The New Year has brought a new turn for the state’s ethics rules for the use of technology.
One of the biggest changes to take effect is meant to remind lawyers that the old precautions used to prevent confidential information from slipping out are many times no longer enough.
“The new rule change added a paragraph to the rule … to require lawyers to make reasonable efforts to prevent the inadvertent disclosure of information, the unauthorized disclosure of information or unauthorized access to that information,” said Dean Dietrich, past chair of the Wisconsin State Bar Professional Ethics Committee and a shareholder at Ruder Ware in Wausau, where he has led the firm’s professional responsibility and ethics practice for more than 15 years.
To most lawyers, the obligation to protect confidential information is so obvious that there’s no reason to spell it out formally, as has now been done in Chapter 20 of the state Supreme Court’s rules of professional conduct. Many, though, may still be blind to the pitfalls inherent in everyday features such as autofill, Dietrich said; one wrong keystroke, and an important email could suddenly be sent to the wrong person.
“Some law firms have discontinued the use of autofill so you have to type the whole name,” Dietrich said. “I don’t know that you have to go that far, but you have to develop habits that you use in your practice that will ensure or reasonably protect the information you’re distributing on behalf of a client.”
By and large, the new rules are intended to insure lawyers know that they should change their behavior if they plan to use recent technological innovations while practicing law. To that end, they cover everything from lawyers’ communications in text messages and on social media to the use of public Wi-Fi systems. They are also a partial response to the risks posed by hacking, phishing and the inadvertent release of client information, Dietrich said.
“Technology is changing so fast,” he said. “The issue here is really an attempt to highlight and make it very clear that lawyers have to pay attention to how they use technology. It doesn’t prescribe certain ways to do things. It doesn’t require you follow this particular program or this particular etiquette. There is no required discipline or degree of penalty.”
Among the subjects dealt with by the new rules: technological competence.
“What that means is that lawyers are expected to have a minimal level of competence regarding the technology they use in their law practice,” Dietrich said. “It’s easier said than done, but it’s also not something that says we have to go out as lawyers and get a degree in IT. It means we have to pay attention to how we use technology in our law practices, and we need to visit with people, hire people to talk to, if we don’t know how technology is used or how technology functions as part of the law practice.”
One technology that is particularly risky — probably more so than many users realize — is public Wi-Fi .
“Sitting in Starbucks and sending emails to clients when the Starbucks Wi-Fi is open is a good example of where you need to think about where you use technology,” Dietrich said.
Another example: passwords.
To protect confidential information from would-be hackers and others phishing for personally identifiable information, lawyers should find a consultant who can help them understand how to use and manage passwords, Dietrich said. One absolute must is to learn something about what makes a password strong or weak and how often passwords should be changed.
If these changes have lawyers anxious about unwelcome encounters with the Office of Lawyer Regulation, they shouldn’t. At least, not yet.
“It’s very unlikely discipline would occur, largely because it’s not something people go around checking every day,” Dietrich said. “It’s not like the OLR goes around checking email and whether people are using public Wi-Fi. But the day may come.”
For now, the new standards are meant as food for thought, as much as anything.
“The changes to the rules really are designed to say, ‘Think about it every time you use technology, and pay attention to what you’re doing,’” Dietrich said.
The adoption of the new rules is just one of several steps the state Supreme Court has recently taken to bring Wisconsin’s court system into the 21st century. Others have included the recent push toward mandatory e-filing, as well as tweaks to rules regarding electronic banking.
Dietrich said the state has many subjects left to check off on the to-do list, including texting, social media and online advertising.
“We’re dealing with a new world of texting, and lawyers don’t like to receive a text from a client because it’s hard to store that; it’s hard to capture that text,” Dietrich said. “But it’s important to do that because it’s a client communication. And the world of texting is here, and clients very much expect the ability to text their attorneys. So we’re embarking on a whole area of, ‘How do we preserve this? What do we do?’ We have to come up with better systems than putting our phones on a copy machine and making a copy. I think we’ve graduated beyond that, but for a period of time that’s the best we could come up with.”
Snapchat, Google chat, even Skype, all pose dangers.
“Skype is like a phone call, so I’m not sure Skype is as inherently risky,” Dietrich said. “But others like it are developing on a daily basis. How secure are they? Those are areas lawyers need to pay attention to.”
Encryption is another technology lawyers and court officials will eventually have to come to grips with.
“It is, I think, pretty much understood today that lawyers engaged in the intellectual property practice of law are sending things by encryption,” Dietrich said. “Lawyers involved in representing health care organizations are sending and receiving things by encryption. Lawyers involved in handling medical records are looking at encryption. That’s becoming an area of new concern amongst lawyers. There isn’t an expectation at this point that everything be encrypted, but that day may come.”
Social media, for its part, changes so often that it’s hard to keep up, said Margaret Raymond, dean of the University of Wisconsin Law School and a two-term member of the state’s committee on professional ethics.
Raymond said lawyers who relate professional anecdotes and experiences on Facebook or Twitter are typically careful not to use their clients’ names. Still, she said she learned during an informal discussion at a recent party of the real danger that someone can be inadvertently identified online through mere association; she also found that lawyers, in general, need to pay more attention to professional decorum.
“We talked about what happens when professors go online and say, ‘My students are driving me crazy,'” she recalled. “I said, ‘You see this nationwide with lawyers.’ And a lawyer in the group said, ‘I had to get off a blog because someone kept saying, ‘My clients are crazy.’ It disrespected the relationship even though no one was named, and that worried her.”
The advent of social media has also prompted state officials to reconsider rules regarding lawyer advertising.
“Even a posting on Facebook is considered lawyer advertising,” Dietrich said. “It’s really no different than a Yellow Page ad; it cannot be false or misleading. There’s going to be debate over the next two years whether the restrictions on lawyer advertising breach the constitutional rights of lawyers to advertise. That’s a future consideration.”
Similar questions hang over technologies used for file management and encryption.
Raymond said she expects to hear much discussion in the near future about how attorneys should be managing both hard-copy files and electronic communications such as emails and text messages.
“The challenge of this is there’s never one single answer,” she said. “How long do you keep files? That depends. Do you have to notify your client? That depends. Most of the time you need to behave reasonably in light of the circumstances. Do you need to keep, ‘Hi Joe, are we meeting next Thursday?’ No that’s reasonable. Do you need to encrypt material with trade secrets? Sure, that’s reasonable.”
With the state’s push toward mandatory e-filing, the subject of electronic ethics is likely due for a mulling over.
“That gets to be part of this issue of competency,” Dietrich said. “Not only is it an issue of being competent in your practice, you also now are required to do the e-filing and be competent about that.”
Dietrich said if the latest rule changes have their intended effect, lawyers should find that their dealings with technology have been simplified.
“It shouldn’t change their practice that much,” he said. “But it really opens the door for people to pay much more attention to how they practice law.”
But, he said, these matters are far from settled.
“These are issues attorney are going to be struggling with the next five years and, really, forever because things are changing so much, so fast,” Dietrich said.