device Management) to remotely wipe work profiles before travel and restore them after
  • Implement full-disk encryption across all firm devices
  • Set up VPN access so lawyers can securely connect to firm systems from anywhere
  • Create automated "travel mode" scripts that strip sensitive data and apps with one click
  • Help draft and maintain your firm's travel IT policy

This isn't theoretical. These are practical, deployable solutions that your IT team should be able to implement within days, not weeks.

Stay Updated

The LSBC advises lawyers who need to travel across the US border with work-related devices to watch for updates from both the Canadian and US governments on this issue. The situation is evolving, and your firm's policies should evolve with it.

Read the full LSBC guidance: Information for lawyers on border searches and electronic devices

Cloud Collective provides managed IT services for law firms across Vancouver and the Lower Mainland. If your firm needs help implementing a secure travel protocol or improving your data security posture, get in touch or call us at 604-239-2174.

Need help securing your firm's devices?

We work with law firms across BC to implement travel protocols, device encryption, cloud DMS, and mobile device management. Start with a free assessment.

Free IT Assessment 604-239-2174