Up in the ‘Clouds’: Illinois Finds Duty of Competence Applies to Selection of Provider

This fall, the Illinois State Bar Association Committee on Professional Ethics reached two conclusions regarding use of cloud-based services. In Opin. 16-06, the Committee opined that:

(1) a lawyer may use cloud-based services to store confidential client information, so long as the attorney uses reasonable care to make sure that client confidentiality and client information is protected; and

(2) a lawyer is responsible for complying with her duties of competence in selecting a cloud-based services provider, assessing cloud-based services practices, and monitoring compliance with the lawyer’s professional obligations.

 This opinion expands Illinois’s prior opinion where a lawyer may work with a private vendor to monitor the law firm’s computer server, so long as the lawyer takes reasonable steps to ensure the vendor protects client’s confidential information. See, ISBA Op. 10-01 (2009).

Rule 1.1 Competence provides that lawyers must provide competent representation to their clients. Illinois recently amended this rule to include that lawyers who use cloud-based services must have a sufficient understanding of the technology to properly consider the risks of disclosure of confidential information. See Illinois Rule 1.1 Comment 8. Lawyers must also make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, confidential information. See Rule 1.6(e) Confidentiality. Because lawyers hire third-party providers for cloud-based services, lawyers will be subject to the professional rules regarding employing and supervising subordinates. See Rule 5.3 Comment 3.

Due to technology constantly changing, Illinois does not provide any specific requirements for lawyers when choosing a provider. However, Illinois does provide some tips for lawyers when inquiring about a cloud-based services provider, which are:

  • Review cloud computing industry standards and what protections should be put in place when using a cloud-based service;
  • Investigate whether the provider has employed reasonable security measures to protect client data from unintentional disclosures;
  • Investigate the provider’s reputation and history;
  • Look into whether the provider has experiences any security breaches in the past;
  • Demand an agreement to reasonably safeguard that the provider will abide by the lawyer’s duties of confidentiality and will immediately notify the lawyer of any breaches of information;
  • Require that all data is backed up and under the lawyer’s control; and
  • To require reasonable recovery of information if the agreement with the provider is terminated, or if the provider goes out of business.

Several other states have allowed lawyers to use cloud-based services to help with storing client information. See e.g., Alabama Ethics Op. 2010-2; Iowa Ethics Op. 11-01; Tennessee Formal Ethics Op. 2015-F-159; see generally “Cloud Ethics Opinions Around the U.S.”, American Bar Association, Legal Technology Resource Center.

To read the full opinion, click here.


City of New York Opines on the Ethics of Outsourcing

In Formal Opinion 2015-1, the Association of the Bar of the City of New York Committee on Professional Ethics answered “a question of first impression in New York” concerning law firms’ use of professional employer organizations (“PEOs”), which “help small businesses provide employment benefits and human resource services to their employees.” The Committee opined that a law firm may use a PEO’s services, despite the triggering of several New York Rules of Professional Conduct (“Rules”), as long as four requirements are met:

(1) The firm does not allow the PEO to interfere with lawyers’ duty to exercise independent professional judgment and supervise lawyers and nonlawyers.

The Committee noted the value of a lawyer’s professional independence, stating that a PEO “must not be allowed to influence decisions that would impact a lawyer’s ability to provide independent professional judgment. Additionally, the PEO must not have control over law firm employees in connection with the practice of law and thus interfere with law firm’s supervisory responsibilities. See Rules 1.8(f), 2.2, 5.4(c), 5.4(d)(3) as to the interference with independent professional judgment. See Rules 5.1, 5.2 and 5.3 as to supervision.

(2) The firm does not allow the PEO to access confidential client information.

Law firms can comply with confidentiality rules by including in PEO arrangements “reasonable safeguards to prevent” breaches of confidentiality. See Rules 1.6 and 5.1.

(3) The firm complies with the rules regarding conflicts of interest.

PEO employees should be subject to the same conflict-checking procedures as firm employees would also appropriately be subject to. However, the PEO itself is not required to be subject to these procedures. The PEO may provide similar services to one firm as it does “to other law firms that represent adverse clients,” as long as the PEO does not interfere with lawyers’ professional independence, control or supervise employees, or access confidential information. See Rules 1.7, 1.9, and 1.10.

(4) The firm, in compensating the PEO, does not violate prohibitions against sharing fees with nonlawyers.

