Using Technology For The Modern Estate Planning Practice

Using Technology For The Modern Estate Planning Practice

Authors Thomas Tietz, Barron K. Henley, and Martin M. Shenkman address a variety of vital issues concerning the use of technology in the modern estate planning practice, and they present ethical issues raised by new technology.

1.    Introductory Comments.

  • a.          Not suggesting standard of practice.
    • i.           This paper is not intended to imply that any approach is essential, or a standard of practice that anyone should follow. Rather the objective is merely to present points estate planners and other practitioners might consider in managing their practice with a particular emphasis on technology and some of the ethical issues they raise.
    • ii.          The primary goals are to give practitioners practical ways to use technology to:
      • 1.         Make practices more efficient.
      • 2.         Provide better quality services to clients.
      • 3.         Practice more safely to reduce malpractice risks.
    • iii.         The secondary goal is to identify tech issues that some practitioners might wish to address in their practice, e.g. in their form retainer agreement, ancillary forms, procedures, etc.
  • b.         Technology and profitability.
    • i.           As push back from prospective clients grows, the time allocated to drafting documents, and handling paper in the estate practice, will have to be reduced in order for attorneys to remain profitable. Increasing automation of the estate planning practice is only part of story. There will have to be other operational efficiencies incorporated into the process, and in some cases, a rethinking of the planning process. Many clients are quite tech savvy and expect you to mirror their savviness.  In the age of “LegalZoom,” some clients will view what is required for estate planners to generate estate planning documents as being far simpler and quicker than it actually is. Personally, we do not subscribe to the worries that consumers who hire estate planning attorneys will flock to any internet solution. The wealth and sophistication of the clients most estate planners serve is such that their clients would not consider using an internet based web service. However, that does not mean that the construct does not impact how they view what their planners provide. Attorneys will have to demonstrate the value of the counsel provided, over and above the production of the actual documents. No doubt, estate planners have a myriad of skills to offer their clients. What this really should translate to is a transformation of the perception of the “product” the estate planner is offering. It will be the counsel and guidance, not the physical documents, that is paramount in providing value to the client. Reducing the cost and time of generating and processing documents will provide attorneys the ability to spend more time in client facing activities: meetings, conferences, and so forth. Serving as a trusted adviser is a role for which clients should continue to appreciate the value provided by the estate planner. That is a role that technologies, social or economic change will not supplant. Further, greater operational efficiency allows the estate planner to serve lower net worth clients without sacrificing profitability. As we all know, it’s much easier to keep a client you’ve worked with before they were wealthy than to find a new client who is already there.
  • c.          Retainer agreements should reflect technology and ethics concerns.
    • i.           Practice Suggestion: It is advisable for practitioners to periodically review estate planning retainer agreements (engagement letters) to update them to reflect new ethics rules, changing practices, integration of new technology into their practice, and other factors.  The majority of states have adopted the ABA Model Rule changes from 2012 which relate to technology.  Rule 1.1 was modified to require technical competence ; and Rule 1.6 now requires lawyers to use “reasonable efforts” to prevent the inadvertent or unauthorized disclosure of confidential client data. Very importantly, ABA Model Rules 1 state that a client can require a lawyer to implement “special security measures not required by this Rule.”   You definitely want to know a prospective client’s disposition on this issue before beginning your representation. Consider advising clients of what your default approach is in your retainer agreement so that you are on record with the client as to how matters are handled.
    • ii.          Retainer agreements can be used as a framework for the discussion of a potpourri of estate and tax practice management technology, and ethics and related considerations, since many of the ideas in this presentation may warrant addressing in retainer agreements (engagement letters).
    • iii.         Practitioners should not ignore the changes technology and other developments are having on retainer agreements, practice forms, and related practice management steps.
    • iv.         Engaging in discussion with clients and providing information on how the practitioner protects confidential data can help assuage any concerns the client has and allow the client to provide commentary on what uses of technology they are comfortable with. As each practitioner utilizes technology in unique ways, the engagement letter should be customized by the practitioner.
    • v.          Sample Clause: A sample provision for an engagement letter could include, "You authorize the back-up and storage of records on cloud-based back up services, including but not limited to those provided by ShareFile, Microsoft 365, SugarSync, Datto and NetDocuments and others, posting PDFs of your documents in the cloud on ShareFile or a similar service, and emailing of unencrypted confidential records. If you wish us to use encrypted electronic communications, we can do so through ShareFile."
  • d.         Great variability by practice.
    • i.           The ideas presented must be adapted and modified for every practice. Every practice is unique in terms of the nature of the typical clients, the practitioner’s comfort level with technology and change, capabilities of the administrative staff, etc.
    • ii.          A paperless, cloud-based practice will necessarily have to handle these issues differently than a practice that still has yellow pads, Redwelds and other analog tools.
    • iii.         A practice that predominantly focuses on a large volume of flat-fee, lower-wealth clients will have a different emphasis then a boutique firm serving a limited number of ultra-high net worth clients seeking a different level of service and relationship.
    • iv.         Ancillary administrative implications of many of the points addressed concerning technology and the state of practice management are adapted at different rates in different firms.  Some practitioners might view something as excessive, while others view it as a mundane task long ago addressed.
    • v.          Practice Suggestion: It is important that each practice identify where it is on the technology spectrum, where it wants to be, and how to get there in a practical manner. It will be disruptive, but unless each practice makes the commitment, and a specific plan that it updates periodically, the practice will fall further behind the technology curve and that, if it has not already, will adversely affect the practice, profitability, risk profile, and service quality. The reality is that upgrading an analog practice to a modern, digital one is ALWAYS disruptive because most humans detest change.  Further, almost anything can be judged “unreasonable” by someone who doesn’t want to do it.
    • vi.         Each practitioner has to find the technology road map that works for them. This depends upon your style, how technologically savvy you are today, what changes are appropriate, and how you anticipate evolving. Many practitioners only reluctantly and partially adapt a technology strategy. Too often practitioners have opted for steps that were recommended to them rather than being proactively engaged in crafting a process that fits their unique needs. If you can find your comfort zone and the path that works for you, the process does not have to be intimidating. Remember, there is no right or wrong approach. The only wrong approach is to take no action. Perhaps the next worse approach is just to implement what someone, who is unfamiliar with your practice, recommends. Find what fits your style and comfort zone. Then identify a logical sequence to approach the process, and steps that are small enough to be actionable.
    • vii.        Practice Suggestion:  A firm’s efficiency (or lack thereof) is largely a function of the practice’s technology, processes and people. As such, it would be a mistake to examine one’s technology in a vacuum. Spending money on technological improvements will yield little benefit if a practitioner’s processes are inefficient, or the wrong people are in the wrong seats. For example, upgrading technology often requires that users upgrade their skills. However, some users may be unable or unwilling to upgrade their skills, even if good training is provided. If that situation exists, then it cannot be ignored.

