© 2021 Downey Law Group LLC. For educational purposes only.

Legal Ethics & Technology

September 2021

2

Introductory Matters• Audio Issues – If you are having audio issues, please try connecting by telephone using the dial-in

information, which is:Dial-in number (US): (701) 801-6121

**No Access Code**• Watch the Slides -- https://join.freeconferencecall.com/

• Technical Problems – contact Paige Tungate at ptungate@DowneyLawGroup.com

• Questions – Please submit questions during the program using the CHAT function, or email Paige Tungate at ptungate@DowneyLawGroup.com

• Post-Program Survey – A survey will be emailed to you about 30 minutes after program. Also, there is a link to the survey at the end of these slides

• Certificate of Completion – Available through the Post-Program Survey

• Kansas Credit – If you are seeking Kansas credit, you will need to enter the two Attendance Verification Words and your Kansas information into the Post-Program Survey. Please complete this information in the survey within 3 days of the program, so we can ensure you receive proper credit

Use of Technology by Lawyers• Documents and operations

– Document management systems, cloud storage, file sharing, time and billing software, receiving payments

• Communications and collaboration– Email, messaging, phone/video conferences, business development

and client intake

• Litigation Practice– Legal research, e-filing, eDiscovery software, remote

depositions/hearings

• Continuing Legal Education

3

4

Competency

Rule 4-1.1

• A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.

5

*

Comment [6] to Rule 4-1.1

[6] To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education, and comply with all continuing legal education requirements to which the lawyer is subject.

§ Kansas, 2014

§ Illinois, 2016

§ Missouri, 2017

6

*

Duty of Technological Competency

• A number of state court opinions have imposed duties on attorneys to have some degree of tech competency.– Johnson v. McCullough, 306 S.W.3d 551 (Mo. 2010) (use of

CaseNet to check jurors)

7

Best Practices for Maintaining TechnologyCompetence

• Keep systems updated

• Regularly back up data– Online and offline storage sites

• Watch out for phishing emails

• Never connect to unsecured WiFi – use a VPN if you must

• Utilize secure file transfer means

• Enable auto-lock/auto-sign out

• COMMON SENSE

8

9

Confidentiality andStoring Client Information

10

*

11*

12

*

Ransomware• Ransomware - typically encrypts or locks an

employee’s device until a ransom is paid – Phishing/Spear Phishing

– Pretexting

– Whaling

13

Social Engineering Ransomware• Psychological manipulation into performing actions

or divulging confidential information

• 98% of cyber attacks rely on social engineering

• New employees are most susceptible to socially engineered attacks

14

*

Hackers Target Law Firms• Susceptible to social engineering attacks

• Custodians of highly sensitive information– Personal information

– Tax information

• Unprotected information

• Financial means to pay ransom (maybe)

• Protect reputation

15

Missouri Informal Opinion 2020-26

• Question: Attorney’s office laptop, cell phone, bar card, and credit cards were stolen out of Attorney’s locked vehicle. What do the Rules of Professional Conduct require Attorney to do?

16

*

• ANSWER: If a stolen electronic device contains, or provides potential access to, information related to the representation of clients or former clients, Attorney must take all steps reasonably necessary to prevent unauthorized access to the information. See Rules 4-1.6(c) and 4-1.1. These steps may include, but may not be limited to, deactivating the cell phone; taking appropriate steps to secure Attorney’s law firm network and/or data in offsite storage; changing all passwords that may be stored on the electronic device; and consulting with a qualified information technology professional if appropriate. Attorney must communicate with affected clients to the extent reasonably necessary to allow each client to make informed decisions about the representation. Rule 4-1.4; see Rule 4-1.9(c) and Informal Opinion 2017-02. Attorney must comply with any applicable law requiring notice to affected persons regarding disclosure of their personal information. See Preamble to Rule 4 at [5]. Attorney must take all necessary steps to protect the funds in the client trust account from unauthorized transfers and should monitor the trust account closely. See Rule 4-1.15(a)(3) and Comment [2]. To address the stolen bar card, Attorney may contact the Office of Attorney Enrollment of the Supreme Court of Missouri. Attorney may also consider taking steps to protect the security of Attorney’s e-filing account with applicable courts and consulting Attorney’s malpractice insurance carrier for additional advice.

17

*

Missouri Informal Opinion 2018-09

• Question: May Attorney use “cloud computing” in a way that is consistent with Attorney’s ethical obligations?

18

Answer: Attorney may use cloud computing in the practice of law without violating the Rules of Professional Conduct if Attorney maintains competence in the use of relevant technology (Rule 4-1.1) and makes reasonable efforts to safeguard confidential information from inadvertent or unauthorized disclosure or access, as warranted by the particular facts and circumstances of each client’s matter (Rules 4-1.6(c) and Comments [15] and [16]; Rule 4-5.3 and Comment [3]).

Attorney should read carefully the cloud computing provider’s terms and conditions of service.

