If you’ve read my prior articles for CEB, you may have recall my first post on reframing your relationship with your rules of professional conduct. I specifically discussed California Rules of Professional Conduct, rule 1.1, “Competence,” encouraging readers to pay close attention to the concept of “legal services.” Legal services incorporate everything that a lawyer utilizes to represent their clients and run a law firm.
On March 22, the California Supreme Court adopted new language in comment 1 to include a lawyer’s duty to have competence in their use of technology. Comment 1 specifically states: “The duties set forth in this rule include the duty to keep abreast of the changes in law and its practice including the benefits and risks associated with relevant technology.” Thus we now read the language of rule 1.1 — “A lawyer shall not intentionally, recklessly, with gross negligence, or repeatedly fail to perform legal services with competence” — to be applied to a lawyer’s or law firm’s duty of competency when using technology in their legal practice.
Lawyers have grown increasingly dependent upon technology. Many of us use laptops, tablets, and cell phones. We have incorporated online practice management systems, online payment, webhosting, cloud services, and other apps or tech services meant to simplify and streamline our practices. We have purchased dedicated computers and other technology for our employees to use. We use work, home, and public Wi-Fi services to allow us to work from anywhere we may wish or need to work. Aside from the convenience and necessity of incorporating technology in our law practices, not all of us have considered the broader consequences of technology on our ethical duties.
As I explained in my article last year, we must be competent in all aspects of our legal services. Comment 1 now defines competency to require a lawyer to maintain their knowledge of changes in law and technology. This does not mean that lawyers must become technology experts. When a lawyer chooses to use a particular form of technology, they must do so with knowledge of the technologies broader impact.
For example, some lawyers exchange text messages with clients. A competent lawyer should have an understanding of the impact that text messaging could have on their broader duties, such as confidentiality. I try to avoid text exchanges with my client, but I am realistic that for certain practices and clients, text is the best form of communication. If a lawyer incorporates texts in their legal services, better practices advise a lawyer to consider how they will use the technology, whether there will be limits on the use of technology, who (clients, and employees) may use the technology, how the technology affects an attorney’s broader duties to a client, and how the technology works. Applying these considerations to text messaging, a lawyer may consider limiting texts to simple exchanges such as, “When can we chat?” A lawyer may have protocols in place to collect the text communication. A lawyer may prohibit employees from engaging in detailed communications with a client to avoid engaging in conversations that may better conducted either on the phone or in person.
Additionally, a lawyer must also train their employees on how to ethically use technology to best protect a client’s confidential information. (See CRPC, rules 5.1 and 5.3.) When an employee, an associate, or nonlaywer uses a law firm’s technology, they must fully understand the duties owed to the firm clients. A firm or lawyer should train their employees on the use of the technology and teach employees about the risk of data breaches due to mishandling of technology, and how an employee’s use of technology supports an attorney’s ethical behavior. While it can be uncomfortable to impose rules such as prohibiting personal use of law firm email or computers, this prohibition is a reasonable effort to prevent data breaches due to “phishing” or viruses, or an unintentional disclosure of confidential information.
Better practices when incorporating technology in your law firm:
- Have established protocols regarding the use of firm-owned technology.
- Have and keep antivirus, spyware, and malware software up to date.
- For cloud-based services, avoid using free services and pay for additional security such as encryptions and retrieval of lost data. Most cloud-based services offer HIPPA compliant confidentiality services, which can also be used by lawyers.
- Generally avoid using free technology services. Free video conferencing, email services, cloud storage, or phone services are cost-effective but provide minimal — if any — level of privacy or data protection to you or your clients.
- Use password protected Wi-Fi at home and at all other private and public spaces.
- Consider the use of a VPN (Virtual Private Network).
- Take advantage of free trainings offered by practice management services and require employees to do the same.
- Before incorporating a new form of technology into your practice, consider how the technology will impact client confidences. Consider the different price points for the same technology. For example, the base price of a service may offer less privacy protection than the more expensive version.
- Upgrade your technology regularly to avoid the loss of data — meaning, if possible, don’t wait until your computer crashes to buy a new one.
- Back up your data regularly.
- If you must hire IT support, better practices encourage you to find a company that specializes in supporting lawyers and law firms, or that has significant experience and understands attorneys’ privacy and confidentiality duties.
Mary Grace Guzmán of Guzmán Legal Solutions advises lawyers, law firms, and law students on their professional responsibilities and risk management needs. She also teaches legal ethics and professional responsibility at JFK Law School. She works with lawyers and law firms regarding legal ethics issues such as conflict of interest issues, fee disputes, and advises lawyers and law firms as outside ethics counsel to manage risk. Ms. Guzmán recognizes that a lawyer’s or law firm’s needs are best met by preventing legal ethical issues before they arise or managing an ethical issue once identified.
© The Regents of the University of California, 2021. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited.