It is hurricane season, and no crystal ball can predict when a hurricane will next strike the Texas coast. It is certain that one will hit someday. Hurricane Rita last year kept a number of lawyers in the Beaumont area out of the practice of law for awhile. A few years ago a number of law firms lost records in the tornado that ripped through downtown Ft. Worth. Any law firm can be ravaged by a fire, as one Austin law firm was a few years ago. A computer with valuable client information could be stolen from any law office. A computer virus could destroy valuable client information, or send it to persons with nefarious intentions. It is a good time to prepare for disaster and decide how to avoid potential claims of malpractice for failing to protect client records appropriately, or for inability to produce documents and evidence.
There have been no malpractice claims we are aware of directly related to the situations noted above, though we have had insureds seek our help in such situations. For a legal malpractice claim to be viable, there must be a violation of the standard of care. While many disasters are unforeseeable, it isn’t difficult to imagine someone claiming that methods of record storage or security were not up to the standard of care for law firms. If you were to leave a valuable piece of evidence your client brought you outdoors, and it rained or someone stole it, most would agree you were negligent. What a court will decide the line is between an act of God and negligence, we don’t know. While there may be legal defenses to most claims after disasters, the desire to protect client property and records should be a consideration for every lawyer.
Obligations of a Law Firm
Every lawyer has a duty to protect client and third party property in their care from destruction. Rule 1.14 states that “client property shall be identified as such and safeguarded.” Comment 1 to that rule indicates that “(a) lawyer shall hold property of others with the care required of a professional fiduciary.” The only type of property, other than funds, specifically mentioned is securities. The Comment indicates that securities should be stored in a safe deposit box.
Client files may be considered client property. While there is no Texas opinion directly on point, one federal opinion indicates that files belong to the client. See Resolution Trust Corporation v. H ___, P.C., 128 F.R.D. 647 (N.D. Tex. 1989). See also Texas Ethics Opinion 570. The way language is used in referring to files also indicates that the client files are property belonging to the client. The word “lien” in attorney’s lien suggests that the lawyer does not own the client file.
The point of this discussion is to make clear that the lawyer has an obligation to protect property of others under the disciplinary rules. Whether files belong to the client or the lawyer may not be clear, but prudence would err on the side of caution and assume that the files are property of the client.
Disaster Recovery Planning
The first step in disaster planning is to determine the potential risks. Some vary by area, but many could happen anywhere. For example, El Paso lawyers may not have to anticipate hurricanes, but fire, water damage and theft can happen anywhere. Once risks are identified, plans can be made both to prevent and manage disaster.
Identification of the most critical items for continuation of your practice is critical. The building where you work might be destroyed. Determine how you would locate a new office. In many firms, critical system is the computer system. Adequate offsite back ups of the computer system are needed.
Insurance should be an important part of the planning. Many lawyers are not aware coverages that can be obtained which pay for preservation or reconstruction of documents. Computer protection policies have recently been initiated that may pay for recovery from a virus or hacking.
Key elements of a disaster recovery plan
A recent article by Roland Johnson and Harold Gould, both of whom saw the aftermath of the tornado in Ft. Worth first hand, have compiled a good list of items that should go into a plan. The areas to be addressed include the following.
Employee Safety. No consideration should be higher than protecting your personnel. Understand that part of a disaster is the emotional reaction to it, as well as the physical harm done. The plan should identify what agencies could provide temporary personnel if needed.
Facilities. Advance planning for determining where a law firm could relocate facilities of all types is important. At least one large Florida law firm established a reciprocal agreement with an out of state firm to serve as an offsite backup for each other.
Preservation of Files, Records and Letterhead. In the wake of Hurricane Katrina, many lawyers had records that were soaked. Property insurance may cover reconstruction of records. A good plan should identify potential document preservation specialists in advance.
Preservation of Systems and Equipment. Having a computer back up doesn’t do you much good without a compatible computer on which your system can be restored. Make sure of equipment requirements for your software, and identify resources for relocating your computer operations.
Coordination with Insurance. After a disaster, you may want copies of insurance policies and phone numbers for your insurers. Find out what your insurer’s reputation is in dealing with disaster recovery.
Client Communications. If you are in a disaster recovery mode, don’t try to hide the emergency from your clients. They deserve to know what effect the disaster has had on your ability to represent them.
Damage assessment. Prepare to conduct a damage assessment after the disaster. Triage as to what is most important to salvage may be necessary. Ranking what is most critical in advance is better than doing so under the strain of a disaster.
Making the plan work.
A disaster recovery plan of which no one is aware or that is not tested is useless. All employees should be educated on the plans for emergencies. In a firm of sufficient size, employees should be given a phone number to call for information in the event of disruption of the firm’s phones. Make certain that multiple copies of the plan are stored offsite.
Reviewing the plan is critical. There is often a tendency to write a plan and go on without revisiting it on a scheduled basis. The experience of others in disasters may suggest changes to be made. Changes in law, insurance coverage or technologies could be the Achilles’ heal in a plan. An annual review is suggested as the minimum time between reviews of the plan.
Testing the plan is sometimes difficult, but should be done when possible. Drills may be appropriate for some aspects of your plan. In computer recovery situations, it is not uncommon to learn of the deficiencies in your back ups only after you really need them. Plan a “fire drill” which takes the computer system and replicates it on other computers.
We have not tried to give you a comprehensive disaster recovery plan, but rather to stimulate thinking about disaster preparation. Attention to disaster recovery may save a lot of time and money in the long run.