Hello and welcome to the Quimbee Continuing Legal Education course. Working from home Ethically Technological competence for lawyers. My name is Matthew Blaisdell and I'm a solo immigration attorney in Brooklyn, New York. Today, we're going to teach you how to meet your affirmative duty of protecting the attorney client privilege in a work from home environment. So what we're doing here is looking at the new normal in terms of how you interact and communicate with your clients and employees and exploring how to maintain attorney client privilege and proper supervision of employees. What we do need to know about maintaining confidentiality and making sure that staff and outsourced work still allow us to meet our obligations under the rules of professional conduct. To do. So we'll be breaking the topic down into four main areas. Technological competence. Privilege and confidentiality. Supervision of remote staff. And managing your online presence. By the end of this course, you'll be prepared to anticipate liabilities that may arise when attorneys and staff are working remotely and in so doing will provide you with a number of both the general and also very specific practical tips and best practices to enable you to meet your obligations and allow you to work with confidence in a remote environment. So let's start with a concept of technological competency before we jump into it. We'll just acknowledge that this is a technical term that's merely a simple recognition of the fact that to be competent in our services, we can't rely on our intellectual capacity alone, but need to be competent with the tools that we are using. So starting with the duty of technological competency, most states now require you to understand the benefits and risks associated to fill your basic obligations. So tools include virus protection, software firewalls, password management, etc. and having detailed office policies in place. We'll explore these in more detail towards the end of the presentation. But should we run out of time? There's a lot of very actionable steps spelled out in the materials to help you develop your own internal policies covering both you and any individuals that you may be working with in whatever capacity. So let's look at what the rule and the comments actually state. And a client lawyer relationship. A lawyer shall provide competent representation to a client which requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. Most relevant to technological competency. Here is number comment, number eight and maintaining competence, which states had to maintain the requisite knowledge and skill. We need to keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology. And this rule has been adopted by the majority of the states. So again, know your tools and inability to understand how email and other cloud based services work will not protect you from liability should you violate any of the other rules discussed here. Ignorance is not an excuse. And finally, to review a few of the key points that we went over. What is the type of technology we're talking about here? It could be anything that using your practice, it could be anything that you commonly use to create and send information. It may or may not be anything in social media. And always check your state's versions of Rule 1.1, including the comments and ethics opinions. Next slide. The essential areas to be aware of cybersecurity, protecting and transmitting information. Electronic filing discovery and file management to collect, identify, maintain and organize information. Your and your clients, social media and the basics that we all use, such as email, calendaring, research methods, case management, software, etc. All of this may or may not be limited to the technology that you use in your practice. I would break relevant technology down into these four, what I call essential areas. So we have cybersecurity, which is the protection and transmission of information. We have e filing discovery, file management, etc. in which we collect, identify, maintain and organize information. Social media, which includes your and your clients use of social media. And the basics which most all of us are currently using. Which would be like email, calendaring, research, case management, etc., etc.. It would behoove you to have a policy in place for each of these topics, including hardware, software and the processes and procedures that you and your staff will have place for using them. And speaking about competency, we can't really understand it except in relation to other rules. So what behaviors and objectives are we applying this concept to? Well, first, look at the duty to preserve attorney client privilege as described in modern rule 1.6. And for our purpose, our purpose is specifically looking at comment 18 here on this slide, which specifically references competence as well as rule 5.3, which is supervision of staff, a rule we'll discuss later. So there's a lot of text here, but the gist is that you need to demonstrate reasonable efforts to prevent access to or disclosure of information relating to your representation, which it discloses describes in the last sentence here. Here we have a comment that's all about email. This comment puts us in the shoes of our friend, the reasonable man. Here we see the phrases, reasonable precautions, reasonable expectation of your client's privacy and the reasonableness of the lawyer's expectation of confidentiality. So the first of these reasonable precautions refers to a standard. Basically, you have to have measures in place that make sense for the communication that you're making. And the other two reasonable expectations refers to your safe harbor. You don't need to set up the equivalent of Fort Knox for a simple email about scheduling an appointment. So always refer to your North Star the reasonable man. Basic tools to keep in your practice. Virus protection software. Firewalls that control the traffic in and out of your network. A password management service that stores generates and manages access to your software. Policies and processes related to your former employees. Timelines for clearing out their accounts, for getting them access to the network, their