The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1136335
P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | S U M M E R 2 0 1 9 23 Ethics What ties everything together in a bow is ethics. Ethical obligations are handled at the personal level. As previously stated, until something is personal, we'll never change. Let's look at some of the American Bar Association (ABA) changes in language for ethical obligations to illustrate how personal it has become. In response to the tremendous changes we've seen in technolo and connectivity options, comment 8 was added to ABA Model Rule 1.1 - Duty of Competence that states, "To maintain 'requisite knowledge and skill,' a lawyer must keep abreast of changes in the law and its practice, including the benefits AND RISKS associated with relevant technolo." The benefits of today's technologies are easy to see, but lawyers and law firm personnel now have an ethical obligation to be aware of the potential risks of these technologies. The ABA goes further to note that this does not mean a lawyer has to be a technolo expert (that's comforting). But it does state that if the lawyer is not an expert, it is their ethical obligation to ask someone who is. In short, if you don't know the proper, secure technolo to use in a specific situation, you have an ethical obligation to ask someone who does. This is changing conversations in law firms. You should no longer make a decision based on which technolo solution you like the best. It needs to be a decision based on which technolo solution is the ethically correct one to use. When communicated correctly as part of an employee awareness initiative around security and data privacy, this change is driving lawyers and law firm personnel to forego using risky options like consumer-grade hosted platforms for data-sharing and using the firm-sanctioned solution instead. Let's not stop there. ABA Model Rule 1.6 - Duty of Confidentiality has modified language as well. According to the added language in comment 16, lawyers and law firm personnel now need to apply a 3 systems, strong policies and knowledgeable people — are steadily being addressed. The changes driven by security aren't slowing down. MFA will eventually make its way all the way inside the organization (and not just for remote access). Tighter integration of existing law firm technologies with vetted and secured hosted solutions will bring about better and safer options for sharing and collaborating with clients. A stronger emphasis on encrypting data (including data at rest) will be demanded by clients, and the intensity of client audits will continue to drive change in law firms. Data Privacy While security is forcing law firm personnel to safeguard the information they have been entrusted with, data privacy is forcing law firms to change how they store, share, transmit and interact with data due to new heightened levels of protection under the law. GDPR (General Data Protection Regulation) in the UK set the bar, and others are fast on its heels. States throughout the US are drafting their own versions of data privacy rules that must be followed to avoid penalties associated with mishandling an individual's personal data. Essentially, if you have collected a piece of data that can identify a natural person, it is considered personal data, and it must be protected. This entire area is emerging in its implications for law firms and has law firm decision makers' attention. To comply with the new regulations and standards, law firms must put in place policies, processes, procedures and solutions that conform to the new data privacy standards. This is an opportunity for law firms to align their security and data privacy standards. Expect to see practice areas develop around this topic. Expect technolo solutions to be introduced to comply with the new rules. Expect an urgency among law firm decision makers to get these solutions in place. Data privacy may overshadow security in the headlines this year. Keep an eye on this. 2 "reasonable standard" to safeguard the confidentiality of a client's data. They even introduced a five-factor reasonability test to help determine if you are taking the proper safeguards to protect the data. This extends to all the technologies used and to every place in which we use them, including public WiFi, traveling internationally and at the US border, where US Customs and Border Protection (CBP) has broad search exceptions to search and seize even without probable cause or a search warrant. Over the last two years, the ABA has issued two additional formal opinions that have law firms' attention. Formal Opinion 477R came out in 2017 and explains a lawyer's ethical obligation to secure confidential client data when communicating over the internet. And Formal Opinion 483, released in 2018, reaffirms the duty that lawyers have to notify clients of a data breach and details reasonable steps lawyers need to take in these instances to meet obligations set forth by ABA model rules. The language used in the opinions states that the standards are "emerging," so expect more definition as to what lawyers and law firm personnel are expected to do to protect data. These guidelines are shifting mindsets from what's convenient to what's right. Why This Matters To quote an old commercial, "This is not your father's Oldsmobile." Big changes are happening in law firms, and with change comes opportunity. Security is changing the way we protect what matters; data privacy is changing the way we handle what is protected by law; and ethics remind us why we do these things. ILTA