The continuing COVID-19 pandemic has resulted in millions of people, including lawyers, working from home. With this increase in remote work, law firms have prioritized outsourcing various back-office services traditionally performed in-house to comply with COVID-19 best practices, streamline work, and decrease costs.
Attorneys should be mindful of the legal issues that may arise. Global pandemic notwithstanding, lawyers are still bound by legal obligations to protect their clients’ interests and fulfill fiduciary duties.
Maximizing Efficiency and Budgets
Outsourcing generally refers to transferring tasks or functions that were previously performed in-house to an outside vendor. Examples of outsourced services may include back-office jobs, such as accounting, payroll, travel services, information technology and support, data security, research, and human resources. Business support services (including document processing and records management) and media services (such as video- and teleconferencing) are also often outsourced. Even legal tasks are being outsourced. Lawyers are increasingly relying on nonlawyers, such as paralegals, law clerks, technical experts, and even computer-aided technology, to handle legal tasks at lower rates.
As corporate legal departments and law firms seek to run lean teams and keep costs down, outsourcing legal and nonlegal services once performed in-house can help achieve these goals. Corporate legal departments and law firms can improve profit margins while maintaining high-quality services through outsourcing back-office services that might otherwise tie up a lawyer’s time. Outsourcing may also allow smaller law firms and legal departments to compete with big technology companies. Splitting tasks between law firms and vendors can benefit clients and free up attorneys to focus on providing quality legal advice.
During the COVID-19 pandemic, corporate legal departments have been managing their own unplanned legal work remotely and addressing a variety of crisis- and remote work–related risks while considering their company’s ability to continue in an uncertain economy. Many in-house counsel are balancing a surge in work related to the COVID-19 pandemic and increased legal costs. As the pandemic evolves, in-house legal counsel may rely more heavily on—or more seriously consider—outsourcing to enable them to meet the demand for services as they manage their budgets.
Risks Associated with Outsourcing
When legal work is outsourced, there must be a lawyer with direct supervisory authority over the outsourced work. That lawyer’s responsibility cannot be delegated. Lawyers should use caution to ensure they are satisfying their ethical obligations when outsourcing legal work.
Ethical obligations of the supervising lawyer include the following: (1) Ensure that tasks are delegated to competent individuals, and then oversee the appropriate execution of the project; (2) provide the client with information regarding the outsourcing arrangement; (3) safeguard the client’s confidential information; (4) check for potential conflicts of interest; and (5) avoid assisting in the unauthorized practice of law. These ethical obligations are not excused or waived during a pandemic.
When legal work is outsourced, there must be a lawyer with direct supervisory authority over the outsourced work.
One of a lawyer’s core ethical obligations is to safeguard client confidential information. Most of the attention on this obligation focuses on lawyers’ use of technology. Just as lawyers need to ensure that the technology used internally at the law firm or the corporation safeguards client confidential information, lawyers also have a responsibility to vet an outsourced provider for the same purpose. Lawyers should take reasonable efforts to safeguard client confidential information from inadvertent or unauthorized disclosure by training outsourced providers and by having them sign confidentiality agreements.
With increased use of vendors for information technology services and support, lawyers should be aware of privacy protections used by vendors to protect confidential client information. Lawyers outsourcing information technology services will likely be transmitting large amounts of confidential client information to vendors, resulting in data breach or cyberattack risks. Digital data transmission and storage by a vendor should be vetted to ensure appropriate data security measures are in place and confidential client information won’t be intercepted and exploited.
Examples of reasonable efforts to ensure data security include cybersecurity systems such as anti-virus software, encryption, VPNs, and firewalls installed on a computer system that will be transmitting, receiving, and storing client information. In addition, data privacy and protection policies—and proper training on these policies—are also important measures to protect data from phishing or other types of cyberattacks. Supervising lawyers should regularly audit outsourced vendors’ data security measures.
Outsourcing Legal Services Insights: Data Security
In February 2020, a class action administration services company was the subject of a ransomware attack. The company shut down access to its servers to protect client information as it worked toward securely bringing its systems back online. During the shutdown period, many clients could not access their data or send new data. A class action complaint was filed in May 2020 alleging that the ransomware attack resulted in a data breach of personal information.
In October 2019, a company that provides legal case management software solutions was the target of a ransomware attack that prevented access to its electronic records. While the company resolved the security breach, law firms and lawyers were not able to access legal documents hosted on the vendor’s platform. As a result of the incident, at least one law firm had to file a request for more time to meet a filing deadline.
Ransomware, malware, phishing, and hacking have become more common forms of attacks against law firms, especially in times of crisis. The best way to prevent cyberattacks is to keep technology up to date and people appropriately trained in order to protect data.
During a crisis, lawyers are obligated to continue to render legal services competently and diligently, and safeguard client confidential information. The choice of whether to delegate work to an outsourced provider should be based on whether it allows lawyers to continue to render legal services competently and diligently, and safeguard client confidential information at a reasonable cost.
- William E. Gericke & Thomas G. Wilkinson, “Ethical Implications When Outsourcing Legal Work,” Ethics & Professionalism (Dec. 3, 2020).
- ABA Standing Comm. on Ethics and Prof’l Responsibility Formal Op. 08-451 (Aug. 5, 2008).
- “5 tips to avoid ethical landmines when outsourcing law office work,” ABANews (July 2018).
- William E. Gericke & Deborah Winokur, “Ethical Issues with Remote Work During COVID-19,” Cozen O’Connor Publications (Mar. 30, 2020).
- ABA Committee on Disaster Response and Preparedness, Surviving a Disaster: A Lawyer’s Guide to Disaster Planning (Aug. 2011).
- ABA Commission on Ethics 20/20, Resolution 105C — Outsourcing (Aug. 6, 2012).
- Christine Simmons, “Elite Law Firms Are Quietly Outsourcing High-Value Functions. How Far Will They Go?,” law.com (Jan. 6, 2020).
- Karter v. Epiq Sys., Inc., No. 30-2020-01145268-CU-MC-CXC (May 26, 2020).
- Jay Weaver, “‘Ransomware incident in South Florida blocked some law firms from countless records,” Miami Herald (Oct. 25, 2019).
- ABA Section of Litigation, Virtual Section Annual Conference, 2020 Vision: Cybersecurity Trends and the Impact of COVID-19 (May 8, 2020).
- Christina M. Jordan, “Cybersecurity Trends During a Health Crisis,” Litigation News, Vol. 46, No. 1 (Fall 2020).
Copyright © 2021, American Bar Association. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of the American Bar Association. The views expressed in this article are those of the author(s) and do not necessarily reflect the positions or policies of the American Bar Association, the Litigation Section, this committee, or the employer(s) of the author(s).