Illinois: Attorneys & Clients in the Cloud

Recently, the Illinois State Bar Association (ISBA) issued a Professional Conduct Advisory Opinion stating that lawyers may use cloud-based services to store client information.

However, the ISBA warned that the use of cloud-based services raises ethical implications of “…competence, confidentiality and the proper supervision of non-lawyers.”

The ISBA quoted Nevada Formal Opinion 33 (2006), which analogized the duty to protect client information on a cloud-based service to the duty to protect client information on a physical server. The Nevada Opinion concluded, “[t]he question in either case is whether the attorney acted reasonabl[y] and competently to protect the confidential information.”

To help lawyers select a cloud-based service provider, the ISBA outlined 7 non-exhaustive practices lawyers could engage in (summarized):

  1. Reviewing industry standards and appropriate safeguards;
  2. Investigating whether the provider has implemented reasonable security precautions;
  3. Investigating the provider’s reputation and history;
  4. Inquiring as to whether the provider has experienced any breaches of security;
  5. Requiring an agreement;
  6. Requiring that all data is appropriately backed up;
  7. Requiring provisions for the reasonable retrieval of information.

Further, the ISBA warned that the duties implicated by using cloud-based services do not end with choosing a reputable provider. This is in part due to the fact that the Illinois Supreme Court recently amend Comment 8 to Rule 1.1 of the Illinois Rules of Professional Conduct. The Comment now reflects Comment 8 to Rule 1.1 of the Model Rules of Professional Conduct and says “…lawyers must keep abreast of changes in law and its practice, including the benefits and risks associated with relevant technology…” (Emphasis added).

This led the ISBA to echo Arizona Ethics Op. 09-04 (2009) and Washington State Bar Association Advisory Op. 2215 (2012) (among others) and conclude that lawyers using cloud-based services must, “…conduct periodic reviews and regularly monitor existing practices to determine if the client information is adequately secured and protected.”

Read the full opinion here.

Alaska Bar Association: Use of “Web Bugs” is Unethical

Alaska Bar Association recently advised that the use “web bugs” to track e-mail communications with opposing counsel violates The Alaska Code of Professional Conduct. Opinion 2016-1, describes “web bugs” as Internet surveillance tools that may inform e-mail senders of the following information:

  • whether and when the e-mail and/or attachments were opened;
  • how long recipients reviewed the e-mail and/or attachments;
  • how many times the e-mail and/or attachments were opened;
  • whether and when the e-mail and/or attachments were forwarded; and
  • the rough geographical location of the recipient.

The Opinion explains that web bugs may allow the sending lawyer to determine the undisclosed location of the opposing party or to gain insight into which sections of a settlement draft are most important to the opposing side based upon how much time is spent on various pages of a document.

Concurring with New York State Bar Association’s Opinion, the Alaska Opinion concludes that “web bugs” “impermissibly and unethically interfere with the lawyer-client relationship and the preservation of confidences and secrets,” required by Rule 1.6- Confidentiality. Thus, the Opinion advises that the use of web bugs is unethical, dishonest, and a violation of Alaska Rules of Professional Conduct Misconduct Rules 8.4(a) and 8.4 (c). Moreover, the opinion states that “even the disclosed use of a tracking device when communicating with opposing counsel” is impermissible.

To read the full opinion, click here.

Up in the ‘Clouds’: Illinois Finds Duty of Competence Applies to Selection of Provider

This fall, the Illinois State Bar Association Committee on Professional Ethics reached two conclusions regarding use of cloud-based services. In Opin. 16-06, the Committee opined that:

(1) a lawyer may use cloud-based services to store confidential client information, so long as the attorney uses reasonable care to make sure that client confidentiality and client information is protected; and

(2) a lawyer is responsible for complying with her duties of competence in selecting a cloud-based services provider, assessing cloud-based services practices, and monitoring compliance with the lawyer’s professional obligations.

 This opinion expands Illinois’s prior opinion where a lawyer may work with a private vendor to monitor the law firm’s computer server, so long as the lawyer takes reasonable steps to ensure the vendor protects client’s confidential information. See, ISBA Op. 10-01 (2009).

Rule 1.1 Competence provides that lawyers must provide competent representation to their clients. Illinois recently amended this rule to include that lawyers who use cloud-based services must have a sufficient understanding of the technology to properly consider the risks of disclosure of confidential information. See Illinois Rule 1.1 Comment 8. Lawyers must also make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, confidential information. See Rule 1.6(e) Confidentiality. Because lawyers hire third-party providers for cloud-based services, lawyers will be subject to the professional rules regarding employing and supervising subordinates. See Rule 5.3 Comment 3.