2.    Paperless vs. Paper-Less.

  • a.          For most practices, it is impossible to go completely paperless.  However, nearly every  practice can operate more efficiently with less paper.  Paper-less or paper-lite might be a better option, or certainly a transition point, for some practices.
  • b.         Set goals to proceed towards the less paper but also be realistic in recognizing that there will still be situations where paper documents are required for signatory or other purposes. The objective for most practices will be to proactively identify categories of documents that will henceforth be stored and managed exclusively in electronic format. Correspondence, faxes and pleadings are typically good examples for this.  However, you also will need to evaluate how to address the volumes of paper documents already accumulated.  For many practices, it may not be worth scanning all of the old or closed files, but it’s definitely worth scanning every document for active matters going forward. Regardless, the best way to achieve less paper is to phase it in, keeping in mind that it may be impossible to eliminate all of it.
  • c.          As creatures of habit, many documents are maintained as hard copies simply because the practitioner has always done it that way. But, that mindset needs to be broken to take advantage of technology advances that allow you to streamline operations and reduce costs within the office. Developing a paperless/paper-lite approach for your firm could result in reducing your paper files by as much as 90%. This is accomplished by designing a paperless/paper-lite plan that will work for your office environment. Making simple adjustments to how you handle your files could result in transitioning as much as 90% of your paper files to an electronic format. But as is the case with making changes that have a positive impact on your bottom line, you need to have a plan. Do not try to tackle everything at once because it sometimes results in getting mired in the details and derailing the process. Points of consideration should include a plan that not only moves forward with active client files but one that also addresses converting existing paper files into an electronic format and getting them out of the redwelds in the file room or off-site storage.
  • d.         Practice Suggestion:  Many practices scan everything but also keep all of the paper out of paranoia that they may lose access to the electronic files.  Because this approach obviously requires more work (maintaining two filing systems instead of one), and is quite costly, it should be avoided.  While no one can guarantee that you’ll never lose access to your electronic files, redundant backup systems, excellent cyber defenses, and hosted or cloud servers can make it extraordinarily unlikely.  The important point here is that a practitioner never realizes any benefit from creating complete electronic case files unless they stop hanging onto every shred of paper.
  • e.          Taking steps in the paper-lite direction is particularly important to the practitioner endeavoring to profitably and cost effectively serve moderate wealth clients who are likely to prove more fee conscious post-ATRA. “Paper-less” may be a better descriptive term then “paperless,” much less paper, but not necessarily no paper. Each practitioner will find the level of paper or paper-less that is optimal to his/her practice. Making slow, steady progress is really the smarter approach.
  • f.          A practitioner who wants to convert thousands of paper documents into electronic documents has three basic options: 1) scan the documents internally, 2) out-source the scanning, or 3) some combination of internal and out-source.  While it’s hard to argue that sitting in front of a scanner for hours on end is a good use of a lawyer or skilled support staff time, out-sourcing can be expensive.  Some firms find that a good solution is to hire a low-wage, temporary worker for the sole purpose of scanning in paper files. For example, a college student off for the summer might be able to scan an entire file-room of files in one summer break. That option should at least be compared against the cost of out-sourcing the task.  If out-sourcing is roughly the same cost as hiring a temporary worker to handle it, then out-sourcing is probably the better option simply because it represents less annoyance for the practitioner. Also, if you use lower cost help you should be certain that they are trained to do the tasks involved. Consider creating a simple roadmap of the steps involved in each of the tasks they will do.
  • g.          Practice Suggestion: It is important that any paper reduction system relies upon searchable PDFs rather than image-only PDFs.  Searchable PDFs contain an image of the original document along with actual text.  If you create a PDF from Word or WordPerfect, then you will always get a searchable PDF.  Image-only PDFs contain only the image of the original, but no layer of searchable text.  Unfortunately, most copiers and scanners create image-only PDFs which means that they can be found in the future solely by their file names.  On the other hand, searchable PDFs can be found based upon their file names or any text contained within them.  Using any search software or even Windows Instant Search (included with the Windows operating system) or Spotlight (included with the Mac operating system) will allow one to find searchable PDFs based upon their textual content.  If a practitioner’s copiers or scanners are creating image-only PDFs, those PDFs can be converted to searchable PDFs by a variety of software programs including Adobe Acrobat, Nuance/Kofax Power PDF, Foxit PhantomPDF, Nitro Pro, Trumpet Symphony OCR and DocsCorp ContentCrawler (among others).  If a practitioner continues creating image-only PDFs, they are simply making future accessibility more difficult.
  • h.         Practice Suggestion: If a practitioner has no means of conveniently bringing an electronic client file to a conference room or transporting it off-site, then the electronic file loses a lot of utility. In view of this, if a practitioner intends to rely upon an electronic case file, then laptops or tablets are going to be important. With the continued evolution of “2-in-1” laptops, it’s pretty easy to find one device that offers the combined functionality of a powerful laptop and tablet.

3.    Communications.

  • a.          Communication requirements under RPCs.
    • i.           A lawyer shall fully inform a prospective client of how, when and where the client may communicate with the lawyer.
    • ii.          A lawyer shall keep a client reasonably informed about the status of a matter and promptly comply with reasonable requests for information.
    • iii.         Practice Suggestion: Technology can provide a myriad of ways to meet these RPCs (all of which are just good practice and probably safer practice). Following is a listing, detailed examples are provided later:
      • 1.         Use your firm website to indicate how a client may communicate.
      • 2.         Use initial form letters to prospective clients to outline communication policies.
      • 3.         Include communication considerations in retainer agreement.
      • 4.         Use detailed time entries into your billing system to communicate status to clients.
      • 5.         Use newsletters and other electronic communications to keep clients informed.
      • 6.         Add footers to invoices with important information the practitioner believes clients should know.
  • b.         Ethics Opinion 477.
    • i.           Each device and each storage location offers an opportunity for the inadvertent or unauthorized disclosure of information relating to the representation, and thus implicate a lawyer’s ethical duties under Rule 1.1 of the ABA Model Rules concerning competency, confidentiality, and communication.
    • ii.          As previously mentioned, the RPC was modified recently to include that lawyers should keep abreast of changes in the law and its practice “including the benefits and risks associated with relevant technology.”
    • iii.         Practice Suggestion: One simple solution to consider- have your IT consultant prepare annually a summary of improvements made and steps to take. Use this letter to document that you are keeping current and addressing new threats and issues.
    • iv.         Lawyers must take reasonable efforts to ensure that communications with clients are secure and not subject to inadvertent or unauthorized security breaches.
    • v.          Lawyers must use “reasonable efforts” to ensure the security of client information. Citing the ABA Cybersecurity Handbook, the opinion explains that the reasonable efforts standard is a fact-specific inquiry that requires examining the sensitivity of the information, the risk of disclosure without additional precautions, the cost of additional measures, the difficulty of adding more safeguards, and whether additional safeguards adversely impact the lawyer’s ability to represent the client.
    • vi.         What is “reasonable” is a gray area.
    • vii.        Practice Suggestion: As a result, practitioners should have their IT or cybersecurity consultant prepare an annual letter, as suggested above, to review matters in the office and suggest improvements. Then be certain to follow up on the improvements recommended to assure implementation. A process of periodic review and follow up documented in this manner may provide corroboration that the practitioner has acted with “reasonable efforts.”
    • viii.       The opinion notes that generally lawyers may use unencrypted email when communicating routinely with clients.
    • ix.         Practice Suggestion: However, there are technology solutions that permit certain sensitive emails, e.g. those with tax identification numbers, to automatically be encrypted. There are also efficient encryption services that make the use of encrypted email easy and efficient, e.g. through an extra button on the regularly used email interface, e.g. Outlook.
    • x.         Practice Suggestion: Practitioners should consider adoptingn a written policy for internet and email usage, secure passwords, mobile device security, and electronic equipment disposal. There are many free or low cost sources on the web which can provide starting points for these policies.  You might also provide basic cyber security training for all employees.  Again, there are many options available for this including the free online courses on cybersecurity best practices from ESET (see https://www.eset.com/us/cybertraining/).
    • xi.         Practice Suggestion: Security experts recommend password managers as an easy and effective way to upgrade any individual or office’s security .  Anyone can sign up for an individual plan but many password manager providers also offer business plans which enable the employer to grant (or deny) access to firm resources. Good options here include Dashlane, LastPass, 1Password, Sticky Password, True Key and Roboform.
    • xii.        Opinion 477 included several aspects to consider when sending unencrypted emails:
      • 1.         Understand the nature of the threat.
      • 2.         Understand how client confidential information is transmitted and where it is stored.
      • 3.         Understand and use reasonable electronic security measures.
      • 4.         Determine how electronic communications about clients should be protected.
      • 5.         Label client confidential information. This should include digital files.
      • 6.         Train lawyers and non-lawyer assistants in technology and information security.
      • 7.         Conduct due diligence on vendors providing communication technology.
