How often have you heard the lament, "I went to law school to practice law, not to..."? The "not to" might refer to practice management, or to technology, or to a variety of other topics that lawyers either don't want to or don't think they should know about.
As a result of changes that went into effect Nov. 21, the Rules of Professional Conduct now require lawyers to recognize and understand the ethical issues that arise in a variety of subjects, including technology. In particular, the comment to Rule 1.1 ("Competence") states that "to maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology."
In addition, Rule 1.6 ("Confidentiality of Information") has been amended to include Paragraph (d), which states that "a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client."
Both of these amendments are technology-focused and make it clear that lawyers can no longer claim that technological ignorance is acceptable. While the comment to Rule 1.1 seems self-explanatory, it really is not. First, what technology is the rule referring to? Although the framers of the new rule do not specify what technology the rule addresses, there is only one logical conclusion: The new comment requires lawyers to be aware of and consider the risks and benefits of any technology that is relevant to their practices and their clients.
Thus, a trial lawyer who goes to trial without using any software may well be failing to practice using the requisite standard of care. Similarly, an attorney who does not consider whether a Word document provided by opposing counsel has relevant metadata may have failed to represent his or her client fully. Or, an attorney who does not warn his or her client about social media and the impact it could have on the client's matter is almost certainly failing to adequately represent a client. There are many more examples.
The Report of the ABA Commission on Ethics and Professional Responsibility offered three scenarios under new Rule 1.6(d):
When an email is sent to the wrong person;
When information is accessed without authority, such as when a third party hacks into a law firm's network or a lawyer's email account; and
When employees or other personnel release confidential information without authority, such as when an employee posts confidential information on the Internet.
Plus, with the advent of cloud computing (when data is stored offsite through a vendor or service such as Dropbox), lawyers must assure that such data is secure. That is why the commentators noted that lawyers have an ethical obligation to take reasonable efforts to prevent these types of disclosures by using reasonably available administrative, technical and physical safeguards. It is also why the commission noted that "technology is changing too rapidly to offer [more specific] guidance and that the particular measures lawyers should use will necessarily change as technology evolves and as new risks emerge and new security procedures become available."