July 26, 2017

July 25, 2017

Subscribe to Latest Legal News and Analysis

July 24, 2017

Subscribe to Latest Legal News and Analysis

Timely Reminder: Lawyers’ Ethical Obligations and Technology

In June 2017, companies, government entities, and law firms faced a global ransomware attack from a type of malware where attackers lock certain data or components of a system and demand payment in exchange for returned access to such data or systems. Lawyers and law firms are targets of attacks like this and other forms of data breaches at high rates. In the wake of this latest global ransomware attack, let us recall certain ethical obligations related to technology that apply to lawyers.

Per Rule 1.1 of the Model Rules of Professional Conduct, a basic tenet of a lawyer’s ethical obligations to his or her client is that the lawyer must provide “competent representation” or “legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” The requirement for competent representation encompasses keeping “abreast of changes” to “benefits and risks associated with relevant technology.” Additionally, lawyers must “make reasonable efforts to prevent . . . unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client” per Rule 1.6 of the Model Rules of Professional Conduct. While unauthorized disclosure of or access to client information does not violate Rule 1.6 in and of itself, a lawyer must take reasonable action to prevent such access or disclosure. Comment 18 to Rule 1.6 provides several factors for determining whether a lawyer has made reasonable efforts, including the level of sensitivity of the information and the cost and impact of safeguards.

In May 2017, the American Bar Association Standing Committee on Ethics and Professional Responsibility (Committee) released revised Formal Opinion 477R, which spoke to the foregoing rules and, more specifically, to securing electronic communications involving client information. The Committee found that “a lawyer may be required to take special security precautions to protect against the inadvertent or unauthorized disclosure . . . when required by an agreement with the client or by law, or when the nature of the information requires a higher degree of security.” The Committee also advised that lawyers take the following steps when determining what level of security to assign to their communications:

  • Understand the level of risk of cyber intrusion and the nature of the threat

  • Know where the communications are created, where the client data is stored, and what the access options are

  • Understand electronic security methods and their use

  • Discuss necessary security measures with the client

  • Mark “privileged and confidential” communications accordingly

  • Maintain policies and hold employee trainings on the electronic security of client communications

  • Evaluate the conduct of vendors that provide electronic communication services or technology

For example, the Committee found that unencrypted, standard security methods of communicating may be acceptable in some circumstances, but that other situations may require the use of encryption or other stronger security protections. As lawyers and law firms face a barrage of cyberattacks, it is important to stay up to date on relevant technology and implement adequate security measures, in line with ethical obligations. This post discusses the requirements under the Model Rules of Professional Conduct only, so be sure to consult the professional rules in each applicable jurisdiction.

Copyright © 2017 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

TRENDING LEGAL ANALYSIS


About this Author

Partner

Michael L. Pillion is a partner in the Global Outsourcing, Technology, and Commercial Transactions Practice at Morgan Lewis. Mr. Pillion’s practice focuses on information technology and business process outsourcing transactions, as well as commercial and other technology-related transactions, including system implementation, licensing, technology services, strategic alliances, and other agreements in support of sourcing and supply chain operations.

215-963-5554
Jessica M. Pelliciotta, Morgan Lewis, Commercial Transactions Attorney, Emerging Technology Lawyer,
Associate

Jessica M. Pelliciotta is part of our outsourcing and strategic commercial transactions team of lawyers, handling critical commercial transactions that enable our clients to run their business operations effectively. The Morgan Lewis team focuses on technology transactions, including licensing, services, and alliance deals that involve emerging technologies such as cloud computing, software as a service (SaaS), and data analytics.

215.963.4889