      • 8.         Practitioners should consider how else they may demonstrate efforts to stay abreast of technology. Some practitioners may be sufficiently steeped in technology to address many issues based on their own expertise. It is likely that this is not the case for most practitioners. While firms of sufficient size may have an on-staff technology consultant, smaller firms will likely rely on outside IT consultants. But is relying on a staff or outside IT consultant sufficient? Practice Suggestion: Practitioners might consider adopting a policy, even in small firms, of mandating some professional education in the application of technology to estate planning (or specially law or accounting) practices even if there is no mandatory allocation required by the applicable authorities.
  • c.          Using technology to communicate with clients.
    • i.           Practice Suggestion: Save covering emails into the client file to corroborate communications. For example, if a practitioner emails a draft will to a client, if the email system doesn’t automatically save that email, adopt a policy to do so in order to prove that the document was sent to the client in advance of the signing. This may be valuable to demonstrate that there was time for the client to review the document in advance of signing.
    • ii.          Practice Suggestion:  You can avoid repeatedly running through the Opinion 477 email encryption considerations by simply using encryption any time you’re emailing something not already in the public domain.  As previously mentioned, a good encryption service makes it easy for you to send encrypted email and for your clients to receive them.
    • iii.         If you use a system that saves all emails, how readily accessible are they? Employing a cataloguing system that allows the practitioner, or administrative staff, to find the required email without excessive effort will save cost and aggravation.
    • iv.         Practice Suggestion: Use the calendaring system to document efforts to communicate with clients. For example, if a client cancels a meeting do not delete that meeting entry from the calendar. Rather, mark it as “Canceled by Client.” An easy way to document the cancelation is to enter a “no charge” time entry for the communication whereby you were informed of the cancelation (email or phone call). This is also a gentle reminder to the client of their appointment cancelations when they receive your invoice.  Consider excluding historical calendar data from document destruction policies. Save calendar data indefinitely. Example: Searching the client name in a case management system, or even Outlook, can provide a history of meetings, attempted meetings, meetings the client cancelled, etc.
    • v.          Practice Suggestion: Mark all client follow up in the billing system even if as a no charge notation entry to create a history of efforts to communicate with the client. For example, if administrative staff is calling a client to schedule an update meeting, the call should be noted in the billing system as a no charge entry so that there is a record of efforts to reach the client. Many practices do not have administrative personnel record any activities in the billing system. Technology has transformed how we all practice. Even if historically having only professional staff time entered may have been the norm, technology has transformed the nature of practice and the roles of everyone. Further, any good case/matter management system makes it easy for anyone in your office to document successful and unsuccessful attempts to communicate with the client.
    • vi.         Practice Suggestion: Use regular monthly billing as a means of communication, not only as a means of billing. Of course, this is more effective if everyone enters detailed time entries.  Example: Footers with information about new tax developments and limitations on liability to the extent feasible.
    • vii.        Sample Footers on a Bill.
      • 1.         Sample Clause: A sample protective billing footer could include the following:, “Results of any plan are never guaranteed. Aspects of many, if not most, estate and related plans are not only uncertain, but subject to a wide spectrum of different views by other advisers, the courts, the IRS, and other authorities. Even many common strategies, techniques and transactions are subject to tax, legal, financial, and other risks and uncertainties. While we endeavor to identify some of the risks of a plan, all risks and issues with each component of a plan are not possible to identify or communicate. Creating a collaborative team will help identify more issues with your plan. Further, the fact that we communicate verbally or in writing certain risks should never be interpreted as an indication that any such listing or communication is a comprehensive listing or communication of every risk involved. The risks of any transaction can be further compounded by improper administration of the plan, failure to meet annually to review and update the plan, changes in the tax and other laws, that reduce hoped for benefits or even result in more costly results then had no planning been pursued. Annual meetings with a collaborative advisor team may identify existing or new risks, help modify the plan to address changes in the law, mitigate risks, but still cannot provide certainty. If you do not meet regularly with a collaborative team of advisers your plan may not succeed.”
