Technology makes everything easier-including the ability to commit malpractice. Here are some common missteps.
Technology makes everything easier and faster—including the ability to commit malpractice. Lawyers can lose client data, fail to represent diligently, perform incompetently, and violate the rules regarding attorney advertising. All in 60 seconds or less. There are so many ways to potentially commit malpractice with technology that it’s impossible to list them all. Still, here’s a stab at some of the more common missteps.
- Use illegal software. You know who you are. You buy academic versions of software and use them in your law office. You buy a single license for an application and install it on three computers. You find a neat piece of software that’s free for personal use and copy it onto your work PC. Naughty, naughty is all we’ll say—but the Business Software Alliance (BSA) will say far more. Potential liability for each copyright violation: $150,000. Average out-of-court settlement: $80,000. And yes, they’ve come to law firms. They come with a U.S. Marshal and immediate ex parte authority to inspect your computers. If you are in violation of the copyright law at the time of inspection, intent is irrelevant. The moral? Make sure that you are properly licensed by conducting an annual software audit. And for heaven’s sake, have all the licenses in a single file.
- Give legal advice on your blog. Blogs are not the place to give legal advice. Moreover, if someone in your firm maintains a blog, you want to be very sure that it conforms to insurance industry requirements. Many insurers will not insure a law firm if anyone in the firm blogs. Plus, more and more are beginning to offer specific statements as to the kind of blogs they will—and will not—cover.
- Market using bulk e-mail. It is tempting, but it simply is not legal to bulk market to folks who have no preexisting business relationship with you. The CAN-SPAM Act has done little to control spam, but for a law firm, both real spam and the appearance of spamming can be deadly. This is a surefire way to get your domain name blacklisted. It has happened to multiple law firms—and even to courts!
- Get involved with a client via e-mail and give advice before the proper formation of a contract. This is all too easy to do, especially since many lawyers now have their e-mail addresses up on the Web. It is important to get the retainer agreement signed before the advice is given, lest complications arise. Remember that your e-mail will leave a trail, so exercise extreme caution with anything that remotely seems like legal advice.
- Get in trouble with your state disciplinary board and decide to falsify a document in response. Lest you think it farfetched, a Fairfax County attorney did exactly this. After a complaint was filed for failure to take any action in a case and letting the statute of limitations lapse, the attorney created a backdated letter, purporting to show that he wrote to the client about closing the case, supposedly upon her specific instruction. The metadata that accompanied the document proved that the letter had been created two days before his response to the disciplinary board was due. He is no longer practicing law in Virginia.
- Keep slipshod trust account records. The rules in the digital world are no different than they are in the paper world. We’ve seen lawyers who took in guns, jewelry, cars and so on that were duly reported in their electronic trust accounts, but without any attempt at valuation. Moreover, the electronic records speak eloquently when a lawyer fails to reconcile them, or dips into them when fees have not been earned. Worst of all are the cases where lawyers put monies in the operational account when they clearly should have been escrowed. If the firm uses a good accounting package, such as QuickBooks, any attempt to fiddle the books will be logged. Honesty remains the best policy.
- Miss a court date because the e-mail notice was trapped by your spam filter. Don’t laugh, this just happened to a respected firm in Colorado. The court was not amused by counsel’s failure to show up and assessed sanctions against the firm, requiring it to pay for the opposing counsel’s time. Please, people, whitelist the domain names of your courts—and important client domains as well—to ensure that their e-mails will pass muster with your filters. Remember that you cannot shift the blame to a third-party service provider, however much you might like to. Why? Because court rules say you can’t.
- Don’t proofread. The difference between “I will consider a $100,000 settlement” and “I will not consider a $100,000 settlement” is vast. This is but one of many examples of how lawyers get in trouble by not proofreading. You wouldn’t send out a real letter without its contents being double-checked, so don’t send out an e-mail that way. This is especially true if you use voice recognition software. Although these programs are good at what they do, they aren’t perfect.
