Whether lawyers like it or not, advances in technology are drastically changing the legal profession. For example, Katherine Wentworth-Ping, a 2L at Fordham University School of Law, recently explored the legal implications of wearable technology on the infamous O.J. Simpson trial. However, the implications of technology for the legal profession extend far beyond e-discovery and the courtroom; they extend to the heart of the attorney-client relationship.
In addition to common-law and statutorily defined requirements, lawyers must adhere to ethical duties of professional responsibility. The American Bar Association (“ABA”) has defined these duties in Model Rule 1.1 (general duty of competence) and Model Rule 1.6 (duty of confidentiality). These require that a lawyer provide competent representation to a client, which can include not revealing any client information unless given informed consent.
To address the changing legal ethics of practicing law in a technologically dependent world, the ABA now requires that lawyers: (1) keep abreast of changes in law practice technology, and (2) make reasonable efforts to prevent unauthorized, third-party access, to confidential client information (including information stored on the cloud). Whether an attorney acted reasonably depends on the sensitivity of the information, the difficulty of implementing additional safeguards, and the extent to which the safeguards impair the lawyer’s ability to serve their clients.
But do these ABA standards of professional responsibility go far enough to ensure protection of confidential client documents stored on the cloud? A judicial opinion in Arizona goes a step further, and requires that when implementing safeguards to protect electronically stored client information, “[l]awyers should be aware of limitations in their competence regarding online security measures and take appropriate actions to ensure that a competent review of the proposed security measures is conducted”. In addition to the ABA rule that lawyers keep abreast of changes in law practice technology, they should also be required to be aware of their limitations and seek help when necessary to properly protect client information stored on the cloud.
To read more about my background and interest in the legal privacy implications of technology, visit the about me and my blog page.