Previous month:
February 2021
Next month:
April 2021

New Cybersecurity Recommendations For Lawyers

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

New Cybersecurity Recommendations For Lawyers

Now that lawyers have been intermittently working remotely over the past year - and may continue to do so in the near future - their ethical obligations relating to cybersecurity practices have taken on a whole new level of importance. That’s why technology competence is paramount in 2021: it is essential for law firm leaders to have a full understanding of cybersecurity issues and how they may affect their displaced workforces, especially since lawyers and other law firm employees will likely continue work remotely at different times throughout the coming year.

The good news is that since the start of the pandemic, a number of different bar associations have provided cybersecurity ethical guidance, with the State bar of Wisconsin most recently weighing in on this issues in Wisconsin Formal Ethics Opinion EF-21-02. In this January opinion, the Wisconsin Bar ethics committee offers advice on a number of different issues related to practicing law remotely, including lawyers’ obligations to secure IT systems, protect confidentiality and communicate securely.

At the outset, the Committee focused on the duty of technology competence, explaining that basic technology competence includes, at the very least, “knowledge of the types of devices available for communication, software options for communication, preparation, transmission and storage of documents and other information, and the means to keep the devices and the information they transmit and store secure and private.”

Next, the Committee turned to its cybersecurity recommendations and emphasized the importance of securing law firm devices and systems by putting into place strong safeguards to provide protection for remote working processes. The guidance included a broad range of cybersecurity issues, including password protection, encryption, data backup, and secure communication.

After providing a brand spectrum of general advice, the Committee then offered extensive list of cybersecurity recommendations. What follows is a truncated version of the cybersecurity best practices covered by that list:

  • Require strong passwords to protect data and to access devices.
  • Use two-factor or multifactor authentication to access firm information and firm networks.
  • Avoid using unsecured or public WiFi when accessing or transmitting client information.
  • Use a virtual private network (VPN) when accessing or transmitting client information.
  • Use and keep current antivirus and antimalware software.
  • Keep all software current: install updates immediately.
  • Supply or require employees to use secure and encrypted laptops.
  • Do not use USB drives or other external devices unless they are owned by the firm or they are provided by a trusted source.
  • Specify how and where data created remotely will be stored and how it will be backed up.
  • Save data permanently only on the office network, not personal devices.
  • Use reputable vendors for cloud services.
  • Encrypt emails or use other security to protect sensitive information from unauthorized disclosure.
  • Encrypt electronic records, including backups containing sensitive information such as personally identifiable information.
  • Do not open suspicious attachments or click unusual links in messages, email, tweets, posts, or online ads.
  • Use websites that have enhanced security whenever possible.
  • Do not have work-related conversations in the presence of smart devices such as voice assistants.

Certainly, there’s even more advice where that came from, so make sure to read the opinion in its entirety for lots of useful cybersecurity guidance from the State Bar of Wisconsin. And then, take the advice offered to heart and implement any cybersecurity suggestions not yet in place in your firm. Finally, and most importantly of all - maintain technology competence, keep innovating, and stay safe out there!

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].


Pennsylvania Lawyers Can Ethically Practice Remotely From Out-Of-State

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Pennsylvania Lawyers Can Ethically Practice Remotely From Out-Of-State

In March of last year, as we faced lock downs and the newfound threat of COVID-19, remote work became a sudden and unexpected reality. Law firms shut their doors and sent everyone home, and the work-from-home revolution began out of necessity, not choice.

As lawyers tried to adapt to the “new normal,” they encountered ethical quandaries when transitioning their dispersed workforces to the cloud-based technologies that would facilitate remote working. Because working-from-home was not commonplace prior to the pandemic, there wasn’t much ethical guidance available regarding technology use that lawyers could turn to.

Fortunately, on April 10, 2020, the Pennsylvania Bar stepped up to the plate and issued Formal Opinion 2020-300. In that opinion, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility provided guidance on how lawyers and their staff can ethically provide legal services while working remotely.

Since that time, as lawyers have continued to work from locations both inside and outside of the jurisdictions in which they’re licensed, another ethical issue has arisen: whether an attorney working remotely long term from a jurisdiction in which they’re unlicensed constitutes the unauthorized practice of law. The Florida Bar Association, D.C. Bar Association, and the American Bar Association have already addressed this issue, and now the Pennsylvania Bar Association, in conjunction with the Philadelphia Bar Association, have joined their ranks by issuing Joint Formal Opinion 2021-100.

At issue in this opinion is whether it is ethical for a lawyer licensed in Pennsylvania to work remotely from another jurisdiction in which the lawyer is not licensed. The Committee summed up the situation leading to the consideration of this issue and the ethical dilemma presented as follows: “The shift to a predominantly remote-based practice model has raised concerns whether a Pennsylvania lawyer practicing law from a physical location outside of Pennsylvania engages in the unauthorized practice of law even though the attorney’s practice is limited to practicing Pennsylvania law for clients in Pennsylvania.”

The Joint Committee acknowledged that the American Bar Association had previously addressed this issue in ABA Formal Opinion 495 and had concluded that “(t)he purpose of Model Rule 5.5 is to protect the public from unlicensed and unqualified practitioners of law…(and) is not served by prohibiting a lawyer from practicing the law of a jurisdiction in which the lawyer is licensed, for clients with matters in that jurisdiction, if the lawyer is for all intents and purposes invisible as a lawyer to a local jurisdiction where the lawyer is physically located, but not licensed.”

