Law Practice Tips
Malpractice or Ethical Violations with Your Computer
By Jim Calloway, Director, OBA Management Assistance Program
"What Do You Mean My Computer Committed Malpractice?" was one of my presentations at the OBA Annual Meeting this year.
It is actually a quite sobering concept that a lawyer's technology could generate a malpractice or ethical problem for that lawyer. For those of us who have been long-time computer users, we've seen a loss of control of our technology that seems to parallel the growth of power and usefulness of the personal computer. No less a technology expert than Steve Gibson (SpinRite, Shields Up, Zone Alarm, grc.com) told a group of lawyers that back in the old days he understood every single thing that was on his computer because he had loaded it there. "Now," he said, "I can be sitting across the room, not touching the computer and its hard drive will start spinning. What is it doing all by itself? I have no idea."
Luckily, it is doubtful that your computer could actually do something on its own initiative to commit malpractice or an ethical violation unknown to you. But the pervasive use of technology within the law office does create some areas of concern that did not exist in the pre-computer era. There are also opportunities as well.
Oklahoma Rules of Professional Conduct are referred to as ORPC. The ORPC is contained in appendix 3-A to Title 5 of the Oklahoma Statutes. A direct link to the ORPC will be contained in the online version of this article. You might want to stop by the OBA Web page, use this link and bookmark it or save it in your favorites for a quick reference in the future.
ORPC Rule 1.1 requires competence which is set forth as "the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation." Does this require the modern day lawyer to have computers skills? Probably not, as long as one can hire the people with the skills. But a growing number of lawyers consider their information management know-how to be an important part of their skill set. Clearly digital information from legal publishers, free legal _Web sites, the OBA-NET, the dozens of lawyer specific electronic mailing lists and government websites provides many new and better avenues to remain current on the law.
ORPC Rule 1.7 pertains to conflicts of interest. Clearly a computer conflict of interest system can be superior to a manual one due to the ease and speed of use and the fact that it cannot be stymied by the loss of a single 3" X 5" card. Whether the lawyer employs a sophisticated database or case management system or just enters the information into searchable word processing documents, it is always important to keep track not only of clients, but of other relationships (e.g. opposing parties, hostile witnesses) that might give rise to a conflict.
Inadvertent disclosure of confidential information is a significant concern. The confidentiality of attorney-client information as set forth in ORPC 1.6 is a hallmark of the legal system. Disclosure of confidential client information via digital means is a potential problem. We work quickly and a mouse click or button pushed at the wrong time can produce unexpected results.
The most common situation involves human error where an e-mail address is mistyped or the wrong pre-programmed button on the fax is pushed, sending the documents to opposing counsel instead of co-counsel.
Good staff training is the key here and instilling an appreciation of particularly sensitive documents. We have long confidentiality disclaimers that we use on all of our fax cover sheets, even if we are faxing in a pizza order. When a particularly sensitive document is being faxed, warn your staff that they are dealing with something more sensitive than the norm and when the individual client gives you a fax number, verify where the incoming fax goes and who else might have access to it if the client shares access to a fax machine. Always double check the e-mail address one last time before you hit send when there is sensitive information involved.
E-mail communications between lawyer and client raise other confidentiality concerns as well. After all, the e-mail travels through several computers as it races across the Internet. We all still await the day when encryption is easy and used by most everyone. Until that day there are still some things that are just too sensitive to communicate by unencrypted e-mail. The main safeguard is to discuss with your client the insecurities inherent in e-mail. Your client may be more at risk of communicating too much than your staff.
Office sharing between lawyers is increasingly common, but that raises issues of conflicts and confidentiality. Sharing a computer network may allow those from firm A to access lawyer B's records. At a minimum, set up your network carefully to ensure that this does not happen and consider whether there should be sharing of networks at all. We've noted previously that the best plan for office sharing lawyers is to adopt the same conflict of interest rules as if they were in a single law firm. Doing more than the rules require provides a good safety net.
Portability problems - Laptop computers and Personal Digital Assistants (PDAs) may or may not contain large amounts of confidential information. Since they can be easily lost or stolen you may consider protective schemes such as password protecting the machines, not routinely carrying significant client information on these devices, special security utilities or even encryption.
