by Michael Djavaherian

We have held webinars and written about the ethical obligations that apply to lawyers who work outside the office. The California Bar, through a Standing Committee on ethics, has weighed in with an ethics opinion outlining a lawyer’s duties when working remotely. It is an interim opinion posted for public input, but the final opinion is not likely to change substantially. The opinion is 8 pages long, and covers the issues involved comprehensively. The issues became prominent during the pandemic, but the Bar notes that the rules would “apply to lawyers who work remotely regardless of the underlying reasons or whether a traditional, physical office space remains available”. No rules of professional responsibility have changed. Instead, the Bar interprets the existing rules in light of technological and societal conditions.

The first rule examined is the duty of confidentiality. Lawyers must take reasonable steps to safeguard client information, including information stored with third parties, such as cloud providers. Lawyers “should investigate and monitor third-party providers, limit access to confidential information, and obtain written assurances from the provider concerning data security and the handling of breaches of confidentiality. If a lawyer is not able to evaluate the security of the technology used, the lawyer must seek additional information, or consult with someone who possesses the requisite knowledge to ensure compliance with the lawyer’s duties of competence and confidentiality”.

Lawyers who work from home “should implement reasonable measures to safeguard confidential client information, particularly as other household members may share or have access to a home computer or laptop”. The opinion describes a number of specific circumstances that lawyers need to address when ensuring compliance with their duties, such as the presence of listening devices (e.g., Alexa) and the types of passwords that are used. Lawyers also must counsel clients in order to ensure that they understand what they need to do to maintain confidentiality.

The next duty discussed was the duty of competence. As we noted in a recent article, the Bar amended its rules on competence to encompass technological competence. The Standing Committee agrees with a recent ABA opinion that the standard to apply to technological competence is “reasonable efforts”. “The duty of technology competence applies to multiple aspects of a lawyer’s practice, such as those involving electronic discovery, social media, law practice management, virtual law offices, and remote practice.” Lawyers also need to be able to access client files remotely. “It is a good practice to require that files are saved to a centralized, secure case management system.” NOTE: The Bar’s recommendations call for firms to utilize the services that XIRA provides.

Next, the Bar discussed the duty of communication. “When using electronic forms of communication, the lawyer should ensure that the client is receiving and understanding the information exchanged. In certain circumstances, phone conferences or video-conferences may be needed.” Once again, XIRA fits the bill for lawyers to fulfill their duties.

The final duty discussed was the duty of supervision. A law firm “should ensure that it provides appropriate tools and equipment, technology support, training, and monitoring to its lawyers and staff. Managerial lawyers should consult with appropriate information technology staff or consultants in implementing technology measures to assist with Law Firm’s remote practice.” Law firms should create a policy regarding devices, and maintain adequate security measures for all of them. “Managerial lawyers and lawyers overseeing non-legal staff should maintain regular communications to oversee the work of associates, paralegals, staff, and independent contractors… For law firms that decide to transition to “virtual only” environments, it is a good practice to use video conferencing for important trainings or meetings.”

The Bar added that “lawyers should adequately investigate outside vendors and contractors and oversee their work to ensure it is consistent with the lawyer’s ethical obligations.” At XIRA, we welcome such discussions with our lawyer customers, and are happy to provide any information about the security measures we have in place to protect your client data, such as end to end encryption.

Finally, the opinion concluded with a summary of the rules relating to unauthorized practice of law for those practicing outside of their state of license, a topic which XIRA previously covered in a webinar and article.

All California lawyers who use technology (which is pretty much everyone) or who ever practice remotely need to read this opinion in its entirety and be familiar with the requirements.