Picking up where we left off on the prior post discussing ABA Formal Opinion 498 and a lawyer’s ethical considerations for virtual practice, this second post in this two-part series will discuss the particular virtual practice technologies and considerations the Opinion emphasized. As a refresher, Opinion 498 advised lawyers that the ABA Model Rules of Professional Conduct permit virtual practice (outside of the traditional “brick-and-mortar” law firm), but require consideration of ethical duties regarding competence, diligence, and communication. The first post identified those considerations and duties as discussed in the Opinion.
The Opinion then advised, “lawyers practicing virtually need to assess whether their technology, other assistance, and work environment are consistent with their ethical obligations.” The Opinion referred to ABA Formal Opinion 477R for discussion of options to safeguard communications. However, the Opinion also provided guidance when employing certain technologies and platforms, particularly those that may be employed in a virtual work setting:
- Hard/Software Systems: For hard/software systems, the Opinion encouraged lawyers to ensure they have reviewed the terms of service applicable to their hardware devices and software systems to assess whether confidentiality is protected from unauthorized access. This could include installing security-related updates and using strong passwords, antivirus software, and encryption. When connecting over Wi-Fi, lawyers should ensure the routers are secure and should consider using virtual private networks (VPNs). The Opinion encouraged periodic assessment of the adequacy of system protections.
- Cloud Services to Store Client Files: When accessing client files through a cloud service, the lawyer should (1) choose a reputable company, and (ii) take reasonable steps to ensure the confidentiality of client information is preserved while being readily accessible to the lawyer. Data should regularly be backed up and secure access to the backup data should be readily available in the event of a data loss. Lawyers should have a data breach policy and plan to communicate losses to impacted clients.
- Virtual Meeting or Videoconferencing Platforms: The Opinion then advised lawyers to review the terms of service of virtual meeting or videoconferencing platforms to ensure they are consistent with ethical obligations. Access should only be through strong passwords, lawyers should consult local ethical rules before recording a conversation without client consent, and no meetings should be overheard or seen by others in the household or office to avoid jeopardizing the attorney-client privilege. The Opinion also encouraged lawyers to consider purchasing higher tiers of platforms that offer more security over the free or consumer platform variants.
- Virtual Document and Data Exchange Platforms: The Opinion recommended lawyers review the terms of service of any virtual document and data exchange platforms to ensure they comply with ethical obligations. The Opinion goes on to advise that documents should also be appropriately archived for later retrieval. The lawyer should consider whether information sent via email should be encrypted both in transit and in storage.
- Smart Speakers, Virtual Assistants, and Other Listening-Enabled Devices: Unless the technology is assisting the lawyer’s law practice, the Opinion encouraged lawyers to disable the listening capability of devices or services such as smart speakers, virtual assistants, and other listening-enabled devices while communicating about client matters. Otherwise, the lawyer could be exposing the client’s sensitive information.
Given our new perspective on the use of virtual technologies in the past year and a half, Opinion 498 serves as a well-needed reminder for lawyers to ensure their practices, including the use of technology to practice virtually, comply with their ethical obligations.