When you leave your office, can anyone walk in and access your computer? Most offices are more secure than that. But if you have a special situation or just want to be extra careful, you might consider setting up a password protected screen saver. Set a delay time that works for you, such as three to five minutes. It just takes seconds to type in a password and this automated defense might come in very handy when someone thoughtlessly lets a client use your office to make a telephone call.
The computer screen in the reception area is even more exposed to unauthorized eyes and should definitely have a passworded screen saver. Strongly consider a confidentiality screen - a physical filter than fits over the monitor and renders it not viewable to anyone not sitting directly in front of it. Some of these are also said to prevent glare and block some of the radiation that a monitor emits.
Marketing via the Web is much more accepted now than it was a few years ago when OBA General Counsel Dan Murdock and I authored "Attorney Advertising in Cyberspace" which was originally published in the Oklahoma Bar Journal on July 18, 1998. But you can still get into trouble via the Web particularly if you have fill-in forms where people seek advice from you without proper screening1 or you participate in chat rooms for the purpose of getting new clients. Even though this is an older article, you should read it if you have never done so.
ORPC Rule 1.15 requires keeping trust account records for five years. Lawyers like records in digital format. They are generally searchable, which is a very powerful tool. However there may be a potential problem area for the lawyer who keeps all trust account records electronically. When one receives a request to review a trust account record that is four years, 11 months and 21 days old, one could learn (a) that the newest version of accounting software won't open files created in the older version, (b) that the old records are on 3.5" floppy disks and no one in the office has a floppy drive anymore, (c) that someone reused the floppy disks thinking it was fine since the information was five years old or (d) everyone is sure that the billing archive CD is around here somewhere, but they cannot locate it right now. Let's be old fashioned here and print off the trust account records at the end of each year and file them appropriately.
Of course, safeguarding client property takes on a new meaning when you consider digital information. Just imagine spending (and billing) a couple of hundred hours on a major piece of client work that disappears in a hard drive crash. Backing up your documents and having a disaster recovery plan are of critical importance. We won't belabor the backup point since we had a lengthy treatment on this topic recently in the Oklahoma Bar Journal.2 As I spend more time investigating this issue, I will note that this simple business requirement is harder than you think. While a complete system back-up is still best, it is certainly critically important to back up your data and your documents regularly.
Internet connections bring a host of information and a host of potential problems. You should have a firewall to protect your PC's from being accessed by others through your Internet connection.3 Even more problematic is training staff about understanding which e-mail attachments are potentially dangerous. Anti-virus software is a must these days.
E-mail use policies are something law firms should probably consider. While it might not generate a malpractice or ethics violation issue, if the law firm has its own domain name, all outgoing e-mails might be assumed to be the equivalent of communications on law firm stationery. This could be embarrassing if the e-mail is forwarded to others. Different policies might then be needed for the receptionist whose outgoing e-mail announces it is from mary@Fredslawfirm.com as opposed to mary.smith@sbcglobal.com. A few years ago corporate America became quite concerned about employees wasting company time on the Internet and many businesses banned employees accessing Web-based e-mail services like Hotmail and Yahoo. While I understand that point of view, I would also make the point that I'd probably prefer an employee do that and not use my domain name if they sent out a lot of personal e-mail.
In many firms, the ability to use the Internet and computers for personal use on their own time is a valued job benefit for staff. Many firms do not like this, but I've never seen the problem with a staff person coming in early or staying late to produce a personal document or do some Web surfing. So be sure and get feedback from staff before implementing any technology use policy.
Hopefully none of us will be faced with "technology malpractice" in the future. But the law and technology continue to evolve quite rapidly. Keeping current on the law is important. Keeping current on legal technology issues is important as well.
1. Failing to adequately screen for conflicts, unauthorized practice outside of the lawyer's jurisdictions of admissions, giving wrong advice because a lawyer does not know the law of that jurisdiction and violating the advertising or other ethics rules with an off-the-cuff comment are some of the immediate concerns.
2. See "Backing Up Your Data: There's No More Important Technology Task" by John Brewer and Sheryl Cramer, 74, O.B.J., 2973 , Nov. 1, 2003
3. For more information see "Who is Reading your Hard Drive Tonight? Security with High Speed Internet Access and a Few Words about Passwords" Oklahoma Bar Journal June 10, 2000.
Originally published in the Oklahoma
Bar Journal December 13, 2003 - Vol. 74; No.34
