Ethics Conference Speakers Warn Lawyers: Technological Ignorance Has Consequences

The ABA/BNA Lawyers’ Manual on Professional Conduct™ is a trusted resource that helps attorneys understand cases and decisions that directly impacts their work, practice ethically, and...

By Samson Habte

June 1 — Attendees at the 41st ABA National Conference on Professional Responsibility could have been forgiven for thinking they mistakenly registered for a symposium on technology, rather than a forum on broader developments in legal ethics, bar regulation, law firm management and malpractice risks.

Technology issues dominated discussions at five of the 13 panels at the conference, held in Denver May 28-29.

Experts have long predicted that technology would change legal practice. Several speakers expressed a clear view on that issue: the future is now.

Panelists at one session warned about malpractice risks that arise when lawyers fail to understand how social media use can impact clients' cases.

Another panel featured law firms' general counsel with conflicting views on the advisability of allowing firm employees to use personal mobile devices as work tools.

Risks to confidentiality—the primary reason for opposition to “bring your own device” policies—were also a recurring concern for speakers on other panels.

A discussion on recent developments in confidentiality featured one speaker who highlighted a pendulum-swinging trend among ethics committees that are revisiting the question of whether lawyers should be required to use encryption when e-mailing clients.

Another expert gave a detailed presentation on Federal Rule of Evidence 502(d), which allows litigation adversaries to enter into court-enforced agreements that provide for the return of privileged materials unintentionally disclosed in responding to discovery requests for electronically stored information (ESI).

Technology also was a key topic at a panel featuring executives from three new—and reportedly profitable—companies that have leveraged technology to carve out slices of the legal services marketplace. (See 31 Law. Man. Prof. Conduct 327.)

Lawyers Can't Be Luddites

In 2012, the ABA amended Model Rule 1.1 (competence) by adopting Comment [8], which states that lawyers must keep pace with technological changes to meet their duty of competence to clients.

The new comment may have been the most frequently cited provision at the conference, whose attendees included bar officials, law firm general counsel, legal ethics consultants and lawyers who defend malpractice and attorney discipline cases.

Charles H. Gardner, a California lawyer and media executive who moderated a panel on “Social Media Policies and Procedures in the Firm Setting,” cited a 2011 case in which a Maryland court declared: “It should now be a matter of professional competence for attorneys to take the time to investigate social networking sites.”

That admonition was seconded by panelist Jennifer Ellis, who defends malpractice and attorney discipline cases for Philadelphia-based Lowenthal & Abrams P.C.

“Failure to understand how social media can impact clients’ cases could lead to serious damage to a case which might result in a malpractice complaint,” Ellis wrote in materials prepared for the conference.

Internet Sleuthing

Ellis and another Philadelphia panelist—Thomas G. Wilkinson Jr. of Cozen O'Connor—said bar authorities in their home state have taken leading roles in applying the duty of technological competence to specific questions such as whether lawyers may advise clients to remove potentially damaging evidence from social media websites.

The emerging consensus, Ellis said, is that a lawyer can and should counsel clients to purge potentially damaging evidence from the Internet—so long as the lawyer also takes steps to preserve any information that may prove relevant and discoverable.

“Don't destroy the evidence; it's really as simple as that,” Ellis said, citing Philadelphia Ethics Op. 2014-5, 30 Law. Man. Prof. Conduct 468 (2014), and Pennsylvania Formal Ethics Op. 2014-300, 30 Law. Man. Prof. Conduct 620 (2014).

Wilkinson said lawyers should ensure that “a full forensic image” is taken of a website before deletions occur. “Don't just hand that obligation over to your client,” he added. “Document each step of that process and the advice you give [to the client].”

Conversely, the panelists stressed the importance of using the Internet to investigate litigation opponents—and of developing sound procedures for authenticating evidence gathered from online profiles.

Ellis said she videotapes herself and provides a running commentary of what she is doing when gathering online material. Such measures are important because social media companies rarely comply with discovery requests and won't help with authentication, she told attendees.