19

Answer: . . Attorney should ensure adequate provider policies and practices as to (1) ownership and security of client information, and (2) attorney and provider access to client information. Reasonable efforts to safeguard confidential information may include (but are not limited to) ensuring adequate provider policies and practices regarding:

• Security measures protecting confidentiality of client information during transmission and storage;

• Prompt notification of Attorney in the event of a security breach or provider’s receipt of a subpoena for client information;

• Ownership of data solely by Attorney or Attorney’s firm;

• No access rights by the provider to client information, except as required by law;

• Regular data backup by the provider;

• Handling of client information in the event Attorney’s relationship with the provider is terminated;

• Compliance with applicable law regarding data storage and transmission;

• Reliable access to data by Attorney;

• No access to data by third parties, including advertisers, except as required by law; and

• Domestic storage of data, or, alternatively, storage in a jurisdiction subject to United States data protection laws or equivalent.

20

Answer: . . Because what constitutes adequate provider policies and practices in these areas may change as relevant technology evolves, Attorney is encouraged to consult with a qualified information technology professional, take continuing legal education courses on use of technology in practice, and/or engage in regular self-study of materials from reputable sources to maintain competence in the use of cloud computing in the practice of law.

21

Rule 4-1.6(a) A lawyer shall not reveal information relating to the

representation of a client unless the client gives informed consent, the disclosure is impliedly authorized in order to carry out the representation, or the disclosure is permitted by Rule 4-1.6(b).

(b) A lawyer may reveal information relating to the representation of a client to the extent the lawyer reasonably believes necessary…

(c) A lawyer shall make reasonable efforts to prevent the inadvertentor unauthorized disclosure of, or unauthorized access to, information relating to the representation of the client.

22

*

Comment [15] Rule 4-1.6[15] …The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (c) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer's efforts include, but are not limited to,

the sensitivity of the information

the likelihood of disclosure if additional safeguards are not employed

the cost of employing additional safeguards

the difficulty of implementing the safeguards, and

the extent to which the safeguards adversely affect the lawyer's ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).

23

*

“Reasonable Efforts”• Recognize nature of the threat to confidentiality

• Understand how confidential information is stored and transmitted

• Use reasonable security methods, both on and offline

• Conduct due diligence on vendors who have access to client information

• Train attorneys and staff on how to use technology and security methods

24

Obligations After Data Breachor Cyberattack

• ABA Formal Opinion 483– “When a data breach occurs involving, or having a

substantial likelihood of involving, material client confidential information, a lawyer has a duty to notify the client of the breach.”• No notification required if file server was attacked but

client information was inaccessible, not accessed, or not disclosed to unauthorized persons.

25

Best Practices – ABA Opinion 483

• Inform client there has been unauthorized access to or disclosure of their information and the extent of information affected.

• Inform client of lawyer’s plan to respond to data breach.– Efforts to recover information (if necessary and feasible)

– Steps taken to increase data security and prevent future breaches

26

External Threats vs. Internal Threats

27

*

28

Redactions

29

Redactions

In addition, Plaintiffs’ apparent lack of investment inprosecuting their own lawsuit was buttressed by theirdeposition testimony admitting they have not incurred out-of-pocket payments to counsel, with the exception paying$500 to former local counsel Joe Feller, and their documentproduction of financial records indicating the same lack ofpayments to counsel for costs or fees, save the payment toFeller. Consider further that Plaintiff Anthony Nunes III,testifying as the 30(b)(6) corporate representative of NuStar,answered the question“[W]ho is funding the lawyers for this lawsuit?” with “I haveno idea.” NuStar 30(b)(6) Anthony Nunes III Dep. 400:8-10.

31

On-Line Communications

*

Attorney Grievance Commission v. Vasiliades(MD 2020)

• Among other misconduct, Lawyer posted racist, homophobic, and sexist remarks, liked to his law firm website

• Lawyer charged with violating anti-bias provision

The hearing judge found that Respondent violated Rule 8.4(e) for permitting, authoring, sharing, and endorsing biased and prejudicial language on his public social media accounts which he used to advertise his legal practice. Respondent excepts to this conclusion, arguing that the social media posts were made within the context of appropriate social discourse within his social circle.

• Court found conduct linked to law practice including because bios identified his law firm website and contact information

*

Chris Law @ THE_Chris_LawDownload the Vas Law Accident App.Dauntless legal representation for auto accidents, criminal defense. Call 1-833-C-LAW-123. Baltimore, MD vaslawllc.com

Posts and comments

• A comment, authored by the Respondent, stating: “@tep_time coming from the fat married n[----] who can’t go to a ballgame without his girl’s permission”

• A comment, authored by the Respondent, stating: “Real n[- ---] s[---]”

• A post, shared by the Respondent, discussing out-of- wedlock birth statistics. The Respondent commented on the post, “[a]ttention broke b[-----]s. Y’all getting knocked up thinking he’ll stick around is literally not working. Here’s statistical proof”

• A post, authored by the Respondent, stating: “B[----]es are so wack. You have to act like you don’t give AF about them for them to really like you. You act like you care; they s[---] on you. But then they cry because you don’t give them enough attention. They are ALL insecure AF”

• A post, authored by the Respondent, stating, “[h]umans aren’t meant to be happy sweetie. Especially women lol”