In reaching its conclusion, the Joint Committee adopted the ABA committee’s rationale and concluded that Pennsylvania lawyers could ethically work remotely from a jurisdiction in which they were not licensed as long as there are no statutes, rules, opinions or case law of that jurisdiction in place that would prohibit them from doing so. The Joint Committee determined that this type of remote work is permissible but “lawyers may not hold themselves out as being licensed to practice in the local jurisdiction and may not advertise or otherwise hold themselves out as having an office in the local jurisdiction, or provide or offer to provide legal services in the local jurisdiction, the fact that they are physically located there does not bar them from working remotely for the same clients.”

This opinion, and the ones from the bar associations that preceded it, are evidence of a greater trend: the pandemic has ushered in a new normal for the legal profession. Remote working, and the cloud-based technology needed to enable it, are here to stay. Practicing law from any location is becoming an accepted and commonplace practice. So if you’re still on the fence regarding the use of cloud computing software in your law firm, what are you waiting for? The tides have turned, and there’s no better time than now to make the transition to working remotely using cloud-based technology.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].


Round Up: Document Assembly Software, Legal Tech Adoption, and Cybersecurity

SpiralI often write articles and blog posts for other outlets and am going to post a round up here from time to time (but won't include my weekly Daily Record articles in the round up since I re-publish them to this blog in full). Here are my posts and articles published from February:


N.Y. Bar opines on online lawyer-client matching services

Stacked3Here is a recent Daily Record column. My past Daily Record articles can be accessed here.

*****

Since the turn of the century, the internet has increasingly become part of our day-to-day lives. Initially, this new reality presented a bit of a challenge for precedent-based, risk-averse lawyers. As a result, in most cases the legal profession as a whole has adapted to the online world more slowly than the general population. Internet marketing, however, was one of the exceptions, and lawyers recognized its potential fairly early on.

That being said, ethics rulings have been one of the primary roadblocks for lawyers seeking to obtain clients via the internet. Since the advent of online advertising, ethics committees across the country have approached it with suspicion and have typically interpreted ethics rules narrowly, issuing holdings that tend to limit the ability of lawyers to advertise and market their services online.

This is especially so when it comes to lawyer-client matching services and the sharing of online referral fees with non-lawyers. Historically, ethics committees have frowned on this practice, permitting fee-sharing arrangements for online referral services under very limited circumstances. The latest opinion from the New York State Bar Association’s Committee on Professional Ethics is no exception. At issue in Opinion 1213, which was decided in January, was whether a fee-sharing arrangement between a lawyer and an online attorney-client matching website was permissible where the match included a “recommendation” of the attorney.

Specifically, the inquiring attorney was seeking input as to whether it would be ethical to participate in an online attorney referral service where the referral fee would be collected by the site, and the matching service vouched “for the lawyer’s credentials, competence and effectiveness…(when recommending) the lawyer as the ‘best lawyer’ for the needs of the potential client.”

The specific service at issue connected individuals who had received a traffic violation with lawyers in their area who were “the best local traffic lawyer for the case.” Once a potential client was paired with a lawyer, they received a price quote that was set by the lawyer. After the client paid said legal fee, a portion of it was kept by the online matching site as a service charge and the remainder was transferred to the lawyer.

Other relevant facts regarding the service included the following: 1) it solicited customer feedback and, in its sole discretion, would offer a full or partial refund if there was an unfavorable outcome, 2) it represented that it was not a law firm, did not offer legal advice, and that none of the attorneys it connected with clients were its employees or agents, and 3) it was not owned by lawyers admitted in New York.

Based on those facts, the Committee then turned to the issue at hand and considered whether “the portion of the legal fee paid by the client but retained by the online lawyer matching service constitute(d) an impermissible referral fee?”

At the outset, the Committee noted that pursuant to Rule 7.2(a), New York lawyers are not usually permitted to pay fees for client referrals. However, the comments to the rule clarify that online lead generation services are an exception as long as the service does not imply or create “a reasonable impression that it is recommending the lawyer… or has analyzed a person’s legal problems when determining which lawyer should receive the referral.”

The Committee explained that previously, in Opinion 1131, it had concluded that a lawyer could ethically pay a service fee to an online referral service where “neutral” and “mechanical” factors were applied when matching a potential client with a lawyers. Conversely, the Committee noted that in Opinion 1132, it concluded that a referral fee paid to Avvo Legal Services was impermissible since a number of different aspects of the service when considered together amounted to an attorney recommendation.

Next, the Committee turned to the factual scenario at hand and concluded that the online service setup was very similar to Avvo’s and thus constituted fee-sharing based on an impermissible recommendation. The Committee explained the attorney could not participate on the site since the matching service was “based on factors that include attorney success rate, response rate, and customer service rating…(and it) plainly strives to give potential clients the impression that it has selected the ‘best’ or ‘right’ lawyer for the potential client’s matter, and that the lawyer selected is preferred over other candidates in the service’s database.”

Accordingly, the lesson to be learned is that New York lawyers should participate in online referral services that provide lead generation for lawyers with care. If there is anything in the marketing language or website description of the service that gives the impression that the service will be vouching for the lawyer’s credentials and competence and/or will recommend that a particular lawyer is the “best lawyer” for a potential client’s needs, then walk the other way.

As I always say, if it’s unclear, err on the side of caution and just say no. You’ve got everything to lose from using a questionable service and very little to gain.

Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase  law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at [email protected].