      • 2.         Important changes in the law could be included in the billing footers as a way to inform clients. As an example, after the Tax Cuts and Jobs Act of 2017, and the subsequent repeal by New Jersey of the state estate tax (or whatever is appropriate for the particular practice), the following provision could be used to inform clients of potential effects of the changes, “Credit Shelter Trusts (under a will or revocable trust for a decoupled state as NJ had been, and as NY remains) will be funded with up to approximately $11.4 million in 2019, not the $675,000 (or another number) that may have been anticipated when the will or revocable trust was completed. Careful thought should be given to the specific provisions of a credit shelter trust, assuring adequate financial provisions for each intended beneficiary (e.g., the surviving spouse) may affect choice of trustees, distribution provisions, the use of trust protectors, trustee removal powers, powers of appointment given to a surviving spouse or other people, and more. You MUST review all formula clauses in existing wills and trusts, including those applicable to funding credit shelter trusts.”
    • viii.       Practice Suggestion: Technology can assist practitioners in meeting communication requirements in RPC 1.4. Consider:
      • 1.         Use retainer agreements for more than just setting and collecting fees. Include information on how you practice so prospective clients are informed.
      • 2.         Post articles and memorandum explaining matters of general interest to your clients on the firm website.
      • 3.         Conduct webinars on planning matters that clients can join to keep clients informed of changes in the law and other planning they might consider.
      • 4.         Use web meetings to provide a convenient and cost effective means to provide clients an overview of complex documents. Document the review to corroborate what was discussed.
      • 5.         Consider recording and transcribing web meetings to provide a record of what was discussed. Almost all web meeting services allow one to easily record the audio and video.  Consider the cost of cleaning up a transcription to provide a client with a summary of the web meeting to make it easy for the client to review what was discussed. This can all be done easily and inexpensively with technology options discussed later.
      • 6.         Provide a summary of key provisions of complex documents. Document generation systems may provide this automatically.
      • 7.         Use schematics to illustrate complex transactions. These can readily be created in Microsoft Excel, flow chart software such as SmartDraw, or web services like Lucidchart.
      • 8.         Email drafts of documents in advance of meetings and signings and save the covering email as proof that the clients were provided documents to review in advance.
  • d.         Email communication.
    • i.           Practice Suggestions:
      • 1.         Use email marketing tools, e.g. MailChimp or ConstantContact, to inexpensively and quickly disseminate updates, planning information and other communications to educate and inform clients.
      • 2.         What if regulations or other changes may affect past transactions? What can practitioners do? Attorneys have an ethical obligation to keep clients informed of significant changes in the law. Use client communications above (e.g., MailChimp or ConstantContact), footers on bills (see sample provisions above), articles or memorandum enclosed with bills can be used to inform (and a reference to the materials provided in the footers on the bills).
    • ii.          The key is that technology makes it easy and inexpensive to communicate information to clients and to corroborate that you have done so.
  • e.          Email Retention And Other Policies.
    • i.           Rules based on paper file storage no longer make sense.
    • ii.          We asked 12 practitioners about their email retention policies, and received the following responses:
      • 1.         One knew and said they keep every email forever.
      • 2.         Three had their IT people get back to me and the policies ranged from 90-days to forever, from emails saved to the DMS to all emails.
      • 3.         Seven had no idea.
      • 4.         One, a partner in a 10 person firm replied, “What is an email retention policy.”
    • iii.         Software and other technology options.
      • 1.         If you choose to retain emails forever, one option that can be used is Microsoft Outlook’s “Litigation Hold” feature, which retains all emails until the option is turned off. This may help prevent inadvertent deletion.
      • 2.         If you use Office 365, you could read Set up an archive and deletion policy for mailboxes in your Office 365 organization here (http://bit.ly/2Z3uW5a).
      • 3.         Consider an add on service like Veeam that can archive and save Outlook data.
    • iv.         Litigation considerations.
      • 1.         Is it an advantage or disadvantage to having every email record?
      • 2.         Will the Plaintiff have the email you are missing?
      • 3.         Consider the cost of having to review every single email.
      • 4.         From one firm’s document retention policy statement: “For efficient identification, retrieval, and deletion of email and other electronic documents pursuant to this policy, attorneys and staff are required to organize and store all business record email and other electronic documents in separate folders designated for each client matter in the firm’s electronic document management system.”