B.Y.O.D.

A program titled “Bring Your Own Device” featured speakers who expressed conflicting views on the advisability of allowing law firm employees to use personal mobile devices as work tools.

Gerald J. Ferguson, a partner at BakerHostetler in New York, said the so-called BYOD movement is “here to stay” because clients “expect us to be available 24 hours a day.”

Steven Puiszis, deputy general counsel at Hinshaw & Culbertson LLP in Chicago, agreed that the BYOD trend is irreversible. Given that fact, he said, law firms must develop written policies identifying the risks of BYOD. “And there are many of them,” Puiszis said.

The panelists concurred that the primary risks are data breaches that expose confidential information. They said such breaches can result from lost or stolen devices, storing data with cloud computing vendors that are unable to provide robust security, the use of unencrypted connections at coffee shops and targeted hacking that involves the use of “ransomware.”

Puiszis said law firms can navigate those risks confidently if they develop BYOD policies that include training employees on “computer hygiene” and the implementation of a rapidly deployable “incident response plan” when a device is lost or compromised.

Puiszis said an effective incident response plan should include protocols that allow a firm to remotely “shut down” a device that has been lost or compromised, and erase all data from it.

But Puiszis stressed the importance of disclosing the necessity of that procedure before allowing employees to use personal devices for work purposes. Otherwise, he said, a law firm may need an employee's consent to wipe a “dual-use” device. If consent is not obtained, Puiszis added, the firm “could be buying [a] claim under the Computer Fraud and Abuse Act.”

The possibility of incurring liability to employees as a result of such security measures was one of several reasons that panelist Michael J. McGuire counseled against BYOD policies.

McGuire, a partner and chief information security officer at Littler Mendelson P.C. in Minneapolis, advised firms to instead adopt a “Corporate Owned, Personally Enabled” (COPE) policy for mobile devices.

That approach, he said, gives a law firm more control over employee-used devices and more flexibility to take security measures when a device has been compromised.

While BYOD policies may limit firms' capital outlays by passing the costs of devices and calling plans to employees, McGuire said, firms must consider various hidden expenses—such as the possibility that departing employees will store proprietary information on dual-use devices, triggering disputes that may require forensic examinations and litigation. “It's a lot cheaper to just buy them a new device,” McGuire said.

Emerging Confidentiality Issues

University of Georgia law professor Lonnie T. Brown said the consensus on communicating with clients through unencrypted e-mail—driven by a 1999 ABA ethics opinion that approved the practice—may be giving way as authorities reconsider the risks of e-mail interception.

Speaking at a session on developments in confidentiality, Brown said “we have come a long way in [the] 16 years” since the ABA opinion was issued, and that a number of state ethics panels have shown a willingness to impose more onerous security requirements on lawyers.

Brown cited California Formal Ethics Op. 2010-179, 27 Law. Man. Prof. Conduct 15 (2010), which identified six factors to consider when determining whether ethics rules prohibit the use of a particular form of technology to store or transmit client information.

The panel also touched on Federal Rule of Evidence 502(d), which Chicago-based Jenner & Block partner David M. Greenwald described as an underused tool for preventing the inadvertent waiver of attorney-client privilege and work product protections.

The rule, which went into effect in 2008, allows parties in litigation to enter into agreements that provide for the return of privileged materials accidentally disclosed in response to requests for electronically stored information.

Greenwald said Rule 502(d) can help “avoid costly litigation” because it authorizes a court to enter litigants' predetermined agreements, including any “clawback” provisions, into the docket as an order.

To contact the reporter on this story: Samson Habte in Washington at shabte@bna.com

To contact the editor responsible for this story: Kirk Swanson at kswanson@bna.com

The ABA/BNA Lawyers’ Manual on Professional Conduct is a joint publication of the American Bar Association Center for Professional Responsibility and Bloomberg BNA.

Copyright 2015, the American Bar Association and The Bureau of National Affairs, Inc. All Rights Reserved.