The duty of competence in the
While mobile devices, the cloud, email, social media and other electronic information have made it more convenient for lawyers to do business, are lawyers doing all they can to keep up with the rapid digital trends when it comes to protecting information?
A conversation by legal ethics experts during an American Bar Association program highlighted the changes the profession has seen over the past 15 years, how those changes affect lawyers' ethical obligations and the various ways competence can be fulfilled in the digital age.
"I don't think you have to be practicing for very long to know that the legal profession is fundamentally being transformed by technology and globalization," Andrew Perlman, director of the Institute on Law Practice Technology and Innovation, said during the webinar "Am I Competent? The Ethical Use of Evolving Technologies." "I graduated about 17 years ago, and the changes I have seen are enormous."
The changes have been so dramatic that in 2009, the ABA created the Commission on Ethics 20/20 to study the rules and policies surrounding lawyer conduct concerning the advances in technology and globalization.
Perlman gave an overview of the commission's findings and said the amendment to Model Rule 1.1 (Competence) in the Model Rules of Professional Conduct has made lawyers around the country "pay attention."
"When the commission was thinking about the ways in which technology has changed the profession, one surprising feature of the model rules that we came upon was that the word technology appeared nowhere," Perlman said. "And we thought it was important that there should be some reference of the role technology is playing in the delivery of legal services."
The result was that the commission added a line to Comment 6 of Model Rule 1.1. The line reads, "… including the benefits and risks associated with relevant technology."
Perlman said the new line "emphasizes that in the course of a lawyer's career, it's not enough to just keep abreast of changes in the law, but when you keep abreast of changes in its practice, that necessarily includes keeping up to date on the benefits and risks associated with relevant technology."
The prevailing issue on lawyers' minds today is the ethical obligation involved in protecting information that is stored on smartphones, other electronic devices or in the cloud. Since the adoption of Ethics 20/20 in 2012, more guidance is available to assist lawyers, Perlman added.
He said that Model Rule 1.6 (Duty of Confidentiality) clarifies that "lawyers should take reasonable precautions to protect client confidences from inadvertent or unauthorized access or disclosure."
Some considerations include the sensitivity of the information and the cost of additional safeguards.
"Nobody is expecting lawyers to have the security that you'd find at the Pentagon, but if the costs are relatively small and they would provide a lot of extra protection, then that is something that would be considered reasonable and important," Perlman said.
He said developing a "strong" password of at least 12 characters with a mix of numbers, letters and special characters is a helpful precaution, as is encryption, which scrambles data and makes it unreadable in the event your mobile device is lost or stolen.
"As to the strong passwords, it's an absolute must," agreed Daniel J. Crothers, a justice on the North Dakota Supreme Court. "As to encryption, I don't see any ethics opinion that says that encryption is required. However, I will not be surprised when I see an ethics opinion say that has become the standard."
Crothers said one of the biggest threats to the security of data is the loss of the device. Although strong passwords and encryption are essential tools, the owner or a network administrator should have a way to remotely wipe the device, so data can be deleted before a stranger views it. There are apps and software available to perform this function either automatically or with a command.
"It's not a standard, but something to think about," Crothers added.
The conversation spanned to discuss cloud computing, which most ethics opinions support, but lawyers still must take "reasonable precautions" to protect information.
"There are some factors to consider. You should be aware of where the information is being stored and who owns it," Perlman said. "How sensitive is the information? There is an interesting ethics opinion out of Massachusetts that says that if it is particularly sensitive information, you need to get your client's consent before you use a cloud computing provider. It's the only ethics opinion I know of that has reached that conclusion."
Crothers added that an ethics opinion out of New Hampshire has a list of 10 factors for people to consider before using cloud computing. The list includes questions about a provider's security measures and disaster recovery plan.
According to Ellyn S. Rosen, the moderator for the discussion and the deputy director of the ABA Center for Professional Responsibility, the center is working in partnership with the Law Practice Division to develop a practical website to assist lawyers with questions about data security. She said the site will be available in the near future.
The program "Am I Competent? The Ethical Use of Evolving Technologies" was sponsored by the American Bar Association Center for Professional Responsibility and the Center for Professional Development.
Back to top