passwords, etc.. Have a policy for devices who can access wi fi and on what devices, the phones, laptops, what apps can they use, what apps can they not use, etc.. And think about having multiple layers of backup. Updated versions of your data, continuous sinking and daily on site backup onto an external drive. In the event that yours is corrupted or held for ransom or whatever. Always keep a backup on site and off site. It is helpful to have a very basic understanding of the main external threats to your firm's security. So these would be, say, phishing, which is an attempt to obtain sensitive information by someone pretending to be a trustworthy person. So you've seen this all the time. So in emailing you, reaching out in social media, etc., pretending to have a connection or otherwise be a legitimate person because they have some basic information of you which they use to obtain more information about you. There's also ransomware, which is a malware that prevents or limits access to a system or network by encrypting files which can be decrypted only upon payment of a ransom. So in this case, someone sent a virus. Now you can't get access to any of your stuff. And they say, We will decrypt this so you can get access to it if you pay us money. And this is relevant to us because after the financial and retail sectors, the legal sector is the one most targeted for cyber threats. You should also really be aware of the main form of protection against these attacks, which is encryption, which we just discussed in ransomware. So if you're familiar at all with crypto, then you know that encryption works by using a key that basically applies a code to scramble the text that you're entering into the software. And then it applies another key to unlock or decrypt the code. That's usually in the form of a password. This will protect you from the risk that even simple communication poses. So when someone takes a small piece of information about someone and uses that to get even more information. So think about people who try to trick you into giving them your Social Security number, which then they'll go to use with some other entity to get even more information about you. And partly on this slide is just for. Verbiage purposes. We have the two different forms of data, which is in stasis, which is data that sits encrypted on a device or server and data that's in transit. So when it's traveling over a network or Internet, you don't really need to know these in detail for our purposes today. But again, these slides are here for reference, should you decide to deepen your education on this topic a little bit later. This commonly comes up in the context of, say, portals or case management software document portals where clients can upload their documents, electronic intakes that we send out, etc.. Okay, so what goes into an office technology policy? Here are eight points to consider. You should think about informing employees about what's expected and what's acceptable behavior in dealing with computers and property regarding client's info and their own personal lives. You should think about internet browsing policies. You should think about establishing and implementing policies and procedures for trainings or establish and implement policies and procedures regarding their remote workspaces. What are the spaces actually look like and what are the risks inherent in each employees environment? You can hold meetings with subordinate staff to achieve sufficient supervision. Articulate steps to take in the event of a policy breach so clients are concerned and commitment by keeping their information confidential and demonstrate attempts to maintain ethical standards. Again, doing all of these things will reduce your liability in case a breach does occur. You can always come back to the disciplinary committee or whichever and say, I've implemented everything that I could possibly think of to prevent these things from happening. But the fact they did, I still made reasonable efforts and you'll be in pretty good shape. And here in the next two slides, we have a list of nuts and bolts type tips to protect you from these events occurring. We can't take the time to describe these in more detail, so please just use these slides as a jumping off point to conduct your own further research.
Please just take the time to skim these for the moment and again, use these as a point of reference after the presentation. To summarize privilege and confidentiality. To maintain the protection. You must take adequate precautions to keep the communications confidential. This extends to periods after the communication was initially made because failure to maintain the confidentiality over time waives the protection. And generally speaking, constantly consider whether any third party has access to your communications with your clients. You must make reasonable efforts to ensure that you have measures giving reasonable assurance that your staff is maintaining confidentiality and that you are responsible if you have knowledge of any breaches of this duty by your staff. Remember that outsourcing work does not alleviate you of the duty to maintain direct supervisory authority over their work. And recall that you should have a training in place with ongoing instruction and supervision, including the rules governing diligence, communication, confidentiality, conflicts of interest, press accounts, candor, honesty, communications with persons represented by counsel, and the unauthorized practice of law. And this should all be preceded by a conversation with staff to ensure their understanding and compliance. Again, think about using stories, particularly case law, to really kind of make it clear to them what actions might get you in hot water and the extent to which you are liable and your license might be liable for violations. Other ways to do this. Are you signed confidentiality agreements and have discussions about record keeping in the homes of your staff? Have written contracts incorporating protocols for confidentiality and security. Have them provide you with photographs and descriptions of their work environments. Have them inventory with you. Their Internet security protocols, including how they store