Payment arrangements with PEOs may not be based on fees paid by clients to the law firm. However, law firms may compensate PEOs based on “a percentage of total payroll, flat fee, or fee per employee or service.” See Rule 5.4(a).

To read the full opinion, click here. Click here, for the New York Rules of Professional Conduct.

The Problems With “One-Stop-Shopping” Discovery Vendors

The Problems With “One-Stop-Shopping” Discovery Vendors

Brian D’Amico takes a compelling look at the growing use of turn-key, “one-stop-shopping” discovery vendors.  His article from the Daily Business Review addresses a recent ethics opinion from the District of Columbia Court of Appeals Committee on the Unauthorized Practice of Law. The Opinion warns that the broad services offered by some discovery vendors venture into the unauthorized practice of law. The Opinion also discusses that some of the vendor’s promotional materials are ambiguous or misleading regarding their capabilities.

The Opinion gives examples of actual promotions from discovery vendors that the committee found concerning.

  • “We design, develop, and manage the entire review process instead of just providing contract attorneys and software and leaving the rest to the client.”
  • “Simply put, our experience in running your project . . . managing a soup-to-nuts document project from process to production – is unparalleled.”
  • “[We have] the ability to run every aspect of discovery management and document review with as much or as little involvement as you require.”
  • “Our consultants develop and implement methods and manage the overall discovery process to yield efficiency and cost savings.”
  • “Our managed services are tailored to specific project needs and include comprehensive project planning, on-site review team supervision, privilege log preparation, e-vender selection, and more.”

 Opinion 21-12, and others like D.C. Bar Ethics Opinion 362 , remind attorneys not to forget local rules regarding supervision of non-lawyers and non-lawyer ownership of law firms.

ABA Adopts Modifications to the Model Rules of Professional Conduct

The ABA House of Delegates just approved several changes to the Model Rules of Professional Conduct, adopting all six resolutions that were proposed by the ABA Commission on Ethics 20/20. Many of the modifications focus on ethical issues that have become prevalent because of rapid changes in technology. The Commission will continue to study several remaining issues before the Commission completes its work in February 2013. Andrew Perlman, the  Commission’s Chief Reporter, has a good summary  over at Legal Ethics Forum. Here’s the link: http://www.legalethicsforum.com/blog/2012/08/ethics2020changes.html

OUTSOURCING LEGAL WORK, PART III: Best Practices When Hiring LPO Firms

OUTSOURCING LEGAL WORK, PART III: Best Practices When Hiring LPO Firms

The increasing practice of legal outsourcing by in-house counsel as well as small, mid-sized, and large law firms, has led the ABA to propose changes to Model Rules that pertain specifically to outsourcing. This series of Blog Posts will describe current trends and ethical issues that are affected by legal outsourcing.

In Part I of the Outsourcing blog posts, we saw that legal outsourcing has grown dramatically, and is currently being used by law firms of all sizes. Further, outsourcing has led to the advent of intermediary outsourcing firms, also called Legal Process Outsource, or LPO firms. These firms identify foreign lawyers, communicate assignments to them, set and collect fees, and in some instances provide U.S.-lawyer review of outsourced work.

Additionally, we learned in Part II of the Outsourcing series, how legal outsourcing can encompass ethical issues such as a lawyer’s duty to provide competent representation. ABA Model Rule 1.1 states that, “competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.”

In light of the dramatic change in the legal environment, some legal ethics commentators have provided practical advice for firms seeking to outsource work. For instance, Martha A. Mazzone, VP and Associate General Counsel Fidelity Investments has compiled a list of best practices to follow when hiring and supervising Legal Process Outsourcing Firms. Her list includes recommendations from bar opinions from the District of Columbia, Georgia, and California, as well as from legal ethics commentators. Here is her list of what constitutes “reasonable efforts to ensure” that an outsourcing vendor is providing competent legal representation:

  • Conduct due diligence on the personnel and on the company hiring the personnel.
  • Conduct due diligence on the country where the LPO group is located.
  • Make at least one site visit and have ongoing conference calls with team leaders and key personnel.
  • Develop written procedures and protocols that the LPOs must follow
  • Consider security issues carefully.
  • Make sure that your client understands and agrees specifically to the type of work that is being outsourced, and the identity and quality of the LPO.

For more information about outsourcing, check out this great article in Time Magazine as well as the ABA’s latest Proposed Changes to the Model Rules.