• A post authored by username “lil duval,” that was re- tweeted[10] by the Respondent stating: “Ladies always remember, you are who you let f[---] you”

33

*

Ohio Sanctions Judge for Facebook Conversations –Disciplinary Counsel v. Winters (2021)

• Judge used Facebook messenger to keep non-lawyer updated on matters pending before judge

• Judge knew non-lawyer from pre-bench job

• Non-lawyer Blumenthal asked Judge not to grant bond to suspect who may have sold heroin to Blumenthal’s daughter

• Judge answered questions about form Blumenthal could use to transfer custody of his son

– Later told Blumenthal to finish custody case before filing a personal injury case

• Judge received stayed suspension

34

*

35

Deception and Discovery

36

37

38

Rule 4-4.1In the course of representing a client a lawyer shall not knowingly:

(a) make a false statement of material fact or law to a third person; or

(b) fail to disclose a material fact when disclosure is necessary to avoid assisting a criminal or fraudulent act by a client, unless disclosure prohibited by Rule 4-1.6.

39

Rule 4-4.4(a)

In representing a client, a lawyer shall not use means that have no substantial purpose other than to embarrass, delay, or burden a third person or use methods of obtaining evidence that violate the legal rights of such a person.

40

Rule 4-8.4(c)

It is professional misconduct for a lawyer to:

(c) engage in criminal conduct involving dishonesty, fraud, deceit, or misrepresentation.

41

Jurisdiction for Online Advertising

*

Weitz v. Marsh (Nev. 2021)• Weitz & Luxenberg (NY) ran cable ads for hernia mesh cases on national

cable

• NV resident signed engagement agreement that said law firm was not evaluating medical malpractice claims

• Complainant filed complaint because W&L declined representation after medical malpractice statute of limitations ran

• W&L lawyers obtained writ granting motion to dismiss discipline due to lack of jurisdiction

*

Basis for Granting Motion to Dismiss

• In opposing petitioners motion to dismiss, the State Bar presented evidence of petitioners' firm's contacts with Nevada but did not provide any evidence that

– petitioners themselves crafted the national advertisement, directed it to be aired in Nevada,

– established the procedures for evaluating hernia mesh claims or communicating with potential clients, or

– were otherwise involved in Carruth's case.

• Accordingly, we conclude that the State Bar did not present prima facie evidence that Nevada has personal jurisdiction over petitioners for purposes of this attorney discipline matter.

44

*

45

Online Reviews

Missouri Informal Opinion 2018-08

Question: May Attorney respond to a negative online review about the representation of a former client if Attorney confines the response to comments directed to information already disclosed by the former client in the review?

46

Answer: In most circumstances, Rules 4-1.9(c) and 4-1.6 prohibit Attorney from revealing information relating to the representation of a client in response to a negative online review, even where the client or someone writing on behalf of the client has posted criticism of the quality of Attorney’s representation.

Per Rule 4-1.9(c), Attorney has a duty to a former client not to reveal confidential information except as would be permitted with respect to a client.

A negative online review generally does not constitute a “controversy” sufficient to trigger the exception in Rule 4-1.6(b)(3) and permit a lawyer to reveal confidential information to the extent reasonably necessary to establish a defense in a controversy between the lawyer and the client.

Even if the information is not privileged as a matter of law such that Attorney could be compelled to disclose it in a legal proceeding, Rule 4-1.6 does not permit the voluntary disclosure of confidential information by Attorney in response to an online review. See Comment [3].

Rule 4-1.6 protects all information related to the representation, whatever its source. Comment [3].

Also prohibited are disclosures by a lawyer that do not reveal protected information but could reasonably lead to the discovery of such information by a third person. Comment [4]. If Attorney chooses to post a response to an online review, the response may acknowledge an attorney’s obligation to comply with professional obligations and must reveal no information related to the representation in violation of Rule 4-1.6.

47

Future Programs – Free Ethics CLEProtecting Client Money & Property – 1.0 Ethics CLESeptember 22 (Wednesday) at 12 Noon CT

Legal Ethics & Lawyer Marketing – 1.0 Ethics CLE October 6 (Wednesday) at 12 Noon CT

Addressing Bias in the Legal System: Cognitive Bias – 1.0 Ethics, 1.0 Elimination of Bias CLEOctober 19 (Tuesday) at 3:00 PM CT

Sign up at www.DowneyEthicsCLE.com

48

49

Conclusory Matters• Questions – If you have questions after the program, please email them

to Paige Tungate at ptungate@DowneyLawGroup.com

• Post-Program Survey – A survey will be emailed to you about 30 minutes after this program. Also, here is the survey link:

https://www.surveymonkey.com/r/tech0921

• Certificate of Completion – Available through the Post-Program Survey

• Kansas Credit – If you are seeking Kansas credit, you need to enter the two Attendance Verification Words and your Kansas information into the Post-Program Survey. Please complete this information in the survey within 3 days of the program, so we can ensure you receive proper credit

Thank You.

Michael Downey and Paige TungateDowney Law Group LLC

(314) 961-6644(844) 961-6644 toll free

info@DowneyLawGroup.com