digital documents. Provide them time frames for deleting client information from their devices and with your own clients. Inform them that paralegals may be used or outsourced work and obtain informed consent for that from your clients. Again, checking local rules. Okay. Okay. Now let's have a discussion on what exactly privilege and confidentiality is and how it applies to us in the work from home context. What to take from this slide is that attorney client privilege is basically confidentiality, expectations, assurances and ensuring. So establish the rules of who can talk about what for our purposes. To who is who is actively listening and who has access. Managed and supervised envelopes and fax machines using the phone in a public space without VPN talking on a phone in a cafe. These are the types of activities that we're talking about here in this section. So what does confidentiality. Confidentiality actually mean? The law is linked to the recognition of privilege, to a confidentiality requirement, which has three dimensions. The first is subjective. The client must intend their communications with the attorney to be confidential. So assume, unless they say otherwise, that the communication is confidential. In which case no one should have access asynchronous or not. So think Email software. Text. Phone video. Assume that the client intends that to be confidential. The second element is objective. The client's subjective intention must be reasonable under the circumstances. So if they call you on your cell phone and you tell them that you're on a bus, you have a little bit more leeway, it's not reasonable for them to assume that it's going to be as confidential as it might be otherwise. So again, remember the reasonable man from the earlier slide and from law school. And third, the confidentiality must have been subsequently maintained. So this is our main point and we'll address cybersecurity later. Encryption backups, use of email devices, staff policy, malware, etc., etc. All the points we just ran through earlier. That's an ongoing obligation. 24/7. 365. So when does the privilege disappear? Well, in two instances, it can disappear expressly when someone expressly waives it or impliedly by conduct. Few cases here. Look at the second bullet. Taking or failing to maintain precautions may be considered as bearing on intent. So, again, if you're lax in your policies, that's indicative of the fact that you might not have intended to. The communications to be confidential. The attorney client privilege is not absolute and does not protect all communications which must involve the subject matter of the representation and be made with the intention that the communication be confidential. So two points there. To be privileged, the communication must involve the subject matter of the representation. And number two, it must have been intended to be confidential. So this slide returns to the subject matter of privileged information. So then particular communication. Again, this only refers to the subject matter of the legal assistance and does not extend to any other technical information that might have been included in communication. So in the third bullet, you'll see an example factual summaries or reports about simply factual material, information, measurements, diagrams, etc.. There's also a great case, Bower V Wiseman from the Southern District of New York in 1987. In that case, Bauer and Wiseman, two individuals in an intimate relationship. Wiseman was the lawyer, told Bauer his companion, to stay in his hotel room while he attended a conference. And the hotel room? He left papers spread all over the table related to their estate, his own estate planning, which involved her bower and in which she, of course, read. So in a later lawsuit, Bauer sought to make those estate planning documents discoverable. And when Wiseman sought to protect them, the court found out that he had failed to take all possible precautions to protect that information. When he left, it scattered all over a table in a hotel room in which he made her stay. So the basic rule is that the privilege extends to communications that are both one meant to be confidential and two made for the purpose of rendering legal advice. So did this last point. There's another case in Ray Tom's food in the middle District of Georgia 2006, in which a business owner was talking to his corporate counsel about a number of business and personal matters. And then he tried to shield the email that he sent out to other parties regarding non legal matters when he was in court proceedings. The court made the point that the attorney client relationship is not the same as attorney client privilege. It must be the privilege must only extend to legal advice regarding this specific matter communicated to the attorney. They must be the client should be aware of the possibility of conflict, and it must have been intended to be confidential when made and the privilege again only extends to the legal advice regarding the specific matter communicated to the attorney. So four types of communications can meet the standard. Client's request for legal advice. A client's communication to the attorney of facts that the attorney needs to give legal advice. An attorney's request for facts that the attorney needs to give the advice and the attorney's legal advice. So here's a case, Lois Sportswear, which involved patent litigation, in which one of the parties was seeking access to the attorney work product of the other party. This case discusses what might be reasonable measures in that context. But the takeaway is that if you don't designate the material as confidential and if you don't take measures to treat it that way, then if you mistakenly produce it, that confidentiality has then been waived. So again, just really hammering home a few of these points. The client must have subsequently maintained that confidentiality in order to preserve the privilege. If they go on talking about the confidential material to other people, then they have not maintained it and it's no longer privileged. This is particularly troublesome with email communications that can be transmitted to others with ease. So example, if you forward the email