Tag Archives: Technology

Lawyers may be required to supervise the client?

Here’s my latest Threat Assessment- those are my short warnings about key ethics dangers that both lawyers and the PD professionals who care about them, need to know.

Today: Technology scare (what a shocker). Our duty to supervise may have been drastically expanded in a recent opinion out of California. Specifically, the California Bar’s Standing Committee on Professional Responsibility and Conduct, Formal Opinion Np. 2015-193.

The opinion presents a hypo about a lawyer who messed up. He didn’t understand the technicalities of e-discovery, didn’t seek help from a professional with knowledge, and he let his adversary conduct an unsupervised e-discovery review of the client’s files. Result: disaster. There were allegations of withholding/obstructing discovery and a major leak of proprietary/confidential information to a major competitor. The opinion holds that the lawyer should have known better.

POINT 1 of 2: Competence is being expanded

The opinion states:

“An attorney’s obligations under the ethical duty of competence evolve as new technologies develop and become integrated with the practice of law.
* * *
Attorney competence related to litigation generally requires, among other things, and at a minimum, a basic understanding of, and facility with, issues relating to e-discovery, including the discovery of electronically stored information (“ESI”).”

What we need to know: Certain technologies that have so integrated themselves into the practice that our duty of competence demands that we understand them. We can’t just rely on our “people” to know about it. We need to, individually, understand the systems.

What we need to know: We need to understand the underlying technology, not just the “law” about that technology.

POINT 2 of 2: Our duty to supervise is being expanded drastically.

The opinion also stated:

“The duty of competence…includes the duty to supervise the work of subordinate attorneys and non- attorney employees or agents…This duty to supervise can extend to outside vendors or contractors, and even to the client itself.”

What we need to know: Our duty to supervise doesn’t just include the lawyers and non-lawyers in our office. It is also includes vendors and contractors. But the big extension is that it might also include supervising the client itself. That is a change- we are familiar with the need to “advise” and “guide” a client. Now we may also be required to “supervise” the client as well. Does that mean watching their IT people? It depends, but this opinion basically says yes, sometimes.

Find more information like this in my live program: Tech Tock, Tech Tock: Social Media and the Countdown to Your Ethical Demise. See my course list here.

Share

Confidentiality: The ABA’s Changes

Last week the ABA made an important change to Rule 1.6, “Confidentiality.”  On its face, the change doesn’t seem like much—the drafters added a new section 1.6(c) which states, “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

That doesn’t seem like such a big deal, especially since the sentiment already existed in the commentary to the rules.  The need to safeguard our clients’ information was already stated in a slightly different form in Comment [16] to Rule 1.6.  And why shouldn’t it be—isn’t it an obvious point?  So why would the drafters simply take language that already existed in the commentary, tweak it, and move it to the rule itself?  It’s about addressing technology head on.

Lawyers are increasingly using new technologies like cloud storage sites and software as a service (SaaS) to store client data.  While helpful, the obvious risk of using these sites is that there is a potential for disclosing information.  Plus, this isn’t just about could-computing or websites, it’s about using any new technology, whether it be mobile storage devices, unencrypted wireless routers, iPads, etc.  The more we use these technologies, there more opportunities we have to reveal client information.  The drafters must have believed that the more frequent use of these types of technologies demands an increased emphasis on the need to protect client information.  Thus, by expanding the language and moving it to the actual text of the rule, the drafters are telling the bar that this issue is no longer just commentary, or “secondary guidance.” Now it’s a primary duty.

So now we know that before we use new technologies we have a duty to make reasonable efforts to prevent the release of information relating to the client.  But what does that mean? How do you know if the efforts you used were actually “reasonable?”  More on that in the next post…

Share

Wireless Networks? um…NO. Future Technologies? Maybe.

Sometimes finding free Wi-Fi feels like finding buried treasure.  A laptop user who finds free Wi-Fi in a coffee shop is comparable to a deep sea diver who finds a tank of oxygen.  However there is a downside– many of those networks are unsecured and vulnerable to being compromised.  That poses a problem for attorneys because our client’s confidential information may be exposed if we use an unsecured wireless network to perform work on their behalf.  The question then becomes, are lawyers permitted to use unsecured wireless networks to do client work?

The issue of course, is confidentiality because an unsecured wireless network is easily accessed by hackers.  The concept of competence is also in question because comments [16] and [17] of Rule 1.1 (“Competence”) remind lawyers that we must, “act competently to safeguard information…against …unauthorized disclosure” and that when transmitting a communication we must, “take reasonable precautions to prevent the information from coming into the hands of unintended recipients.”  California tackled the question directly in Formal Opinion No. 2010-179.

The Committee said that lawyers should not use unsecured wireless connections when working on client matters.  The opinion states,

“With regard to the use of a public wireless connection, the Committee believes that, due to the lack of security features provided in most public wireless access locations, Attorney risks violating his duties of confidentiality and competence in using the wireless connection at the coffee shop to work on Client’s matter unless he takes appropriate precautions, such as using a combination of file encryption, encryption of wireless transmissions and a personal firewall. [FN omitted]  Depending on the sensitivity of the matter, Attorney may need to avoid using the public wireless connection entirely or notify Client of possible risks attendant to his use of the public wireless connection, including potential disclosure of confidential information and possible waiver of attorney-client privilege or work product protections, and seek her informed consent to do so. [FN omitted]

Finally, if Attorney’s personal wireless system has been configured with appropriate security features[FN omitted] the Committee does not believe that Attorney would violate his duties of confidentiality and competence by working on Client’s matter at home. Otherwise, Attorney may need to notify Client of the risks and seek her informed consent, as with the public wireless connection.”

The Takeaway: If your jurisdiction agrees with California, you can’t use wireless networks for client matters (unless you take the recommended precautions, none of which are practical/realistic).  Even if your state hasn’t stated that they agree with California it’s probably a good idea to abide by their direction anyway.  After all, the only way you’ll know your state’s position for sure is when the Bar finally acts, either because they were asked to opine on the subject or they are disciplining someone.   The question I ask myself is…do I want to be that person who “makes the law” by being the first person to be disciplined?

I love this opinion for another reason—the opinion listed 6 factors that an attorney should consider when evaluating new technologies.  Those factors could be helpful to attorneys everywhere when evaluating whether they could use new systems in the future.  Here are the factors (but I encourage you to read the opinion because they’re explained more fully and it makes better sense after you read that text).

1- An attorney’s ability to assess the level of security afforded by the technology, including (i) how the technology differs from other media use (ii) whether reasonable restrictions may be taken when using the technology to increase the level of security and (iii) Limitations on who is permitted to monitor the use of the technology to what extend and on what grounds.

2- Legal ramifications to third parties of intercepting the information

3- The degree of sensitivity of the information

4- The possible impact on the client of an inadvertent disclosure

5- The urgency of the situation

6- Client instructions and circumstances

The Takeaway: As time goes by, lawyers will find themselves wondering whether they can ethically use new technologies and California’s Opinion will help provide that answer.  The opinion provides these “technology permissibility factors” (my term) that a lawyer could use to evaluate the permissibility of those new technologies.

Granted, the California Opinion may not be binding in your jurisdiction, but it wouldn’t be such a bad idea to consider the factors when you find yourself in a pickle in the absence of a direct ruling from your home jurisdiction.  Consider how a disciplinary board would react if you were faced with a new technology, but before using it you evaluated the California “technology permissibility factors” and wrote a memo to the file detailing your analysis.  I would expect that a disciplinary board would look favorably upon you in a hearing situation.

Share