Previous month:
October 2014
Next month:
December 2014

The Ethics of Communicating With Clients Online

Stacked3This week's Daily Record column is entitled "The Ethics of Communicating With Your Clients Online."  My past Daily Record articles can be accessed here.

*****

The Ethics of Communicating With Your Clients Online

I’ve been writing about cloud computing — where your data and software are stored on servers owned and maintained by a third party — since 2008. And for years now I’ve asserted that Web-based computing is the future and that lawyers can ethically use it for the purposes of storing confidential client information as long as they exercise reasonable care in choosing their legal software providers.

This is a position supported by all applicable ethics decisions handed down throughout the United States in recent years, including the most recent one from the New York State Bar Association, Op. 1020. In this decision, the Committee for Professional Ethics concluded: “Whether a lawyer for a party in a transaction may post and share documents using a ‘cloud’ data storage tool depends on whether the particular technology employed provides reasonable protection to confidential client information and, if not, whether the lawyer obtains informed consent from the client after advising the client of the relevant risks.”

However, even though cloud computing has repeatedly received the green light by ethics committees across the country, some lawyers continue to express reticence about cloud computing, citing security concerns. This reluctance is misguided in light of recent revelations about security issues affecting more traditional means of client communication and information storage provide.

For example, as proof that traditional methods of storing information are not foolproof, there’s the report of a recent breach notification issued by a California criminal defense law firm after a hard drive containing backup files from one of the firm’s server’s was stolen from the trunk of a car. The breach notification letter that was sent out to their clients in August can be found here: http://tinyurl.com/breachletter. So, even though the firm used onsite servers to store their client data, confidential client information was nevertheless obtained by outsiders.

In another recent case, the security of encrypted email was called into question. Lawyers have long used traditional unencrypted email to communicate with clients, ever since bar associations began to approve this practice in the late 1990s.

However, more recently the American Bar Association cast some doubt on the use of email for all client communications when it acknowledged the lack of security offered by unencrypted email and issued ABA Formal Opinion 11-459 and concluded: “Whenever a lawyer communicates with a client by email, the lawyer must first consider whether, given the client’s situation, there is a significant risk that third parties will have access to the communications. If so, the lawyer must take reasonable care to protect the confidentiality of the communications by giving appropriately tailored advice to the client.”

Due to fears about the security of unencrypted email, some lawyers have turned to encrypted email in an effort to address this perceived security risk. Unfortunately, the Electronic Frontier Foundation recently reported that many ISPs have been intercepting customer data and stripping emails of their encryption layer (http://tinyurl.com/effemail). So even encrypted email is susceptible to tampering.

In another case, we learn that even communications relayed using “snail mail” are now at increased risk of interception. The ABA Journal reported last month that “(t)he U.S. Postal Service approved nearly 50,000 requests last year to monitor the mail of Americans in its ‘mail covers’ program, raising concerns about lack of oversight.” (http://tinyurl.com/abamail). The monitoring requests were made by “both by law enforcement and the Postal Service’s own inspections unit” and attorney-client communications were sometimes targeted, with no requirement in place to notify lawyers when this type of information is accessed.

In other words, no matter how your law firm stores information or communicates with clients, there are risks. Whether your firm uses paper, server-based software, or cloud-based software, outside access to confidential client information is a possibility.

There is no such thing as absolute security and the ethics committees have long recognized this fact. Instead, regardless of how the information is stored or transmitted, your duty is not to ensure absolute security but to instead take reasonable steps to protect that information. Vet any third-party provider who will have access to confidential client data and carefully consider the sensitivity of the data that will be discussing, regardless of the format of your communication.
The use of cloud computing tools to store confidential client data and discussions is no more or less ethical than any other type of method. Instead, your ethical obligation is to ensure that whatever method you choose is reasonable under the circumstances.

Nicole Black is a Rochester, New York attorney and Director of Business Development and Community Relations at MyCase, intuitive web-based law practice management software for the modern law firm. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can be reached at niki@mycase.com.


Another NYS Bar Decision On Virtual Offices

Stacked3This week's Daily Record column is entitled "Another NYS Bar Decision On Virtual Offices."  My past Daily Record articles can be accessed here.

*****

Another NYS Bar Decision On Virtual Offices

 

 

In September I wrote about a recent decision on virtual law offices handed down by the New York City Bar Association in Formal Opinion 2014-2. In it, The Association of the Bar of the City of New York Committee on Professional Ethics concluded that it was ethically permissible for an attorney contemplating opening a virtual law office to use the VLO address as her “principal law office address” and on her law firm’s business cards, website and letterhead.

In that case, the attorney planned to open a virtual law practice wherein, instead of maintaining a physical office, she would do most of her work from home but would meet with clients in an alternate physical location other than her home, such as an office that rented out space.
In other words, her proposed VLO differed somewhat from the more accepted definition of a VLO, where lawyers practice law and interact with clients via their computer and mobile devices in lieu of a traditional brick and mortar office. One issue with this type of VLO in New York — where there is no physical office space — has always been the physical office requirement of Rule 7.1(h).

Fortunately, the New York State Bar Association weighed in on that issue in September when it issued Ethics Opinion 1025. In this case, the inquiring attorney — who lived outside the United States but was licensed to practice law in New York — sought to open a VLO. She planned to market her practice as one that provided only transactional legal services, including preparing contracts relating to employment law, business law, and charity law. At issue was whether the physical office requirement of Rule 7.1(h) prevented her “from operating a purely virtual law office?”

In reaching its decision, the committee noted that “Rule 7.1(h) of the New York Rules of Professional Conduct (the ‘Rules’) requires attorney advertising to include the attorney’s ‘principal law office address.’ Rule 7.1(h) states what an attorney’s advertising must contain, but does not expressly state that all attorneys ‘shall’ or ‘must’ maintain a physical office, or set standards to determine what constitutes such an office.”

Then, in keeping with its forward thinking ethics decisions issued in the recent past regarding the intersection of Internet-based technologies and the practice of law, the committee then concluded that based on recent New York case precedent and decisions being issued in other states regarding the physical office requirement, that Rule 7.1(h), which is intended to regulate only advertising, no longer “provides an independent basis for requiring a physical office.’”

The committee then clarified its conclusion: “In whatever manner the courts resolve the statutory issues regarding virtual law offices — and we express no opinion on how they will or should resolve those issues — neither Rule 7.1(h) nor any other advertising rule imposes or defines the contours of an attorney’s office or style of practice. To the extent N.Y. State 756 and 964 opine that Rule 7.1(h) or its predecessor imposes an obligation for a physical office, they are modified. We now conclude that an attorney who is admitted to practice in New York but who is not resident in New York and who advertises his or her law practice in New York must include the address of the attorney’s principal office, which may be the Internet address of a virtual law office.”

Once again New York leads the way in issuing ethics decisions that reflect a thoughtful understanding of the impact of technology on the practice of law. To ignore the incredible changes occurring would be a disservice to the profession. Fortunately, the New York State Bar’s Committee on Professional Ethics is issuing decisions which have the opposite effect.

Nicole Black is a Rochester, New York attorney and Director of Business Development and Community Relations at MyCase, intuitive web-based law practice management software for the modern law firm. She is also a GigaOM Pro Analyst and is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a West-Thomson treatise. She is the founder of lawtechTalk.com and speaks regularly at conferences regarding the intersection of law and technology. She publishes four legal blogs and can bereached at niki@mycase.com.