Practicing Law in the World of COVID-19: Competently Representing Your Clients Now Includes Competently Using Technology
March 30, 2020
Under Ohio’s Stay-at-Home Order, even essential businesses like law practices are encouraged to have their employees work from home, to the extent possible. In 2017, the Ohio Board of Professional Conduct issued an advisory opinion that specifically covers the ethical considerations for lawyers operating a virtual law office (Opinion 2017-05). This opinion is now highly relevant as more law practices learn to navigate a remote workforce.
The fact that a law office is being operated virtually does not excuse attorneys from any ethical obligations, such as maintaining client confidentiality, safeguarding client funds, and delivering competent representation. Competent representation includes one more consideration, which is coming to the forefront in 2020 – competent use of available technology. The comments to the Ohio Rules on Professional Conduct specifically require a lawyer to ”keep abreast of . . . the benefits and risks associated with relevant technology,” (Prof.Cond.R. 1.1, cmt. ).
One of the most important concerns with remote legal work is maintaining client confidentiality. Lawyers working from home can and should utilize cloud computing, email, and electronic data management software. But by doing so, the attorney puts the protection of client confidences in the hands of the third-party technology service provider. The Rules indicate that a lawyer must take “reasonable efforts” to prevent the inadvertent or unauthorized disclosure of confidential information (Prof.Cond.R. 1.6[c]).
According to the Board, the reasonable efforts include an understanding of the data the lawyer is handling on behalf of the client and ensuring that any third-party vendor is able to rigorously guard that data.
Here are the two important things to consider:
- Evaluate the sensitivity of the client information and put appropriate safeguards in place that are proportional to the risk and consequences of disclosure;
- When dealing with third-party technology vendors, investigate the measures undertaken by the vendor to ensure its operations are compatible with the lawyer’s professional obligations. Specifically, the lawyer should:
- Determine that the vendor understands and agrees to maintain and secure stored data consistent with the lawyer’s duty of confidentiality;
- Ensure that client files and data will be maintained and regularly backed up; and
- Require that the vendor give the lawyer notice of subpoenas for client data, non-authorized access to the stored data or other breaches of security, and a reliable means of retrieving the data if the agreement is terminated or the vendor goes out of business.