Because of the pandemic, lawyers are working remotely more than ever before, and many will likely continue to do so - at least occasionally - even after the pandemic is behind us. Now that practicing law virtually is more commonplace than ever, many different bar associations have recently handed down ethics opinions that address the ethical issues to consider when working from a remote location. Most recently, the American Bar Association weighed in on this issue on March 10th in Formal Opinion 498. In this opinion, the ABA Standing Committee on Ethics and Professional Responsibility offered ethical guidance on a host of issues that are triggered when law firm employees work remotely. The opinion covers a wide range of topics and is worth an in-depth read, but for the purposes of this article, I’m going to focus on the technology-specific recommendations.
Notably, at the outset, the Committee acknowledged that all of the ethical issues discussed apply whether a firm’s workforce is working in the office or elsewhere, but that the issues may need to be addressed differently when a firm is operating remotely.
Prior to offering guidance, the Committee first provided its definition of a virtual practice, which it stated was a “technologically enabled law practice beyond the traditional brick-and-mortar law firm.” This definition comports with the general understanding of this concept.
Next, the Committee explained the rationale behind providing this type of ethical guidance at this time. According to Committee, recent events have resulted in an acceleration of technology adoption in the legal profession and as a result, updated guidance was necessary: “Virtual practice began years ago but has accelerated recently, both because of enhanced technology (and enhanced technology usage by both clients and lawyers) and increased need.”
The Committee then turned to specific technology-related guidance, and explained that regardless of where law firm employees are working, maintaining client confidentiality is of the utmost importance. That being said, when employees work from remote locations, reasonable steps must be taken to ensure that procedures are in place that sufficiently protect client data: “(A) non-exhaustive list of factors may guide the lawyer’s determination of reasonable efforts to safeguard confidential information: ‘the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients…’"
According to the Committee, particularly sensitive client data will warrant increased protection: “(D)epending on the circumstances, lawyers may need to take special precautions…Factors to consider to assist the lawyer in determining the reasonableness of the ‘expectation of confidentiality include the sensitivity of the information and the extent to which the privacy of the communication is protected by law or by a confidentiality agreement.’”
Next the Committee addressed the options available to lawyers that may need to encrypt some types of more sensitive data, especially when it comes to communicating with clients about confidential information electronically. The Committee explained that in some cases unencrypted email is insufficient and secure online client communications portals like the ones available in law practice management software may be necessary: “As ABA Formal Op. 477R noted, a ‘lawyer has a variety of options to safeguard communications including, for example, using secure internet access methods to communicate, access and store client information (such as through secure Wi-Fi, the use of a Virtual Private Network, or another secure internet portal)…”
Last but not least, the Committee focused on a potential, and possibly unexpected, issue that may affect many lawyers and law firm firm employees working from home: the security of smart listening devices such as Amazon Echo or Apple’s Siri. The Committee explained that in some cases these devices should be turned off when confidential information is being discussed: “Unless the technology is assisting the lawyer’s law practice, the lawyer should disable the listening capability of devices or services such as smart speakers, virtual assistants, and other listening-enabled devices while communicating about client matters. Otherwise, the lawyer is exposing the client’s and other sensitive information to unnecessary and unauthorized third parties and increasing the risk of hacking.”
Those are just some of the issues covered in this very concise, but comprehensive opinion. I strongly suggest that you review the entire opinion since it provides ethical guidance on a number of different security issues that may be triggered when a law firm’s workforce is displaced from the office, or otherwise working remotely - something that is likely to become increasingly common in the years to come.
Nicole Black is a Rochester, New York attorney, author, journalist, and the Legal Technology Evangelist at MyCase law practice management software for small law firms. She is the author of the ABA book Cloud Computing for Lawyers, co-authors the ABA book Social Media for Lawyers: the Next Frontier, and co-authors Criminal Law in New York, a Thomson Reuters treatise. She writes legal technology columns for Above the Law and ABA Journal and speaks regularly at conferences regarding the intersection of law and technology. You can follow her on Twitter at @nikiblack or email her at email@example.com.