Almost every lawyer, and every lawyer in a management role, supervises some form of nonlawyer assistant. This may include legal secretaries, paralegals, law clerks, and information technology professionals. The relationship between lawyers and nonlawyer assistants is governed by specific rules, such as Texas Disciplinary Rules of Professional Conduct, Rule 5.03.
August 19, 2019 Did You Know?
Focus on Law Practice Management: Supervising Staff and Technology
By David V. Wilson II
That rule states:
Rule 5.03. Responsibilities Regarding Nonlawyer Assistants. With respect to a nonlawyer employed or retained by or associated with a lawyer: (a) a lawyer having direct supervisory authority over the nonlawyer shall make reasonable efforts to ensure that the person’s conduct is compatible with the professional obligations of the lawyer . . .
This rule, and others like it, provides that the lawyers supervising nonlawyer assistants can be subject to discipline for violations and breaches of standards of professional conduct committed by such assistants. In fact, Comment 2 to Rule 5.03 states, “Each lawyer in a position of authority in a law firm or in a government agency should make reasonable efforts to ensure that the organization has in effect measures giving reasonable assurance that the conduct of nonlawyers employed or retained by or associated with the firm or legal department is compatible with the professional obligations of the lawyer.”
In other words, if a paralegal violates a rule of professional conduct, the supervising attorney cannot defend himself or herself in a disciplinary proceeding by simply taking the position that the act itself was unauthorized. The lawyer should be able demonstrate that the act was not the result of improper training or supervision. This was difficult enough in the era of typewriters and fax machines. However, our professional duties as supervisors have expanded with technology.
Specifically, the American Bar Association’s House of Delegates, in August 2012, amended the ABA Model Rule of Professional Conduct 1.1 to add a responsibility incumbent upon all lawyers to keep abreast of “the benefits and risks associated with relevant technology.” Rule 1.1 is the rule covering a lawyer’s duty to maintain competence in the practice of law. The days of lawyers and paralegals laughingly announcing, “I am not tech savvy!” as an excuse for blunders at computer keyboards would seem to be over. All law firm employees serving clients now have an affirmative duty to keep up to date on technological changes, and law firms and legal departments are required to ensure they do so.
Moreover, ABA Model Rule of Professional Conduct 1.6 covers the duty of lawyers and law firms to protect client confidences. Interestingly, some state versions of the rule preclude a lawyer from “knowingly” revealing the client’s confidential information without the client’s consent. The ABA version of the rule requires that lawyers use “reasonable efforts” to prevent disclosure of confidential information, which appears to impose a higher standard than that of some states. As a practical matter, even inadvertent or negligent disclosure of client confidences puts law firms at a high risk of client dissatisfaction and complaints.
Email, one of the oldest forms of electronic, web-based media, does present some privilege pitfalls. At least one source suggests that public/nonsecure email provider domains such as “@gmail.com,” “@aol.com,” or “@yahoo.com,” carry a greater risk of data mining and hacking. (Tips from the Office of Bar Counsel, 25, Nevada Lawyer, July 2017, at 42.) Specifically, the Office of Bar Counsel of the State Bar of Nevada suggests that these domains are less secure, meaning that client communication conducted within that particular domain is also less secure. (Id.) Moreover, a private email domain, e.g. “@superlawyer.com” or “@lawfirmname.com,” will help your firm protect client confidentiality. (Id.) At least in that jurisdiction, suffering a data loss that involves communications with clients from a “@gmail” or other such account could expose a practitioner to an investigation by bar regulators.
In addition, on May 11, 2017, the American Bar Association Standing Committee on Ethics and Professional Responsibility issued its Formal Opinion 477. The opening paragraph states:
A lawyer generally may transmit information relating to the representation of a client over the internet without violating the Model Rules of Professional Conduct where the lawyer has undertaken reasonable efforts to prevent inadvertent or unauthorized access. However, a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure of client information when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.
The opinion goes on to add that the duty to protect client confidences when information is transmitted electronically includes a duty to train nonlawyer employees in such a way that those employees are conversant in information technology and the security features of that technology. Another important point raised in Opinion 477 is the duty of law firm employees to be aware of the information technology practices of outside vendors who come into contact with confidential client information. For example, in personal injury cases, lawyers and their paralegals should conduct due diligence on the digital security policies of vendors who obtain and compile medical records. A breach of the client’s medical privacy due to poor electronic security by such vendors could result in legal malpractice or disciplinary claims against the law firm.
The enlarged role of Internet-based information technology in law firms and legal departments has the potential to make supervising those who work in a law firm much more complicated. The challenge of ethically protecting client confidences, gathering information in litigation, working with vendors, and complying with the duty of competence have all been dramatically impacted by technology changes. The thread of each of the authorities on professional responsibility cited in this article is that a culture of learning is the best way for law firms, law departments, and their employees to avoid running afoul of applicable rules.