Lawyers are required to demonstrate competence with technology. The Massachusetts BBO recently published guidance, and we have more resources to help you to use tech right and stay ethically compliant.
The Massachusetts SJC created new ethical obligations for lawyers on July 1, 2015 in its amendments to Rules 1.1 and 1.6, bringing relevant parts current with ABA Model Rules of Professional Conduct as amended in 2012.
Recently, the Massachusetts BBO published further guidance in From Technophobe to Technolawyer: A Lawyer’s Duties Related to Technology Competence and Prevention of Inadvertent Disclosure, written by Heather L. LaVigne, Assistant Bar Counsel.
The COMPETENCE Rule: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, and engage in continuing study and education.” Mass Rule of Professional Conduct 1.1, Comment 8.
At minimum, competent representation requires lawyers to take care to learn and understand the tech you use, with particular regard to Rule 1.6 Confidentiality, Rule 1.15 Safekeeping Trust Property, and Rules 5.1 and 5.3 Supervisory obligations.
Further requirements are discussed in the It-Depends tradition, beginning with a few broad applications. We generally prefer clear answers, but you’re a lawyer and you actually need to understand the requirements. While there’s no shortcut or checklist for compliance, the BBO’s article highlights a few examples. Lawyers who own personal information per Massachusetts Data Privacy Act need a Written Information Security Program (WISP) in place. Litigators need to understand eDiscovery. The “Duty to Google”, if you will, is relevant almost always. And finally, lawyers will always be targets for scams and you need to be prepared.
The CONFIDENTIALITY Rule: “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, confidential information relating to the representation of a client.” Mass Rule of Professional Conduct 1.6(c).
Reasonable precaution requirements are discussed further in Rule 1.6(c), Comments 18 and 19. First, you’re required to take reasonable precautions to protect confidential data from unauthorized third-party access. Then, you’re required to take reasonable precautions when transmitting confidential data and also to assess whether circumstances warrant special precautions.
Read the BBO’s article for their full discussion on technology competence, including factors considered in determining reasonableness. ABA Formal Opinion 477 discusses Securing Communication of Protected Client Information. You can find further discussions in MBA Ethics Opinion 12-03 and MBA Ethics Opinion 00-1.