- Open an attachment when the sender or the circumstances are suspicious. It’s dumb, even if you do have a good antivirus program. Just because you have the latest protection doesn’t mean you can’t be the first kid on your block to get a virus for which there is not (yet) an antivirus signature. And remember, e-mail addresses can easily be spoofed. Therefore, if you get an e-mail from a client that contains an attachment and you were not expecting it, and there is no explanation in the text of the message that makes sense, don’t open it. Call the client and verify that the person actually sent something to you. And this is a very good spot to remind you always to keep your antivirus and antispyware subscriptions current!
- Use weak passwords. Passwords are critical defenses, so do not use the name of your child, your pet or your favorite sports team. Make your password complex, including numeric characters. A good tip is to use a short sentence that you won’t forget.
- Visit a Web site you wouldn’t like your mom (or the senior partner) to know about. This is precisely how spyware gets on machines. Adult sites are particularly notorious for this, but many sites (even those with screensavers, computer utilities, recipes and so forth) have spyware on them to make extra money. Even a judge once called us after errantly opening a “farm girls” e-mail attachment. He found himself trapped in an endless barrage of pop-up pornography that refused to go away. Understandably, he was somewhat reluctant to call the courthouse IT staff. Enough said?
- Use the Address Auto-Complete function with abandon. This feature is so helpful and so potentially damaging. It is incredibly easy to let this function go and send an e-mail to someone other than the intended recipient. At best, the result is embarrassing. At worst, it is a genuine problem where you have perhaps sent confidential data to an unrelated third party or, nightmare of nightmares, to opposing counsel. We’re all so busy that hitting the Send button immediately after composing an e-mail seems natural. But there is an inherent danger here. So be sure to pause a moment to look at your message one more time and confirm that it is going to the right people. And in a similar vein, do not hit Send until you’ve followed the advice in number 13 …
- Write in anger. It’s an old chestnut, and still one to heed. The unfortunate part of electronic communications is that when someone sends something idiotic to us, we can immediately reply and point out the complete lunacy of what has just been transmitted. This is particularly tempting when a lawyer is under attack. Don’t do it! Go take a walk instead. Do anything other than reply immediately with words that cannot be recalled and may come back to haunt you. Remember, don’t send it if you don’t want to see it on the front page of the New York Times.
- Make it impossible to find your own files. Files should be named appropriately, including the client name and the kind of document, and perhaps the date. Having a good, descriptive name, you must now create a structure (one of your own or through a case management system) that makes it easy to find what you need when you need it.
- Rely completely on your computer calendar. So what happens when your Internet service goes down? Or your firm’s server crashes? The authors are devoted adherents of the tech world, but it is always prudent to have a secondary calendar that can provide a fallback measure.
- Leave your computers on at night. Are you nuts? Can you personally vouch for each member of the cleaning crew? Robbers who broke into an entertainment complex in Colorado recently found themselves unable to open the safe even though they had the code. Perplexed, they looked around and found a computer that was on and Googled information about the safe. Moments later, the safe was open—so you see, it is very helpful to have computers on at night. Helpful for all the wrong sort of people. If you must keep your computer on at night to gain remote access, be sure you have a screen-saver password!
- Don’t change the default settings. Every script kiddy and macho hacker knows the defaults of all common computer-related devices. In fact, the defaults are posted on the Internet. If you don’t want a burglar in your house, you always, at a minimum, lock the door. Changing the defaults is locking the door on your practice’s computer systems.
- Fail to maintain an employee termination policy. We sometimes chuckle that the only way to have a safe employee termination is to issue a blindfold and cigarette and execute the employee. This seeming cynicism comes from the number of ex-employees who have caused technological havoc by accessing a firm’s network once their authority to do so has expired. When you are ready to terminate someone, promptly cut off the individual’s access to your systems (from both inside and outside) and forward all the individual’s e-mail to someone else. Collect all terminated employees’ keys, and change the security codes if necessary.