or accidentally include third parties on the subject matter of the email, you have essentially waived the privilege. So if the client, within reason, respects the privilege, then it attaches. The client must maintain the confidentiality to preserve that privilege. Think very deeply about who might be receiving these emails and also what language you're putting in the signature line of your emails regarding the confidentiality of the material in your emails. So to reference one last case, which is interesting in this context, which is us versus Santiago in the eastern district of Pennsylvania in 2013, this is an individual, Santiago, who is selling cocaine and giving instructions on the phone regarding how to sell the cocaine. Well, then also talking to his lawyer. Meanwhile, the feds, of course, are eavesdropping on all these conversations, which Santiago later sought to protect as attorney client privilege. Problem here was that Santiago also talked to third parties, referencing the communications that he had made to his lawyer. And when he talked to these other third parties about the stuff you talked to his lawyer about, he was waiving the privilege of those communications. So the Fed had access to it and Santiago was not able to protect the communications. And with that last interesting tidbit, we will move on to the next section. Supervision of remote staff. Two main points. Who this applies to and when you're liable. You need reasonable assurance that your staff's conduct is compatible with your obligations under the rules. Basically, you have to make sure that your staff do not get you in trouble. That is on you. This applies whether you have direct supervisory or managerial authority. Second point is that you're liable if you had constructive knowledge or if you failed to avoid or mitigate when you knew about it. So basically, if you're aware of a violation and you have the ability to mitigate it, then you are liable. Think authority and knowledge. You cannot outsource competence or supervisory obligations, whether to a lawyer or to a non lawyer. If you engage with anyone to do your work for you, you cannot avoid responsibility under the rules if that person's conduct triggers a violation. You are the one in the trouble. So the paralegal ate my homework is not an excuse. If you suspected paralegal might be eating paperwork, then you must have stopped them. But there is some safe harbor here. This is not strict liability. Again, reasonable efforts. So solo attorneys might not not be held to the same standard as a white shoe conglomerate. Attorney and a new lawyer may not be held to the same standard as an old veteran attorney. So think about what the matter type is. Is this a small claims or is this international finance? Think about who is the client and think about what is the expectation of privilege. Make these clear to yourself, to your client and to staff. Get on the same page about processes, procedures, and how information is shared and stored. We will address some more best practices later. But we'll touch on one of those now, which is protecting yourself by having training in place in how to comply with the rule. Both what the rules are and how they can comply with that. So one way is to do that is by telling stories through case law. I told a few stories just a few minutes ago, and those tend to be effective with staff and that they give examples and highlight the consequences. They make it real to your staff. The extent to which they are they and you are liable for discipline in the event of violations. For more on best practices, you can read this article published on the Utah State Bar website in 2014. But let's move past this for now and jump into the ABA guidelines for the use of paralegals. Guideline. Number one is basically your responsible and you should take reasonable measures. Guideline number two is that unless the local law says otherwise, you are able to delegate anything to a paralegal except. You may not delegate the ability to start an attorney client relationship. You may not delegate fee setting. And this can be whether to independent paralegals, notary publics, translators, caseworkers, etc.. You are responsible for whatever they do here. So if they sign someone up, assess a fee, give or provide legal advice, you are probably in trouble and can't avoid responsibility for the ensuing damage. Guideline number four refers back to reasonable measures to make sure that the client courts and your colleagues are aware that you are using non lawyers to perform legal services. And by legal services we mean things that are not clerical. So when you're taking where you're applying law to facts, if you're telling someone what their legal status is or liability is at any given time, that's the provision of legal advice, how to answer questions on legal documents, etc.. Basically anything that's not straight up transcription, calendaring, helping people make appointments or whatever could be construed as legal services in the broadest sense. So if you're going to take a conservative approach. Be overbroad. What we want to look at here is guideline number seven, which is making sure that your non lawyer does not have a conflict through their other employment. What reasonable measures would work in your practice for identifying conflicts brought by employees? Worth spending a little bit of time thinking about how to implement a conflict, Check in your practice and as applied to your staff, not just to you and your colleagues. And the other one to look at here is guideline number nine. You cannot split fees or pay for referrals or pay by contingency as applied to your staff. You can only plea pay your staff and outsourced work for the volume and for the quality of their work. They are not your partners and they are not a referral service. They are the hired help to help you get your work done. And here we have some best practices for remote paralegals. Signed confidentiality agreements and discussions about record keeping in their homes. Written contracts, incorporating your protocols for confidentiality and security. Requiring that they provide you with photographs and descriptions of their work environments. You may require an inventory of their Internet security protocols, including how they store digital documents. You can set timeframes for them to delete client information from their devices. And in your own materials to clients, you may inform them that paralegal work may be outsourced so that you can obtain informed consent from the clients. Check your local rules regarding these requirements. So now let's talk about managing your online presence. Advertising services online refers to model Rule 7.1 Communications concerning a lawyer's services. 