How Software Updates can Become an Ethics Issue for Law Firms
June 1, 2016
Why is it so important for your law firm to keep is software updated? Well, American Bar Association (ABA) Ethics now demand it. Unless your office does not use computer technology at all, there is no longer any excuse to lag behind your competitors.
Nothing stands still on the internet, not even the ways by which you access it. While you may be best friends with your Windows XP OS, support for it ended on April 8, 2014, and that means Microsoft will offer no further security updates or technical support for that system.
Windows XP had a 12-year run, and many users swore by it. If you are still using it, though, you may be swearing atit instead. It is no longer stable. Without a stable operating system, your ability to access the internet safely without compromising your data shoots up exponentially.
Over the course of a decade, the same scenario has periodically appeared with Chrome, Firefox and IE. Older versions of these widely-used browsers are no longer supported by hosts, developers or marketing providers.
Technology moves at high speeds. Your law office must be up-to-date and secure to be able to access the modern internet. Your firm’s reputation depends on it.
Perhaps your office is still a bastion to The Paper Chase by John J. Osborn, and you revel in books, hands-on filing and researching in libraries, thumbing well-worn pages. Such deviation from technology, while acceptable to a point, has become less acceptable to the ABA, which now mandates keeping up with the best there is in legal software.
The rule change could not have come at a more appropriate time. According to a San Francisco Chronicle article from 2010, “Lucrative Targets of Cyberscams,” law firms are particularly juicy targets. They are constantly bombarded with malware and phishing intrusions into their systems. That same year, National Law Journal revealed that more than 50 major American law offices required assistance to deal with breached computer security. Wired Magazine also reported on a particularly bad hacking attack on a law firm representing a Chinese client in litigation.
If anything, attacks on law firms have grown over the last four years. Not all of them are as sophisticated as the one reported by Wire Magazine, but they are happening daily. And not all attacks are external — a security point worth considering.
What would happen to your computer files if the office suffered a major disaster, such as a flood, tornado or hurricane? Paper files would be gone. Were there updated digital backups?
Client communication and confidentiality of information are paramount for a law firm. A practicing attorney is expected to go to just about any lengths to ensure all information provided is locked down tight. Certain exceptions prevail, depending on the sensitivity of a case and the related information, so use what works to protect every client’s privacy and safety.
The ABA’s Model Rules of Professional Responsibility are broad. There are comments and rules that lay out how to better deal with technology to harness it for the benefit of law firm’s clients. Rules are not binding, but they are the backbone of most state’s rules governing lawyers. The added comments expand the rules for further guidance.
Attorneys must also be aware of The Restatement (3rd) of the Law Governing Lawyers (2000) and in particular, Section 16(2) and 16(3) and Chapter Five — relating to competence and diligence, obligations that must be met for client’s confidences and other confidential client information. If an attorney is found to breach those sections, he or she may be sued for legal malpractice. Furthermore, lawyers have a contractual duty to protect data for clients in industries such as financial services and health care.
Rule 1.1 applies to attorney competence. All lawyers are to skilfully represent their clients to the best of their abilities, using all means reasonable to present a case. Competence, outlined in Comment 6 of Rule 1.1, clearly states that attorneys should keep up with changes in the law and how it is practiced, "including the benefits and risks associated with relevant technology." Rule 1.4, dealing with client communications, states that an attorney much acknowledge all contact from clients. Today, fewer people are making phone calls to their lawyers, preferring text or instant message.
The rule changes are intended to make law firms examine their technical vulnerabilities closely and to act on sealing possible ports into their computer databases.
In some places, restrictions will require more effort. At least 10 states, including Rhode Island, California, Maryland, New Jersey and Massachusetts have security laws on the books, designed to protect personal information.
Busy managing partners may not have time to become technology experts instantly, but sudden mastery will not be necessary, despite rule changes. Just be savvy enough to find the tools to use and the people to hire.