- Don’t secure your wireless network. This applies at home as well as at the office. Wherever you work, your wireless network should be secure. This means that you must change such things as the SSID and the default admin password. Disable the advertisement of the wireless network and enable some sort of encryption for the cloud. Create MAC filtering rules to limit connections to those that are predefined. After all, you shouldn’t be in the business of creating the neighborhood hot spot.
- Don’t back up or do test restores. Most lawyers should be doing incremental backups daily and full backups at least weekly. If you’re doing less, think again about the potential danger. Also, backup media fails over time, so don’t assume that you have a good backup without doing periodic test restores. In case after case, we’ve seen lawyers rely on backup tapes only to find that the tapes holding the only backup of the firm’s data were corrupted. External hard drives increase reliability but should be changed in rotation just like tapes.
- Don’t have a disaster recovery plan. Do you think the lawyers caught in Katrina ever imagined they would face a disaster that was so large it would involve both their homes and offices? Many had backup media at home and lost that media as well as the computers and servers at work. This was compounded by not having power or cell phone towers. The communications breakdown was further aggravated by food and water shortages, office buildings being closed by authorities, and on and on. Many lost their practices forever because they were not sufficiently prepared. In disasters of all forms, an ounce of prevention is worth more than a pound of cure.
- Have a laptop without adequate data protection. In a world where laptops are the number one stolen item at airports (and they rank in the top five at hotels, from cars and the like), you must take precautions. This means having a power-on password, encryption or biometric access. The new “finger-swipe” biometrically accessed laptops are no longer out of anyone’s price range, and encryption of the data is no longer difficult. At the very, very least, make sure no one can get on your laptop at all without that power-on password. It is surely the most elementary of precautions. And while you’re at it, how about implementing precautions and policies to prevent client data from being lost or otherwise compromised via those other highly stealable or losable little devices called thumb drives, PDAs, iPods and cell phones?
- Appear to promise results on your Web site. Read your jurisdiction’s rules on advertising. Then read them again. In Virginia, for example, if you even describe results of cases, you must explain that results are dependent on individual fact scenarios and state that case results do not guarantee or offer a prediction of the same result in another case—and it must be done in bold type, capital letters and a font size as large as the largest size font used to describe the case results. And we all know the one about calling yourself a “specialist” or an “expert” on your site. Or at least we all should.
- Don’t scrub the metadata. It is impossible to overstate the importance of stripping metadata, tracked changes and revision comments from case-related and other sensitive documents. In one memorable instance where a court brief was filed with metadata still intact, a comment revealed an attorney asking if anyone thought the “yo-yo brain judge” would understand what was being argued. As you can imagine, the judge was not amused as he viewed this in the document. So get yourself a good metadata scrubber program such as Metadata Assistant. Or, already own Adobe Acrobat? Converting your document to PDF will strip out almost all the metadata, usually everything you would care about. Can you look at the metadata in opposing counsel’s documents? The ABA says yes, five states have now said no, and some states haven’t spoken. Check what your particular jurisdiction has to say.
- Disregard or mishandle ESI. Until recently, lawyers were getting away with this on a regular basis—but no longer. Judges have had enough and are beginning to hand out sanctions like penny candy, mostly against the client, but now and again against the law firm as well. In a world where 97 percent of data is created electronically and only a fraction of it is ever reduced to paper, it is no longer possible to choose to know nothing about electronically stored information and its handling as evidence. You must understand your client’s technology well enough to avoid spoliation and determine where relevant evidence may be in order to preserve or produce it. If you are not up to speed, get there.
This list could go on and on….
But, one hopes, it is now clear that there are many significant dangers in the electronic world waiting to trap the unwary. Here, at least, is a good starting point for making sure you’ve covered some of the more critical ethics bases. Want some extra help? Then go to legalethics.com, abanet.org or findlaw.com to learn more about arming your practice against the dangers of the digital universe.
Portions of this article appeared in an earlier version in CBA PracticeLink.