The American Bar Association published Formal Opinion 498 on March 10, 2021 which provides guidance for the virtual practice of law. They stress some of the same things they have previously such as the competence requirements of ABA Model Rule 1.1 and the confidentiality requirements of ABA Model Rule 1.6 and Formal Opinion 477R. They now go further and discuss some of the other rules that go beyond an individual lawyer working remotely to an entire law firm working remotely.
While many legal technologists feel that the ABA has not worded their advice about these topics strongly enough, this new formal opinion goes into more detail than before about the challenges that must be addressed when working remotely. Granted this information would have been very helpful a year ago at the start of the pandemic but nobody could have foreseen what this last year has brought. Much of the new guidance covers topics we have been discussing for many years and it is about time that they became a requirement for all lawyers instead of just larger firms who have IT leaders heading up the charge.
One of the challenges of remote work involves the ability to supervise other lawyers and staff. These responsibilities are outlined in ABA Model Rules 5.1 and 5.3, but this new formal opinion elaborates on this by mandating that policies and procedures be established to ensure compliance with the ethical rules, specifically those pertaining to the obligation not to disclose information relating to representation of the client. These policies and procedures should also include handling conflict of interest issues, docketing, and accounting for client funds. Interaction with subordinates and assistants should be regular and communication should be effective and clear.
Another challenge is ABA Model Rules 1.3 and 1.4 indicating that lawyers must be diligent in their representation and keep the client reasonably informed about the status of the matter. Referring back to Model Rule 1.1, should their communications utilize new technologies, they must recognize and understand “the benefits and risks associated with relevant technology.” Both Model Rule 1.6 on confidentiality and Formal Opinion 477R go further to indicate that these communications must be encrypted to ensure privilege is maintained. With this in mind, lawyers must ensure that their communication technologies – whether email or Zoom or another such technology – are encrypted and not being crawled by the service provider. More on this later.
This Opinion also touches on secure Internet requirements such as ensuring you connect to secure wifi or use VPN technology. I would go further to suggest that default SSIDs – the name of your home network – should be changed from the default to something else that does not identify you. If many others are using the Internet in the home, set up a separate network for business. Firewalls – either software or hardware – should be implemented along with anti malware/spyware/virus software that is business grade.
Speaking of free services, this formal opinion points out the importance of reading the terms of service of the products you use – particularly those used for communication and file sharing. Using business-grade products rather than the free versions ensures a greater level of security. The free versions may allow collection, tracking or even selling of the data or storage of data in other countries which may have different privacy laws. Virtual meeting platforms may also have settings that automatically record conversations. Depending upon jurisdiction, there may be a requirement to notify the client before recording the call. Alternatively, the system may have an option to turn off this feature.
When having virtual meetings while working from home or anywhere outside of an enclosed office, the duty of confidentiality can become more difficult to maintain. Family members must not be able to hear or see these meetings to maintain privilege. Additionally, smart speakers that listen to your voice must be turned off so conversations are not exposed to an additional risk of hacking. This must be considered whether working from home or from a shared workspace or on the road.
A clean desk policy is also a part of the confidentiality requirement. Family members should not be able to see any printed material relating to representation of clients, nor should they be able to access the data on any PC.
This brings me to another issue I’ve been speaking and writing about for many years – Bring Your Own Device or BYOD. This phrase is used to describe when people use their personal devices for business purposes. At the start of the pandemic, while many firms allowed lawyers and paralegals to work remotely and they may have had systems and policies in place for that, they may not have had plans or policies in place for staff to work remotely. There were shortages of available laptops and supply chain issues that lead to many firms begrudgingly allowing people to use their personal devices to access business resources.
Depending upon the types of systems the firm uses, the inherent risks are varied. Firms employing containerized solutions that utilize Citrix, Terminal Server, RDP or other published desktop solutions were able to enable everyone to work remotely very securely without missing a beat. Others that instead have individual Cloud-based products may have had more challenges as working on documents involves downloading them to the local machine. If everyone has a firm-issued laptop, this is not a big issue, but if people are using personal devices it is risky. In situations like this, it is at least advisable to create a separate user account on the personal computer for business use to ensure that others cannot access business content.
Firms utilizing multiple Cloud-based products may also have to consider the consequences of data being saved on local machines and whether that data is backed up. Whether devices are firm owned or personal, if firm data is to be stored on them some ability to remotely wipe the devices should be employed in the event of theft or loss.
With this focus on technology, some are liable to forget about paper. There must be some way to process file and, when necessary, docket paper mail. Firms that have a brick-and-mortar location often have a staff member or team of staff members who come in for this purpose, utilizing scanning technology to scan the mail directly into a document management or case management system.
Taking the practice of law into a virtual environment was previously thought to be a cutting-edge approach with only a few boutique firms using it as a selling point. If this last year has taught us anything, it is that we are all capable of more than we thought and that the virtual law office is here to stay. The ABA’s guidance has made it official.
Copyright © 2021 Legal IT Professionals. All Rights Reserved.