Introduction
Today’s tech tools, including mobile devices, cloud computing and social media, represent the new era of legal service. With those tools, among others, lawyers are able to better serve clients through increased efficiency, visibility and responsiveness.
But technology has also introduced new risks to legal practice. Law firms, like Sony, Target, and Home Depot, are increasingly at risk for data breaches that target client confidences. After all, case management and litigation databases maintained by law firms serve as repositories for confidential information, including social security numbers, bank account numbers, and credit card information. Additionally, client information is routinely transmitted from those repositories to mobile devices through email and cloud computing applications.
To mitigate those concerns, lawyers must constantly monitor and assess how they obtain, manage and store confidential information from clients and utilize technology in their legal practice. This is not simply a matter of prudent practice; it is now required under the Minnesota Rules of Professional Conduct.
On April 1, 2015, the Minnesota Rules of Professional Conduct were amended to reflect the increasing influence of technology on legal practice. The impetus for the amendments to the M.R.P.C. was the ABA’s amendment to the Model Rules of Professional Conduct based on the work of the ABA Ethics 20/20 Commission. That Commission analyzed how technology has changed legal services and proposed various amendments to the Model Rules to address those changes. The ABA’s Model Rules were fully adopted in February 2013 and Minnesota recently followed suit by adopting amendments to its Rules of Professional Conduct governing the use of technology in legal practice.
Key Amendments to the Minnesota Rules of Professional Conduct
The recent amendments to the Minnesota Rules of Professional Conduct affected a number of the Rules. This article summarizes key amendments to the Minnesota Rules of Professional Conduct, which were implemented to govern the use of technology in legal services, and identifies how those amendments should be implemented in legal practice.
1. Competence – M.R.P.C. 1.1, Comment [8]
“To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.”
M.R.P.C. 1.1, Comment [8]
Although M.R.P.C. 1.1 (which governs a lawyer’s competence) was not changed, Comment [8] to M.R.P.C. 1.1 was amended to reflect the growth of legal technology. Comment [8] of M.R.P.C. 1.1 now imposes an obligation upon lawyers to stay abreast of the benefits and risks associated with legal technology and render that obligation commensurate with a lawyer’s obligation to engage in continuing study. That duty, therefore, is significant. Lawyers must evaluate the technology they implement within their practices and critically analyze the benefits and risks associated with that technology to satisfy their obligation to act competently.
2. Communication – M.R.P.C. 1.0 and 1.4, Comment [4]
“Writing” or “written” denotes a tangible or electronic record of a communication or representation, including handwriting, typewriting, printing, photostating, photography, audio or videorecording, and electronic communications. A “signed” writing includes an electronic sound, symbol or process attached to or logically associated with a writing and executed or adopted by a person with the intent to sign the writing.
M.R.P.C. 1.0.
“A lawyer’s regular communication with clients will minimize the occasions on which a client will need to request information concerning the representation. When a client makes a reasonable request for information, however, paragraph (a)(4) requires prompt compliance with the request, or if a prompt response is not feasible, that the lawyer, or a member of the lawyer’s staff, acknowledge receipt of the request and advise the client when a response may be expected. A lawyer should promptly respond to or acknowledge client communications.”
M.R.P.C. 1.4, Comment [4]
The amendments to M.R.P.C. 1.0 and M.R.C.P. 1.4, Comment [4] (which concern a lawyer’s communication) also reflect the increasing role of technology in legal communications. A writing, as now defined in the Rules of Professional Conduct, includes electronic communications, such as emails and text messages. That amendment, when read in conjunction with M.R.P.C. 1.4, mandate that lawyers shall promptly respond to client communications, including emails and text messages, to satisfy their professional obligations under the M.R.P.C.
3. Confidentiality – M.R.P.C. 1.6(c), 1.6(c), Comment [17]
“A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”
M.R.P.C. 1.6(c)
“The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules.”
M.R.P.C. 1.6(c), Comment [17]
The amendments to Rule 1.6(c) are perhaps the most significant amendments to the Minnesota Rules of Professional Conduct. Rule 1.6(c) now requires lawyers to take reasonable efforts to avoid an inadvertent or unauthorized disclosure of client information. It is not known what efforts are considered reasonable and the amended Rules do not provide clarification. It may be that the term “reasonable efforts” will be analyzed in a manner akin to the standard of care in legal malpractice cases, which require lawyers to use the same degree of skill and learning as a practitioner that is in good standing, in a similar practice, and in similar circumstances. But “reasonable efforts” may also be analyzed differently. As a result, lawyers should preemptively evaluate the risk created by their use of legal technology according to two factors: (1) likelihood of risk and (2) impact of risk.