7.2 Advertising and Rule 7.3 Solicitation of clients. So rule 7.1 is that a lawyer shall not make a false or misleading communication about the lawyer or the lawyer's services. A communication is false or misleading if it contains a material misrepresentation of fact or law, or it omits effect necessary to make the statement considered as a whole, not material misleading. So importantly, comment number one, this governs all communications about your services, including advertising. So whatever means are made to make your services known. All statements about those must be truthful. And comment number two a truthful statement is misleading. If there's a substantial likelihood that it will lead a reasonable person to formulate a specific conclusion about your services for which there is no factual foundation. So the takeaway here, it's important to note that the rules cover all communications about your services and that you are liable for misleading statements which are defined as creating a substantial likelihood that it will lead a reasonable person to formulate a specific conclusion about your services. For which there is no reasonable factual foundation. Comment three adds a little bit more detail, describing a statement as misleading if presented so as to lead a reasonable person to form an unjustified expectation that the same results could be obtained for other clients in similar matters, or, if presented with such specificity as it would lead a reasonable person to conclude that the comparison can be substantiated. Advertising online services. Now we're looking at module 7.2, specifically again in the comments. The interest in expanding public information about legal services ought to prevail over the consideration of tradition. Nevertheless, advertising by lawyers entails the risks of practices that are misleading or overreaching, and the key words into what this covers would be or does not cover would be any information concerning your services, their prices, your language ability, the names of people who have made references to you, and any other information that might invite the attention of those seeking legal services so you can disseminate this information. There's no problem with that. It does not include basic facts about your business. Comment. Number five you may pay others to generate client leads such as Internet based client leads, so long as the lead generator does not recommend you. So to comply with Rule 7.1, you must not pay a lead generator that states that implies or that creates a reasonable impression that it is recommending you that is making the referral without payment for you from you. Or that its analyze the person's legal problems when it determined how to make the referral to you. So basically you can pay for lead generation as long as that service does not recommend you imply this referring you for free or that its analyze the person's problems before referring it to you. Now we move into solicitation. A lawyer shall not by yours crucial phrase in person live telephone or real time electronic contact. Solicit professional employment when the significant motive is your pecuniary gain unless you're reaching out to a lawyer, family close personal or professional relationship. And every written, recorded or electronic communication shall include the words advertising material at the beginning and ending of any recorded or electronic communication unless the recipient is one of the people identified above. So basically you can only solicit other lawyers, friends and prior clients, and by solicit they mean in person live telephone or real time electronic communication. And of course, at the bottom there's the subsection C, the one no one takes seriously, which is that you have to write if you are soliciting advertising material at the beginning and at the end of every statement, which doesn't easily fit into a tweet any of the times. So again, this is a rule that's somewhat in flux. And check your local rules, because a lot of states have been updating them to reflect modern communication, especially on social media. And these requirements may differ by jurisdiction. So here again, we're putting some more specificity on the definitions of advertising and solicitation and when they might apply. Solicitation is a targeted communication initiated that is directed to a specific person, not your communication. Let me start. All right. And here we're providing a little bit more specificity into the definitions of advertising and solicitation. So comment number one to rule 7.3 defines solicitation as a targeted communication initiated by the lawyer and directed to a specific person. This is not a lawyer's communication. That is directed to the general public or it's not a communication in response to a request for information or automatically generated in response to Internet services. There is a potential for abuse when the solicitation involves hears the words direct in person, live telephone or real time electronic communication by the lawyer to another person who is known to need legal services. And the third comment important to know that communications can be mailed or transmitted by email or other electronic means. These typically do not involve real time contact and do not violate other rules governing solicitations. So the takeaway here is that it is advertising, it's solicitation. If it's directed excuse me, it's advertising if it is directed to the general public. But it is solicitation. If it's directed to one person, live real time, and that special scrutiny will be paid to these real time communications. Comment. Number six any solicitation containing information that is false or misleading within