The American Bar Association (ABA) Offers Access to “Cybersecurity” Insurance

This addition comes after the increasing number of firms that have fallen victim to hackers. The purchase and retention of cybersecurity insurance would assist lawyers in following 2012 changes to Model Rule 1.1 Competence found in the Rule’s comments.

The ABA amended comment 8 to Model Rule 1.1 to state, “lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology (emphasis added).”

Since 2012, approximately 38 states have made similar changes to their rules. Nonetheless, even without an official rule change, there is a growing national consensus that lawyers must understand benefits and risks associated with technology in order to remain competent.

The new cybersecurity insurance offered by the ABA covers expenses needed to deal with network extortion, income loss, and forensics associated with cyber breach; liability protection if a third party is affected; defense costs; and expenses for fines and/or penalties. The ABA also announced that firms can add services to prevent network incidents and mitigate damage via identifying risks and providing fraud consultation, credit monitoring, and identity restoration services.

Read the full article, click here.

Illinois: Attorneys & Clients in the Cloud

Recently, the Illinois State Bar Association (ISBA) issued a Professional Conduct Advisory Opinion stating that lawyers may use cloud-based services to store client information.

However, the ISBA warned that the use of cloud-based services raises ethical implications of “…competence, confidentiality and the proper supervision of non-lawyers.”

The ISBA quoted Nevada Formal Opinion 33 (2006), which analogized the duty to protect client information on a cloud-based service to the duty to protect client information on a physical server. The Nevada Opinion concluded, “[t]he question in either case is whether the attorney acted reasonabl[y] and competently to protect the confidential information.”

To help lawyers select a cloud-based service provider, the ISBA outlined 7 non-exhaustive practices lawyers could engage in (summarized):

  1. Reviewing industry standards and appropriate safeguards;
  2. Investigating whether the provider has implemented reasonable security precautions;
  3. Investigating the provider’s reputation and history;
  4. Inquiring as to whether the provider has experienced any breaches of security;
  5. Requiring an agreement;
  6. Requiring that all data is appropriately backed up;
  7. Requiring provisions for the reasonable retrieval of information.

Further, the ISBA warned that the duties implicated by using cloud-based services do not end with choosing a reputable provider. This is in part due to the fact that the Illinois Supreme Court recently amend Comment 8 to Rule 1.1 of the Illinois Rules of Professional Conduct. The Comment now reflects Comment 8 to Rule 1.1 of the Model Rules of Professional Conduct and says “…lawyers must keep abreast of changes in law and its practice, including the benefits and risks associated with relevant technology…” (Emphasis added).

This led the ISBA to echo Arizona Ethics Op. 09-04 (2009) and Washington State Bar Association Advisory Op. 2215 (2012) (among others) and conclude that lawyers using cloud-based services must, “…conduct periodic reviews and regularly monitor existing practices to determine if the client information is adequately secured and protected.”

Read the full opinion here.

Virginia: Conflict of Interest & Importance of Public Confidence Precludes Law Firm From Lobbying General Assembly

The Virginia State Bar recently opined that lawyer-legislator status creates a conflict of interest such that not only is the lawyer precluded from lobbying the legislative body of which he is a member, but so too are all the other members of the consulting firm of which he is a member and law firm that owns the consulting firm. The opinion involves a query concerning the repercussions for a law firm that owns a consulting firm. The Virginia State Bar concluded that the conflict of interest created by the lawyer-legislator in the consulting firm implicates the lawyers in the law firm as well. Opinion 1884 states:

“Lawyers in the law firm that own the consulting firm also may not represent clients before the public body. This prohibition does not depend on whether the member of the public body complies with the applicable Conflict of Interests Act; his colleagues are forbidden by Rule 8.4 from appearing before his public body even if he recuses himself as required by statute.”

The opinion emphasizes that “[l]awyers are held to a higher standard of conduct than mere compliance with legal requirements, and may not act in a way that ‘diminishes public confidence in and respect for the integrity of the legal profession, as well as the administration of government.’ LEO 1718. Accordingly, Rule 8.4(d) prohibits the lawyer/lobbyist from representing a client before the public body on which his lawyer/colleague sits, regardless of whether that colleague participates in the matter.”

The Virginia State Bar relied upon its previous opinion that held that law firms that employ legislators cannot lobby before the State Assembly. In Opinion 1718, the State Bar wrote: “The sense of the committee is that public confidence in the legal profession is not inspired, nor is an appearance of impropriety avoided, if a law firm represents clients before a governing body on which one of its lawyers is a member even if he/she abstains from participation and voting.”

As a matter of fact, the State Bar wrote, “The Committee concludes that there is no reason to distinguish between lawyers associated in a law firm and lawyers associated in a lobbying/consulting firm, as the public confidence concerns depend on the fact that the General Assembly member and the lobbyist are associated in the same firm, not on the nature of that firm’s business. See Rule 1.11(a) and 8.4(d).”

The opinion notes that the Virginia Rules of Professional Conduct do not apply to non-lawyers. However, the opinion referenced Rule 5.3 and warned that a lawyer supervising a non-lawyer could still be responsible for ensuring that the non-lawyer is complying with that lawyer’s ethical duties. Referencing Rule 8.4(a), the opinion also reminded lawyers that even if a lawyer does not have authority over non-lawyers, that lawyer is not allowed to circumvent the rules simply because that lawyer did not personally engage in the conduct.

Read the full opinion here.

New York: No Obligation for a Lawyer to Report a Judicial Misconduct

The New York State Bar Association’s (NYSBA) Committee on Professional Ethics recently opined that lawyers do not have a duty under the Rules of Professional Conduct (“RPC”)to report judicial misconduct; however, a lawyer may report a  judge for a violation of the Rules of Judicial Conduct (“RJC”). The opinion also cautions lawyers to be mindful of their duty of client confidentiality and to obtain client consent if necessary.

In reaching its conclusion the NYSBA Committee reviewed not only the currently reporting rule, but also the legislative history pertaining to the enactment of New York’s current Code of Professional Conduct.

RPC 8.3 discusses both a New York lawyer’s duty to report and to cooperate. RPC 8.3 reads:

“(a) A lawyer who knows that another lawyer has committed a violation of the Rules of Professional Conduct that raises a substantial question as to that lawyer’s honesty, trustworthiness or fitness as a lawyer shall report such knowledge to a tribunal or other authority empowered to investigate or act upon such violation.

(b) A lawyer who possesses knowledge or evidence concerning another lawyer or a judge shall not fail to respond to a lawful demand for information from a tribunal or other authority empowered to investigate or act upon such conduct.”

Notably, RPC 8.3(a) dictates a New York lawyer’s duty to report, while RPC 8.3(b) dictates a New York lawyer’s duty to cooperate. Importantly, RPC 8.3(a) does not include judges while RPC 8.3(b) does encompass judicial conduct.

The NYSBA’s Committee of Professional Ethics juxtaposed RPC 8.3 with its predecessor (Disciplinary Rule 1-103 of the former New York Code of Professional Conduct) and proposed amendments to RPC 8.3 that included the duty to report violations of the RJC. The Committee concluded that despite other states’ reporting requirements that include judges, the Committee would be overreaching if it mandated such a duty. The committee’s conclusion is based on the fact that the proposal to include judicial misconduct in the reporting requirements of RPC 8.3 was ultimately rejected by the courts upon adoption of the rules

Read the Opinion here.