4.    Policies on Hiring Outside Consultants for Technology.

a.          RPC 5.3 addresses an attorney retaining nonlawyer assistance, and the ethical requirements regarding that assistance. An attorney must make reasonable efforts “to ensure that the firm has in effect measures giving reasonable assurance that the person's conduct is compatible with the professional obligations of the lawyer.”

b.         If you retain an outside IT consultant, be certain the firm has familiarity with issues faced uniquely by lawyers. Does the IT firm represent other law firms? Are they familiar with the RPC?

c.          What happens if an outside consultant violates the attorney ethics rules, such as client confidentiality? The RPC indicates that an attorney may be ethically liable for the conduct of an outside consultant, as an attorney is responsible for any violations of the RPC by the nonlawyer if “the lawyer orders or, with the knowledge of the specific conduct, ratifies the conduct involved.”

d.         There may be numerous attorneys, non-attorney staff and outside consultants accessing the firm network, including sections with confidential client data.

e.          While there is no prohibition against members of the same firm maintaining data on the same network, the RPCs state that any partner in a firm needs to take reasonable measures “to ensure that the firm has in effect measures giving reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct.”

f.          Consider establishing a firm policy on when an attorney, or non-lawyer staff, can be given access to the firm network, partitioning off sections of the network based on need for each staff member, as well as policies on vetting outside consultants before they are given access to the firm network.

g.          Consider when employing third party vendors the kind of information they may have access to. Would they have the ability to retain these files? Do they have the ability to remotely access your network (such as with IT consultants)? Consider the use of Non-Disclosure Agreements ("NDA") for any vendors that have access to sensitive information to show reasonable effort made to protect confidential data. Also consider having the NDA include a provision that requires the third-party vendor to destroy any confidential information they may have stored, either in paper or electronic format, separately from your files as part of their assisting you within a reasonable amount of time. You can determine a reasonable amount of time based upon the kind of work the third-party vendor is performing.

5.    Client Property; Original Documents; Electronic Storage.

a.          Safekeeping of client property.

i.           ABA Model Rule 1.15(a) provides that complete records of client trust account funds and other property shall be kept and preserved by the lawyer for a certain period of time after the termination of the representation. The number of years varies by jurisdiction, e.g. 7 years.

ii.          A lawyer must hold client entrusted property separate from lawyer’s property, e.g. client trust accounts, and original documents, e.g. a will. Original documents retained are subject to RPC 1.15, e.g. storing wills.

iii.         Perhaps a question estate planners in a less-paper firm (or transitioning to one), might ask is whether it is beneficial for the firm to retain original wills and perhaps other key documents?

iv.         What is the liability of retaining original wills? What is the real all-in cost of retaining original documents?

v.          Does holding an original will create any additional responsibility or liability for the firm with respect to notifying the client of changes in the law that affect the will the firm is holding?

b.         Client records – file destruction.

i.           Simply because you can destroy the file after 7 years (or some other period) does not mean that you should. Consider self-protection when deciding to what to do with the file. If there is the possibility of a malpractice claim at some point, might the file be critically important for the lawyer’s defense? Or might it be harmful? The policy established should be consistent.

ii.          If any portions of the file are destroyed, care should be taken to preserve the confidentiality of the information contained in the documents. If there is a litigation hold all electronic records should be preserved until the litigation has been concluded.

iii.         It should be noted that storing paper files indefinitely is definitely expensive and the expense is likely to increase over time.  Further, making copies of paper records as a backup is also very expensive.  On the other hand, storing electronic files indefinitely and making additional copies of them is very inexpensive. For perspective on the storage issue, a 1 page PDF document typically occupies 30 kilobytes of data.  An average banker’s box holds 2,500 pages; and there are 1,099,511,627,776 bytes in a terabyte.  Therefore, a 6 terabyte external hard drive one can buy for a mere $110 can hold 87,960,930 banker’s boxes of documents. It’s hard to even wrap one’s head around that. The point is that in most cases, all of the files a law firm has ever created could be backed up on 5 different external hard drives for a total cost of $550.

iv.         An index of the file records that have been delivered to the client or destroyed should be maintained. When original documents are returned if they are accompanied by a cover letter that may suffice. That letter is also a simple and cost efficient document to quickly corroborate that the originals were turned over when family calls years later looking for the originals the firm already turned over.

v.          Sample Clause: One large firm’s retention/destruction policy: “Unless otherwise specified by the Billing Partner, a destruction date equal to ten years from the date the matter is designated closed will be assigned to all files, with the following exceptions… estate plan, estate administration, …. files will be permanently retained.” Some view retaining estate planning documents as different then retaining documents in other areas of practice.

c.          Personal Laptops.

i.           Every device of any kind that holds client data should be encrypted.  Further, if I have a home computer that is encrypted but to which my wife has access (because she knows the password), it is not okay to store client data on that computer if she can access it via the appropriate password.