the meaning of Rule 7.1, which involves coercion, duress, harassment, or which involves contact with someone who has made known to the lawyer a desire to not be solicited by the lawyer. All of that is prohibited. And if after sending a letter or a communication, you receive no response, any further effort to communicate with that person may also violate these rules. So essentially do not coerce people and do not keep poking them if they do not respond to your initial effort. Here. We have a few technical exceptions to the rule for certain organizations or for people who reached out to you. So seven and eight. The rule is not intended to prohibit you from contacting representatives of organizations or groups that may be interested in establishing part of the group or pre-paid legal plan for members and. The rule regarding material marked as advertising material does not apply to communications sent in response to requests of potential clients or their spokespersons. So if someone reaches out to you and asks you for information, your response to that is not considered to be solicitation. Also general announcements, including change and personnel or office location soliciting professional employment need to be in legal services does not fall within the ambit of this rule. So now we're going back to real time. Most emails and websites are not considered to be solicitation because they are not real time. However, most forms of messaging and most chat rooms are. So you see their comment. Number nine ordinary email and websites are not considered to be real time and interactive, but instant messaging, chat rooms and other types of conversational computer access communications are considered to be real time or interactive. So in the course of educating the public, you should carefully refrain from giving or appearing to give a general solution that applies to all apparently similar individual problems, because slight changes in facts may require a material variance, so otherwise the public may be misled or mis advised. So essentially do what you can to avoid the appearance of providing the same advice to multiple people who may not in fact have identical situations despite how they might present them to you. Talks and writings aimed at the public should caution them not to attempt to solve individual problems on the basis of the information that you have covered. However, your participation in an educational program is not usually considered to be advertising because its primary purpose is to educate and inform rather than to attract clients. An educational program might be considered advertising if, in addition to its educational component, participants or recipients are expressly encouraged to hire you. So generally, educational programs are OC. However, a gray area might be blog postings or putting educational materials online. In that instance, they might look to what the intent is. Are you putting the stuff out there with the intent of getting clients or are you putting it out there for the purpose of educating the public? It depends. Check your local jurisdictions comments. Check your local jurisdictions. Case law. Check your local jurisdictions. Ethics Opinions. If you're at all concerned about the extent to which you are putting. No information about the law. Out into the public in any format whatsoever. Best practices to take the most conservative approach. Whatever you're putting out there, label it attorney advertising at the beginning and the end to the extent to which it fits. But again, local rules are changing in this extent. Include your name, principal, address and telephone number. If your local jurisdiction offers it, and some do, there are disciplinary bodies that will or bar associations that will pre-approve any content posted. So as I just discussed in talking about blogs, PDFs, other documentation regarding information, if you want a local bar association or disciplinary panel to make a determination whether it's advertising or not, many of them will give you free clearance ahead of time. It's your best interest to preserve a copy of all electronic communication for at least one year and obviously refrain from false, deceptive or misleading statements. So, for example, if someone posts material on your social media profile that does not comport to this, probably to scrub it and to avoid dissemination or use of the material that might violate the rules. So clients are the people post stuff on your website on whatever portals that you're using that might violate these rules. Do your best to get rid of it. If you do use third party endorsements or testimonials, do your best to ensure that it's accurate. Do not allow misleading endorsements relating to skills or expertise. Do not claim that you specialize. It is better to say, for example, in my case, I am an immigration lawyer rather than for me to say that I specialize in a specific area of immigration. And it's best to hide any identifying information of clients, obviously, including on listservs. There is no public record exception to the rule of confidentiality. So eliminate all identifying information about your clients before posting, whether that's to a website, whether that's to a private chat room, whether that's through any other form of social media. Do take every measure you can to scrub that. Any identifying information of clients. See this happen a lot in lawyer chat rooms. So like Facebook groups for lawyers where we talk about cases and problems, somebody will quite often post a phone pic of a document having information that would lead to the identification of a client that's bad. Even though it's a private chat room, it could very easily be disseminated or find its way outside of the chat room. So again, redact everything you post anywhere at any time. And some common sense here. Be honest and transparent. Be careful when hiring for SEO or lead generation. Find space to write attorney advertising or where you don't have space. Try to include a link, so maybe become familiar with Lee. The service in which you can create smaller links that might fit more easily within a tweet or a post or Instagram or whatever it is. If you can't find the space to put in the general disclaimer, stick