Is your smartphone permanently attached to your fingers, and your office virtual and paperless? Or do you only touch a computer under duress, and take comfort in paper files and legal research from actual books? Either way, your ethical obligations may now include keeping up with the latest and greatest.
The ABA has recently updated several of its Model Rules of Professional Responsibility, including both rules and comments, to better deal with technology and its effects on lawyers' practices. All business lawyers should know what has changed. While the rules are not binding in themselves, they do form the basis of most states' rules governing lawyers. Comments to the rules expand on their meaning and provide additional interpretive guidance.
Rule Changes
Rule 1.1 deals with lawyer competence, and states, "A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation." To maintain this competence, as now set forth in Comment 6, lawyers should keep up with changes in the law and its practice, "including the benefits and risks associated with relevant technology."
Rule 1.4 deals with client communications. Recognizing that lawyers and clients no longer simply call each other, Comment 4 to this rule expands the requirement to respond or acknowledge client telephone calls to cover all client communications.
Rule 1.6 deals with confidentiality of information. A new section (c) now requires lawyers to make "reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client." Comment 18 to Rule 1.6 elaborates on the meaning of "reasonable efforts" by stating, in part, "Factors to be considered in determining the reasonableness of the lawyer's efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer's ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use)." Clients may also require special security measures, or give informed consent to forgo security measures that the rule would otherwise require. The comment also reminds lawyers that other laws, such as state and federal laws governing data privacy or breach notification requirements, may also impose other requirements.
Rule 4.4, Respect for the Rights of Third Persons, previously included a requirement that a lawyer inadvertently receiving a document related to client representation should promptly notify the sender. As amended, the rule expands the requirement to "electronically stored information," not just documents. Comment 2 to this rule explicitly includes metadata (information about a document, often stored along with an electronic document in semi-hidden form) in the term "electronically stored information," but creates an obligation "only if the receiving lawyer knows or reasonably should know that the metadata was inadvertently sent to the receiving lawyer." An amendment to Comment 3 to this rule adds the option to meet the obligation by deleting electronic information unread.
Next Steps
Now that you know about the changes, what can you do to meet your ethical obligations? First, don't panic - you don't have to turn into a tech expert overnight. Then, do be aware. Think about how you work, and where you might have vulnerabilities. Not everyone is a likely target of international-class cyber-hackers, but everyone can lose devices with unprotected information on them, be overheard on the phone, mis-send an e-mail, or suffer an office disaster.
Think through some likely scenarios for your particular situation. For instance, how could you lose access to your client files? If your entire practice is on paper in your office, a fire or flood might take you out. If you're all-electronic, where are the electronic files stored? Is everything on one machine that can be lost, stolen, or simply doesn't boot one day? Do you have backups you can easily use, in places that aren't all vulnerable to the same disaster? If you're cloud-based, what if something happens to your cloud provider?
Consider individual documents. If you send them around electronically, is their format appropriate for the context? If something isn't meant to be edited, perhaps sending it in an easily-editable format like Microsoft Word isn't the best choice - but if something is meant to be reviewed and commented on, sending it in PDF format will make this harder. Remember, too, that documents can leave trails. If you e-mail something to yourself to work on at home, what devices is it now stored on, and how secure are they? Did your revisions make it back into the master file? Also keep in mind that anything can be forwarded on, without your knowledge. Are there internal comments in a document that perhaps shouldn't be exposed to others? What about metadata?
Not every situation involves paranoia, either. Perhaps you're in the middle of a complicated negotiation, and so many red-lined drafts are flying around that it's hard to keep track of what's left to finalize. Maybe there's an online collaboration tool that will save time and your client's money. Don't you owe it to your client to at least know such tools exist and when they might be appropriate?
If you don't know something, ask questions, read up, or hire help. You don't have to make yourself an expert - just know enough to make informed decisions using the professional judgment you already use every day for your clients.