This proposed opinion out for public comment takes a very practical approach for attorneys on how to deal with third party websites that describe attorneys, their clients and their practices. Important points are included on using disclaimers on testimonials from clients and correcting inaccurate information posted by others about the attorney. The draft opinion also discusses claiming a profile on a third party website by exercising control over the profile, which triggers the lawyer’s ethical obligations, as well as a lawyer’s abandonment of a profile on a third party website. Whether the recommended approaches are practical in the digital world is one issue that may be evaluated further via the public comment process as this proposed ethics opinion moves forward. Many third-party websites may not facilitate the recommended actions.
Sarah Jane Hughes has published an important new article on cloud computing and legal ethics, written from the perspective of the ABA Model Rules of Professional Conduct. Because California’s ethics rules have not yet had the benefit of an update to take changes in technology into consideration, the ABA Model Rules, including comments to those rules which provide additional guidance, are highly instructive. In her article, Hughes updates her prior work regarding the risks posed by storing clients’ data in the cloud, including data breach and government surveillance, with discussions of several recent high profile examples to illustrate the risks posed, including malware threats posed by hackers. Key risks come from data breaches (internal and external) as well as secret back doors in electronic devices including tablets and phones and the encryption breaking software of the National Security Administration. The article questions whether lawyers can rely on safe harbors based on data encryption given NSA capabilities. At the same time, she suggests that disclosure of client data should not constitute a waiver of the attorney client privilege, because it is not intentional or voluntary.
The article also details a scheme for classifying data in terms of three levels of security and provides a well organized range of strategies aimed at minimizing the risks of disclosure and protecting client data. These include understanding the contracts of cloud service vendors, managing issues with clients through disclosure and informed consent, and implementation of training and audit procedures. For sensitive matters she advocates considering reversion to low tech processes including the use of typewriters. She also details lawyers’ obligations regarding notification of clients in data breach scenarios. An excellent read for those tasked with implementation of data management in a legal environment. The topic of legal ethics and cloud computing deserves further attention as lawyers have navigated their practices to the cloud.
Are communications between general counsel or claims counsel for a law firm and the lawyers in the firm protected by the attorney client privilege where a former client seeks them in discovery in a malpractice action? The answer, according to a recent California case, depends on several factors including the roles of the attorneys as claims counsel and general counsel to the firm and whether the attorneys were billing the client in the case. Assuming that the general counsel and claims counsel for the firm held those positions prior to the communications, and that they were not billing the client, it is more likely a California court will find the communications privileged. However, the court pointed out that the lawyers will still have a duty to disclose to the client the fact that they have committed malpractice. In addition, the court indicated that a third counsel who was deputized by the general counsel and claims counsel, but who then actually worked on the client’s case, had not met the burden of demonstrating the application of the attorney client privilege. The case is Edwards Wildman Palmer v. Superior Court. Further discussion here.
Legal ethics issues arise in a number of cloud computing applications. A primary consideration is the ethical duty of confidentiality. What is appropriate depends on many factors including the type of legal matter and sensitivity of the information. An additional ethical consideration is the duty of competence. With the risk of data breach increasing, lawyers should think carefully concerning how they use the cloud. My new article in the Los Angeles County Bar Association’s Update surveys the subject. Read it here.