ii.          Sample Clause: Consider the following policy: “An attorney or staff member is specifically prohibited from storing electronic business records of the firm on a home computer or other device to which others have access and which is not encrypted.  If an attorney or staff member creates or edits an electronic business record using a home computer, laptop, or other device, that person must save the record on the firm’s electronic document management system as soon as possible. No firm attorney or staff member is permitted to store electronic business records anywhere other than the firm’s electronic document management system.”

iii.         Remote access programs such as “GotomyPC” by Citrix, and hosted server arrangements (from companies such as ProCirrus or Uptime Legal) can allow access to a device on the firm’s protected network without storing confidential client information on personal devices.

d.         Using technology to assist with the safekeeping of client property.

i.           The contents of a client’s file belong to the client and, upon request, an attorney must provide the client with the file.

ii.          During the process of going paperless or paper-lite, care should be taken to avoid accidental destruction of client property.

iii.         Record retention rules evolved in a paper environment. As the cost of electronic storage becomes insignificant (as contrasted with in-office and offsite paper storage) will the ethical rules evolve to require permanent storage of client data?

iv.         Is electronic storage really moving to no cost? Consider the cost of finding relevant information if everything is saved forever. On the other hand, high-powered search programs like Copernic Desktop Search (which costs only $56 per year) would allow one to find any document by file name or the words contained within it within seconds (even if millions of documents were being searched).

e.          The client “file” in the new technological environment.

i.           Rules are provided that govern what a lawyer must do when asked by the client for the file.  When a lawyer withdraws from representation he or she must take reasonable steps to avoid foreseeable prejudice to the client’s rights, which includes delivering to the client all papers and property to which the client is entitled. The rule does not specify what papers and property the client is entitled to receive. What is a “client file” in a paperless office?

ii.          Maintaining a client file has historically been an important part of the service counsel provided clients, but electronic storage is essentially free for clients as well. So, clients can also readily store all their documents permanently.

iii.         If a client has all original documents, has received all memoranda, letters and emails, what is left that the lawyer must turn over to the client?

iv.         In a paperless office, is there any client property? If you have returned original wills and signed documents in a paperless office, you may have no client property to monitor or return. Consider the cost savings if you are not quite there.

v.          Sample Clause: Consider the following paragraph for follow up letters to clients, “We have previously provided you with copies of all documents we have retained in our file. Thus, you have been provided with the entirety of your client file. Any drafts of documents or internal notes regarding your estate planning that have not been previously provided to you are agreed to be our work product and shall not be provided. If you believe that there are any documents that comprise your file that you have not yet received, please contact our office and we would be happy to review the file to confirm whether any such documents exist.”

f.          Cloud Storage.

i.           A law firm is permitted to store the electronic materials relating to the client on a remote server under third-party control as long as the law firm carefully selects the third-party company to ensure that the information is kept confidential.

ii.          What should be done to corroborate the selection?

iii.         Attorneys must take reasonable care to protect a client’s information in a cloud environment.

6.    Confidentiality of Information in the Electronic Age.

a.          Confidentiality of information.

i.           The RPC indicated that “A lawyer shall not reveal information relating to representation of a client unless the client consents after consultation, except for disclosures that are impliedly authorized to carry out the representation, and except as stated in paragraphs (b), (c) and (d).”

ii.          ABA Model Rule: "A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

iii.         A comment to the rule requires a lawyer to competently act to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure.

iv.         What are reasonable efforts? This is a nebulous statement that needs both common sense applications, judgment, and to review what opinions consider reasonable to determine your technology policies moving forward.

v.          Reasonable efforts may be interpreted to include due diligence regarding technology procedures. Required training for employees, thoughtful policies implemented and followed, etc. all show that due diligence and that reasonable efforts were made to prevent disclosure.

b.         Technology crime statistics.

i.           In the first half of 2018, 4.5 billion data records were lost or stolen, reflecting a 133% increase over the first half of 2017.

1.         65% of the compromised records were identity theft.

2.         North America constituted 57 percent of all breaches in the world, which included 72 percent of all records stolen.

ii.          Of those records, only about 4% were encrypted and thus protected from outside access when stolen.

iii.