a link in there that will direct the person to the disclaimer, or you can have it as a pinned post. So for example, if you're looking at someone's Twitter feed, quite often, the very first thing you see is the pinned tweet. And that's a very great place to put your disclaimer. So maybe you won't be required to put it inside every single tweet that you post. This could be applicable to a number of other forms of social media that allow you to pen a post at the very top of your profile. And improvise. So again, a tweet doesn't provide much space for your address, but in your profile you might include a link to your website, and your website should have your complete contact information. So if you can't put a name, address, etc. Attorney advertising all of the disclaimers. This does not imply results 100% of the time. Whatever, whatever. Then obviously you can't put that in every single thing you post, but you can make it easier for them to find again, whether it's a tweet or maybe it's just a link to your website or whatever it is, provide them access to it that's going to put you in much better footing again, if your advertising or electronic communications ever comes to the attention of attorney discipline. And don't stress out at least overtly. So disciplinary bodies usually only instigate investigations and charges regarding to competence only when it happens in conjunction with other violations. So, for example, they bring a charge of diligence against someone, then they'll quite often tack on a charge of competence where it's relevant. So, for example, you fail to be diligent by meeting a deadline that might be actually a failure to mitigate the effect of your incompetence. Competence. Charges may also appear when successor counsel reviews your files. So again, everything you put out there, any communication to your client, everything you file on behalf of a client, your attorney work product might very well end up in your client's hands and it might well end up in front of another lawyer. When your client takes the file to another lawyer who then might forward the file to a disciplinary body. So that's another way in which your technological competency might find its way to a grievance committee. Also remember that everyone makes mistakes. They don't tend to charge violations of rule 1.1 for each single acts of competence. If you make a slip up with your calendaring, with your email, with your backup, with your firewalls, etc., a single violation is probably not going to lead to charges by the grievance committee. However, if you do a bunch of them, if there's a pattern or practice of your inability to use your technology competently, then you're putting yourself in a much riskier position. And if a rule doesn't cover a specific piece of hardware or software process that you're engaging in. Just ask what does the purpose of the rule? Is this the type of thing that Rule seven might cover? Is this the type of thing that rules one or 5.3 are looking to address? And so is the thing that you're doing. Does it dovetail with the purpose of the rule? So again, if it's not covered by the rule, let's take a step back and think, is this the type of thing that the rule would cover? And then, if so, put into place some of the measures that we've talked about throughout this presentation. And lastly, again, don't panic. It's highly likely that any of the above constitutes serious professional conduct. So again, if you have a slip up on Zoom, something escapes a chat room, etc. That's not usually the type of thing that's considered to be serious professional misconduct. It's not on the level of stealing or misappropriating funds. It's not on the level of failing to cooperate investigation. This is not commission of a serious crime or something that's obvious, that's practicing well, suspended, meaning engaging in the unauthorized practice of law. So these aren't typically life and death violations that are going to put your license at risk. Your lodestar is basically, especially when it comes to advertising. Do not be deceptive or misleading and try to make a good faith effort to comply when it's reasonable for you to do so. And lastly, since time allows, I'm going to give you a few more security Best practice nuggets. Consider Don't plugging in flash drives avoid unsecured or public wi fi. Use a VPN, which is a virtual private network when accessing or transmitting client information. Do not open unexpected attachments. Apply antivirus or anti malware defense to devices before connecting them to a network. Use firewalls and secure router settings. Prevent unknown devices from connecting to the wi fi or network. Implement password management policies. Update your computer antivirus software daily. Educate and train staff on email, social media, web, surfing, apps, etc.. And as mentioned, include multiple layers, updated versions and continuing seek of data. You could also encrypt emails, electronic records, documents, etc. supply or require staff to use secure encrypted devices and software. You could save data permanently only on an office network and not on personal devices. Could use a reputable vendor for cloud services. Use websites that have enhanced security features only. Set up a daily backup of your data using a rotating set of multiple devices that are beyond any cloud based backups and test them every week. Generally update software constantly. Consider using two factor authentication for logging into devices. And consider device a built in protection features such as access and recovery features, and lastly have advanced protection and recovery for lost and stolen devices. So that's a survey of the rules and best practices to help you meet your affirmative duty of protecting client attorney privilege in home in a working start. And with that, we have a survey of the rules and best practices to help you meet your duty of protecting attorney client privilege, privilege and your work from home environment. Thank you for joining us. My name's Matthew Blaisdell, and please consider additional Quimbee courses on this topic. And if there's anything else related that we could cover for you, please do let us know. Thank you.
Read full transcriptSee less