In analyzing those factors, law firms are particularly susceptible to inadvertent or unauthorized disclosures for three reasons: (1) law firms maintain large volumes of confidential client information that can include financial account information, confidential personal identifiers, such as social security numbers, and other client financial and personal information; (2) law firms may not have implemented sufficiently-robust systems to prevent the inadvertent and/or unauthorized disclosure of client information; and (3) the mobile technology used by lawyers has diversified the platforms on which client information is stored and may increase the probability that an inadvertent or unauthorized disclosure will occur. As a result, law firms must remain vigilant about the type and manner of technology used in their practice, and should constantly monitor and assess the use of that technology.
4. Responsibility for Nonlawyers – M.R.P.C. Rule 5.3, Comment [3]
“A lawyer may use nonlawyers outside the firm to assist the lawyer in rendering legal services to the client. Examples include the retention of an investigative or paraprofessional service, hiring a document management company to create and maintain a database for complex litigation, sending client documents to a third party for printing or scanning, and using an internet-based service to store client information. When using such services outside the firm, a lawyer must make reasonable efforts to ensure that the services are provided in a manner that is compatible with the lawyer’s professional obligations. The extent of this obligation will depend upon the circumstances, including the education, experience and reputation of the nonlawyer; the nature of the services involved; the terms of any arrangements concerning the protection of client information; and the legal and ethical environments of the jurisdictions in which the services will be performed, particularly with regard to confidentiality.(Internal references omitted). When retaining or directing a nonlawyer outside the firm, a lawyer should communicate directions appropriate under the circumstances to give reasonable assurance that the nonlawyer’s conduct is compatible with the professional obligations of the lawyer.”
M.R.C.P. 5.3, Comment [3]
Given the proliferation of e-discovery, lawyers have increasingly relied on technically-savvy, nonlawyer assistants to manage electronic litigation and case databases. Those assistants frequently review and organize electronic documents within a litigation database, transmit electronic documents to opposing parties or third-parties, or utilize digital platforms to obtain, transmit or review client information, such as cloud-computing or cloud-storage systems.
The amendments to Comment 3 of M.R.P.C. 5.3 make clear that when a lawyer utilizes a nonlawyer assistant for such services, the lawyer must make reasonable efforts to ensure the services provided by the nonlawyer assistant comply with a lawyer’s professional obligations. This requires a lawyer to (1) evaluate the processes and technology utilized by the nonlawyer assistant; (2) direct the nonlawyer assistant to act in a manner commensurate with the lawyer’s professional obligations; and (3) monitor the nonlawyer’s conduct to ensure the lawyer’s commitments to competence and confidentiality are upheld.
Effect of Amended Rules on Legal Practice
Although the amendments to the Minnesota Rules of Professional Conduct are intended to address the ways that technology has been incorporated into legal practice, the amendments do not impose new obligations on lawyers. Lawyers remain bound by the duties of competence, communication, and confidentiality that have traditionally governed legal practice.
Instead, the Amended Rules require lawyers to assess their legal services with a new, hi-tech lens focused on electronic communications, data privacy, and IT security. This requires lawyers to evaluate the benefits and risks of legal technology and take reasonable precautions to preserve client confidences and fulfill professional obligations when utilizing legal technology. Doing so will allow lawyers to optimize the risks of modern technology while simultaneously fulfilling their professional duties.
*This article is neither intended to identify nor explain all changes to the Rules of Professional Conduct. Nor should this article be relied upon as legal advice.
Keith Broady represents individuals and businesses in a wide variety of litigation and transactional matters. His litigation practice includes professional liability defense, real estate disputes, construction disputes, title insurance, insurance coverage and real estate agents liability. His litigation cases have also involved shareholder disputes, corporate alter ego and successor liability, environmental and mold claims, creditor’s claims and fraudulent transfers, burglary and fire losses, contract and agency claims, and probate and trust disputes. His transactional practice includes mergers and acquisitions, real estate sales and leasing, and estate planning. He also serves as a mediator and arbitrator. Keith has repeatedly been named to the Minnesota Super Lawyers list and is AV rated by Martindale-Hubbell.
Bryan Feldhaus is a shareholder at Lommen Abdo. He represents clients in a wide variety of civil litigation, including business litigation, professional liability disputes, insurance coverage litigation, intellectual property litigation and appeals. Mr. Feldhaus recently obtained his LL.M. degree in Corporate Compliance and Organizational Ethics from the University of St. Thomas School of Law and represents clients in compliance, regulatory and ethics matters. This includes litigating compliance-related disputes on behalf of businesses, representing companies in regulatory proceedings, including government investigations and enforcement actions, and advising businesses about the assessment and mitigation of compliance, regulatory and ethical risk. He was honored as Up & Coming Attorneys in 2011 and has also been listed as a Rising Star since 2011 by Minnesota Super Lawyers.