The ABA Standing Committee on Ethics and Professional Responsibility recently issued Formal Opinion 498 (Opinion), entitled Virtual Practice, to provide guidance and best practices for lawyers working remotely. This Article examines both the ABA Model Rules and Texas Disciplinary Rules of Professional Conduct commonly implicated in virtual practice, as well as the guidance set forth in the Opinion.  

The Commonly Implicated Model Rules 

In this Opinion, the ABA focused on the key areas of competence, diligence, communication, confidentiality and supervision in the context of virtual practice. It is important to note that this Opinion did not discuss every ethical duty implicated, including the unauthorized interstate practice of law under ABA Model Rule 5.5 and Texas Rule 5.05

Duties of Competence, Diligence and and Communication 

Lawyers must adhere to the ethical duties of competence, diligence and communication with their clients under ABA Model rules 1.1, 1.3 and 1.4, respectively. Under Comment 8 to ABA Model Rule 1.1 and Comment 8 to Texas Rule 1.01, the duty of competence includes the competent use of technology. Pursuant to Comment 1 to ABA Model Rule 1.3 and Comment 6 to Texas Rule 1.01, lawyers must act with diligence and promptness “despite opposition, obstruction or personal inconvenience to the lawyer.” And under ABA Model Rule 1.4 and Texas Rule 1.03, lawyers must “reasonably consult” with clients and keep them updated about their cases. Lawyers should have plans in place to make sure these rules will be met when practicing virtually.

Duty of Confidentiality 

Lawyers also have a duty of confidentiality to all clients. Improper use of technology can run the risk of violating this duty. Under ABA Model Rule 1.6, lawyers are required “to make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. Texas Rule 1.05 has not been amended to adopt the “reasonable efforts” standard for determining whether a lawyer has improperly disclosed confidential information, but as discussed in a prior TLIE article, a negligence standard of care could possibly require reasonable efforts to protect client information in a legal malpractice cause of action. 

Duty to Supervise

Supervising lawyers have a duty under ABA Model Rules 5.1 and 5.3, as well as Texas Rules 5.01 and 5.03, to ensure that lawyers and nonlawyers they supervise operate within the ethical rules. Vendors who work with client confidential information, as well as staff within firms, must be instructed regarding confidentiality. 

Virtual Practice Technologies and Considerations 

Lawyers practicing virtually need to determine whether their technology, work environment, and other assistance are consistent with their ethical duties. While the guidance below provides clarity and best practices on fulfilling the ethical duties enumerated above, such guidance does not provide lawyers with a safe harbor for avoiding ethical or malpractice claims. 

  1. Carefully Review Terms of Service to Assess Whether Confidentiality is Protected. Lawyers should carefully review and understand the terms of service applicable to hardware devices, software systems, virtual meeting platforms, videoconferencing and other devices/services used in the lawyer’s virtual practice as such terms may run afoul of a lawyer’s duty of confidentiality. Examples include terms of service that permit collection, tracking and use of information, that purport to own the information, and/or reserve the right to sell/transfer the information to third parties.
  2. Protect Confidential Information from Unauthorized Access. To this end, lawyers should exercise diligence in installing security-related updates, use strong passwords, antivirus software, and encryption. When using Wi-FI, lawyers should confirm that the routers are secure and consider the use of virtual private networks (VPN). Because threats to data security are constantly evolving, lawyers should periodically reassess whether the existing systems are sufficient to protect confidential information.
  3. Ensure Reliable Access to Client Files and Data. Lawyers must have reliable access to client contact information and records. Lawyers using a cloud-based storage system or software–explicitly permitted under Texas Opinion 680–must select a reputable cloud service, ensure data is regularly backed up and access to such data is readily available in event of data loss. The Legal Cloud Computing Association provides guidance for lawyers considering the use of a cloud service. Lawyers should also have a data breach policy and a communication plan in place. An in-depth discussion of data breach risks and considerations, including cyber liability coverage, can be found here
  4. Exercise Diligence when Using Virtual Meeting Platforms and Videoconferencing. Lawyers should ensure that access may only be granted through strong passwords, and explore whether the platform offers higher tiers of security than the free/consumer iteration. Client-related meetings/information should not be overheard or seen by third parties not assisting with the representation.
  5. Assess Virtual Document and Data Exchange Platforms. The lawyers’ virtual document and data exchange platforms should ensure that documents and data are being appropriately archived for later retrieval and that the service/platform is and remains secure. As email communications are coming under increasing scrutiny, it is not always reasonable to rely on unencrypted email. Texas issued Opinion 648, identifies several instances where encryption (or another security method) may be appropriate.
  6. Disable the Listening Capability of Smart Devices. Lawyers should disable the listening capability of devices such as smart speakers, virtual assistants and other listening-enabled devices unless the technology is assisting their law practice. Failing to do so increases potential exposure of client’s information to unauthorized third parties, and increases the risk of hacking.
  7. Train Lawyers and Nonlawyer Assistants in Information Security. Implementing policies and procedures on maintaining confidentiality is essential. Of particular importance here is implementing bring-your-own-device (BYOD), “clean desk” and “clean screen” policies.
  8. Exercise Due Diligence with Vendors Providing IT and Other Assistance. Lawyers often seek assistance from information technology professionals, outside support staff and vendors. It’s the lawyer’s responsibility to ensure that all service providers comply with the lawyer’s ethical obligations. Lawyers should consider use of a confidentiality agreement if appropriate, and ensure all client-related information is secure, indexed and readily accessible. 

Opinion 498 is significant for Texas lawyers because it provides guidance as to what may be required to avoid violating ethical rules when practicing virtually. Additionally, ethics rules and opinions are frequently the basis for expert testimony as to the lawyer’s duties to clients. 

TLIE is here to help. We now offer cyber liability coverage designed to work with your TLIE legal malpractice policy, providing $50,000 per claim in first party cyber security protection. For additional guidance on how to become technologically competent, checkout our CLE course here

Editor: Jett Hanna