Due to technology constantly changing, Illinois does not provide any specific requirements for lawyers when choosing a provider. However, Illinois does provide some tips for lawyers when inquiring about a cloud-based services provider, which are:

  • Review cloud computing industry standards and what protections should be put in place when using a cloud-based service;
  • Investigate whether the provider has employed reasonable security measures to protect client data from unintentional disclosures;
  • Investigate the provider’s reputation and history;
  • Look into whether the provider has experiences any security breaches in the past;
  • Demand an agreement to reasonably safeguard that the provider will abide by the lawyer’s duties of confidentiality and will immediately notify the lawyer of any breaches of information;
  • Require that all data is backed up and under the lawyer’s control; and
  • To require reasonable recovery of information if the agreement with the provider is terminated, or if the provider goes out of business.

Several other states have allowed lawyers to use cloud-based services to help with storing client information. See e.g., Alabama Ethics Op. 2010-2; Iowa Ethics Op. 11-01; Tennessee Formal Ethics Op. 2015-F-159; see generally “Cloud Ethics Opinions Around the U.S.”, American Bar Association, Legal Technology Resource Center.

To read the full opinion, click here.

 

Crowdfunding for Legal Fees?

What is crowdfunding? It is the use of an Internet site to share information about a project in order to solicit money from the public. Individuals who contribute are not given a financial stake in the project.

So, may an attorney post information about anticipated litigation and ask for funds as a way to be paid his fees as long as contributors do not gain any influence in how the case is handled or a stake in the outcome?

The Philadelphia Bar Association Professional Guidance Committee recently released Opinion 2015-6, which addresses an attorney’s use of crowdfunding to obtain legal fees from third parties on behalf of a client who cannot afford to pay for legal services. The Committee approved the general concept of crowdfunding, but with certain restrictions on its use.

The Committee opined that an attorney should obtain the client’s informed consent and be mindful of his duty of loyalty to the client. The Committee cautioned that an attorney’s online descriptions must avoid any implication that contributors are granted a right to direct or control litigation. Additionally, the Committee stressed the importance of ensuring that contributors do not feel that they have been misled in any way. Not only might a misleading description be a violation of the advertising rules and the obligation not to mislead third parties, but also, it might impede on the ability of future litigants to use crowdfunding to raise the fees necessary to assert their legal rights.

Finally, the Committee provided guidance on provisions that should be included in the fee agreement to avoid contracting for excessive or impermissible nonrefundable fees. (In other words, the attorney could potentially receive fees from crowdfunding that might be deemed excessive depending upon the nature of the case and the attorney’s participation in the case.) First, the agreement should include terms describing the lawyer’s obligation to remain on the case until its conclusion or until a point at which the retention of the contributions would not constitute an excessive fee. Second, the agreement should require that the funds raised be retained in a trust account until they are earned in accordance with the fee agreement.

Crowdfunding is another product of technology and the Internet that may assist in providing the public with greater access to legal services, but lawyers must beware of ethical landmines by understanding the technology at play within the context of the legal ethics rules.

If It’s Not “Real Time,” Is It Solicitation? Florida to Reconsider Rule on Prohibited Solicitation

In light of the Florida Bar’s recent decision to permit attorney advertising by texting, the Florida Bar Board of Governors will review amendments to Florida’s solicitation rule at its meeting on December 4, 2015.

The proposed amendments focus on the definition of “real time” contact to clarify that a lawyer may not solicit “in person.” The proposed amendment not only adds the “in person” language, but also further defines “solicit” to include: “by electronic means that include real-time communication face-to-face such as video telephone or video conference.” Thus, the language expands “in person” by prohibiting attorneys from contacting prospective clients through means such as Skype, Face Time, or Google Hangouts.

The proposed amendment  incorporates the recent  texting decision by removing both telegraph and facsimile from the language as well as the phrase, “includes any written form of communication, including any electronic mail communication, directed to a specific recipient . . . ,” from 4-7.18(a)’s definition for “solicitation.”

Some view the changes as a signal that the Florida Bar is attempting to adopt advertising amendments that embrace the digital age…

Read the proposed amendments to Rule 4-7.18(a) here.