- Attorneys cannot simply plead ignorance and refuse to understand the ways technology alters both their practice and their client's lives.
Technology permeates nearly every aspect of both work lawyers perform and matters that clients bring to lawyers. As technology evolves, so too do an attorney’s ethical duties. Attorneys who hate technology and refuse to understand how it influences the practice of law risk running aground on rocky ethical shores and jeopardizing client matters entrusted to them.
The ABA created the Commission on Ethics 20/20 to study how technology is transforming the practice of law and ensure the Model Rules of Professional Conduct (MRPC) remain current. Consequently, the ABA updated the Model Rules, adding Comment  to Rule 1.1. Rule 1.1 requires a lawyer to provide competent representation to clients. The comment clarifies that to maintain competence, “a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology[.]” MRPC § 1.1, Cmt. . At least 34 jurisdictions have already implemented this change or a similar requirement.
Jurisdictions that did not adopt Comment  as a comment to their ethics rules still may have adopted a similar requirement. Thus, it is vital for an attorney to consider and review his or her jurisdiction’s ethical rules as a whole. Montana, for example, does not include comments in its Rules of Professional Conduct. Rather than incorporating the requirement in a specific rule, the requirement now appears in the preamble to the state’s ethics rules.
These changes make clear that lawyers need some level of technological competence but do not make clear to what extent or in what ways. Generally, technological competence for attorneys applies in two contexts: (1) safeguarding information and their practice; and (2) competently advising and representing clients. As these contexts demonstrate, not every attorney must be a computer whiz. An attorney, however, cannot simply ignore technology without breaching ethical duties.
First, attorneys must be able to safeguard their own practice. This includes ensuring security of confidential information the attorney possesses. Under MRPC 1.6, attorneys owe a duty to their clients to safeguard sensitive information and client data. The ABA Standing Committee on Ethics and Professional Responsibility recently issued an opinion clarifying this duty, highlighting an attorney’s obligation to use technology competently in both safeguarding information against unauthorized access and in supervising lawyers and staff. To do this, an attorney must “employ reasonable efforts to monitor the technology and office resources connected to the internet, external data sources, and external vendors providing services relating to the data and the use of the data.” ABA Comm’n on Ethics & Prof. Resp., Formal Op. 483 (2018).
Accordingly, cyber-intrusion itself will not result in an ethical violation unless it was the result of an attorney failing to undertake reasonable efforts to avoid it. This includes taking prompt steps after a suspected breach and having a plan to deal with a breach. Young lawyers must continually educate themselves along with other attorneys and staff about the changing risk environment. Even one attorney, paralegal, or assistant clicking on a suspicious email link could put the data of the whole firm at risk.
Second, attorneys must be able to advise clients competently, which requires an understanding of technology. For example, when talking to a client about preserving electronically stored information (ESI), an attorney must understand the types of ESI a client may have and where they may be stored. They can span from work platforms to home and mobile platforms to social media and beyond. Many clients may use an instant messaging program for in-office communications rather than email. Failure to preserve or produce those communications may be problematic.
An attorney does not need to master every technology but must understand associated issues that may arise before taking on a matter. In a document intensive case, an attorney unaware of the benefits of using an e-discovery platform may not be able to flag relevant issues for the client. For example, if your client regularly uses spreadsheets but includes hidden data—or the next level of security called “very hidden data”—you may inadvertently delete that data by simply printing the document and producing it. An e-discovery platform can quickly identify and alert a reviewer that hidden data exists. Similarly, the protocol for receiving client documents and loading them for attorney review may alter the associated metadata. Failure to consider these issues in creating a protocol for handling client data may violate not only MRPC 1.1, but also associated rules 5.1 and 5.3.
The need for technological competence is evident through the practical application of other rules of professional conduct, and the rules of civil procedure and evidence. MRPC 4.4 requires an attorney receiving a document the attorney knew or should have known was inadvertently sent to notify the sender promptly. This requirement applies differently by jurisdiction as it relates to metadata treatment or use. Metadata simply refers to data describing data, including information such as author name, document title, date created or edited, and even tracked changes.
Attorneys transmitting ESI have an ethical duty to exercise reasonable care in ensuring confidential information is not disclosed, and in some jurisdictions, this includes metadata. Understanding the varied forms of metadata is necessary to prevent inadvertent disclosure. Failing to understand features such as “track changes” in word processing programs may cause an attorney to send a document with confidential information. The risks to the client and to the lawyer are obvious after the lawyer sends a settlement offer with track changes still available, clearly showing the offer was changed from an initial amount to a much lower amount in subsequent drafts. Regardless of whether the metadata is in client documents sought in discovery or contained in the lawyer’s own communications with counsel, the result is to convey information to the recipient that neither the client nor the attorney intended to release.
Recipients of information must also understand whether or not they may look at (or mine) metadata. Some jurisdictions have drawn a hard line, finding an ethical obligation exists to refrain from mining metadata altogether. Others have found it permissible under certain circumstances. These obligations are not uniform across jurisdictions and require an attorney to be aware of the obligations relevant to his or her practice.
At this point, panic may have set in if you are unsure what metadata is—let alone how to manage or mine it. As one judge recently noted, “[i]n life, there are many things to be scared of, including, but not limited to, spiders, sharks, and clowns—definitely clowns, even Fizbo. ESI is not something to be scared of. The same is true for all the terms and jargon related to ESI. Discovery of ESI is still discovery, governed by the same Federal Rules of Civil Procedure as all other civil discovery.” City of Rockford v. Mallinckrodt ARD Inc., 2018 WL 3766673, *2 (N.D. Ill. Aug. 7, 2018). Ethical rules do not require an attorney to be perfect. They acknowledge the potential for inadvertent disclosure of information and provide an appropriate procedure to remedy it. This does not mitigate the need for reasonable care. Reasonable care must include knowing when assistance is needed and properly utilizing that assistance.
In some instances, refraining from using technology may be as important as understanding how it works. Technology often provides a convenient way to stay connected when an attorney is out of the office. It is easy to receive a document and quickly read it on a phone, allowing a prompt response to a client or opposing party. This convenience may pose an ethical trap. If the device used to view a document cannot display the original format, the document may be missing vital content contained in the original. For example, many phones do not show tracked changes when reviewing a draft. These technological limitations can impair the lawyer’s ability to provide competent representation. Other tasks may simply not require technology. As ABA Formal Opinion 483 emphasized, exercising reasonable care for client information includes avoiding using technology where the task does not require it based on the circumstances.
Attorneys cannot simply plead ignorance and refuse to understand the ways technology alters both their practice and their clients’ lives. Technological incompetence invites malpractice. Those refusing to learn about new changes must seek out effective help or risk wreck and ruin on the rocky shores of modern legal ethics.