In March 2021, the Standing Committee on Ethics and Professional Responsibility of the American Bar Association dropped Formal Opinion 498 on the world. The opinion offers much needed guidance on the virtual practice of law, the form of practice embraced by many lawyers during the pandemic.
The overarching point Formal Op. 498 is this: as lawyers continue to practice virtually, by choice or otherwise, and, in turn, rely more on legal technology to facilitate their practice, the core ethical requirements of lawyering apply in equal force. The opinion then focuses on the ethical duties most commonly implicated by virtual practice and legal technology:
- Confidentiality.
- Supervision.
- Competence, diligence and communication.
This article addresses how collaborative case management software allows lawyers to satisfy their ethical obligations in a virtual practice setting that relies on legal tech.
Confidentiality and Legal Technology.
Under Rule 1.6 lawyers also have a duty of confidentiality to all clients and therefore “shall not reveal information relating to the representation of a client” (absent a specific exception, informed consent, or implied authorization). A necessary corollary of this duty is that lawyers must at least “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
In the virtual context, a lawyer’s duty of confidentiality ultimately comes down to data security in their legal technology platform(s) of choice. Collaborative case management software ensures that client data resides securely in the cloud. Data in the case management platform is encrypted, which captures uploaded documents, as well as work product, analysis and coding. Users can protect their accounts and access with strong passwords and multi-factor authentication.
FO 498 extends the need for precautions to case-related communications as well:
Similarly, lawyers must take reasonable precautions when transmitting communications that contain information related to a client’s representation.
Lawyers love email and that likely won't be changing anytime soon. However, many lawyers are not aware that a standard email communication is unencrypted. FO 498 notes that "if the lawyer is transmitting information over email, the lawyer should consider whether the information is and needs to be encrypted (both in transit and in storage)." Lawyers should be especially cautious when sending documents or files as attachments via unencrypted email. A better practice is to send the email with a secure link to the document or file located on the case management platform. This ensures that only the intended recipient can click to decrypt the document in the platform, assuming they have the appropriate permissions to do so.
FO 498 offers the following specific guidance on accessing client files and data via legal technology in the cloud:
Lawyers practicing virtually (even on short notice) must have reliable access to client contact information and client records. If the access to such “files is provided through a cloud service, the lawyer should (i) choose a reputable company, and (ii) take reasonable steps to ensure that the confidentiality of client information is preserved, and that the information is readily accessible to the lawyer.”
Cloud-based case management software solves a lot of problems for a virtual practice. In addition to the cybersecurity benefits discussed above, cloud-based platforms allow lawyers to reliably access client data on demand and from anywhere. A lawyer does not need to be in their office to securely review key documents and work product.
Supervision and the Principle of Least Privilege.
Lawyers with managerial authority have ethical obligations to establish policies and procedures to ensure compliance with the ethics rules, and supervisory lawyers have a duty to make reasonable efforts to ensure that subordinate lawyers and nonlawyer assistants comply with the applicable Rules of Professional Conduct. Practicing virtually does not change or diminish this obligation.
Organizations should always adhere to the principle of least privilege (PoLP) as a cybersecurity best practice. This means ensuring that each person has the minimum level of privilege (or access or permissions) necessary to perform their role. Collaborative case management software offers robust matter management and user permissions to implement this practice. For example, supervisory lawyers with admin privileges can ensure that "subordinate lawyers" and "nonlawyer assistants" only have access to matters they should be able to access. This is also essential for conflict management (e.g., walling off org members from matters where they have conflicts).
Competence, Diligence, and Communication.
Whether interacting face-to-face or through technology, lawyers must “reasonably consult with the client about the means by which the client’s objectives are to be accomplished; . . . keep the client reasonably informed about the status of the matter; [and] promptly comply with reasonable requests for information. . . .” Thus, lawyers should have plans in place to ensure responsibilities regarding competence, diligence, and communication are being fulfilled when practicing virtually.
With collaborative case management software, lawyers can collaborate with clients. For example, lawyers can give direct access to clients to their matters, giving them on-demand access to case documents, status and other information in real time. Lawyers can then curate what elements of a matter the client can access. This allows clients to stay informed about their matters.
To review the full opinion, you can find it here.
