Download presentation
Presentation is loading. Please wait.
Published byMarjory Spencer Modified over 9 years ago
1
TECHNOLOGY & ETHICS Association of Corporate Counsel © 2014 1
2
AGENDA Technology & Competence (ABA Model Rule 1.1) Technology & the Duty of Confidentiality (ABA Model Rule 1.6) Receiving Counterparty’s Metadata (ABA Model Rule 4.4) Outsourcing & Cloud Computing (ABA Model Rule 5.3) Social Media (still being chartered…) 2
3
WHAT’S NEW? August 2012 – ABA modernizes model rules of professional conduct Six new technology-related changes, including modifying definition of writing to include “electronic communications” Topics addressed include: competence, confidentiality, and outsourcing California – has addressed each of these issues through formal opinions; although has not adopted ABA Model Rules, California Bar is trendsetter in this space Not in scope: Technology and Client Development 3
4
“An attorney’s obligations under the ethical duty of competence evolve as new technologies develop and then become integrated with the practice of law.” California State Bar Formal Opinion Interim No. 11-0004 (Feb. 28, 2014) (related to ESI and discovery request) 4
5
For IHC, where is tech competence relevant? Responding to discovery Choosing to store client information in a cloud Advising on compliance with data privacy regulation Managing cyber and warrantless surveillance risks Managing corporate information flows Advising on document retention policies Sending & receiving documents with metadata Leveraging technology to lower department costs Advising on social media for investigations, hiring, etc. Proficiency needed may vary. 5
6
TECHNOLOGY & COMPETENCE ABA Model Rule 1.1: “Competent representation requires the legal knowledge, skill, * * * reasonably necessary for the representation.” Comment [8] (new): “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” 6
7
Takeaways on competence Not a new obligation IHC should understand how technology works We can still rely on consultants and IT experts However– Remember, we have the big picture Legal analysis of technology- related decisions is key 7
8
TECHNOLOGY & CONFIDENTIALITY ABA Model Rule 1.6(c) (new): “A lawyer shall make reasonable efforts to prevent the inadvertent disclosure of, or unauthorized access to, information relating to the representation of a client.” Earlier focus was simply: “A lawyer shall not reveal information relating to the representation of a client * * *.” ABA Model Rule 1.6(a). 8
9
ABA Model Rule 1.6(c) Why? Guidance on duty to safeguard Confi concerns with ESI Possible situations 1.Email sent to wrong person 2.Legal dept. or lawyer’s account is hacked 3.Employee releases info without authorization California State Bar, Formal Opinion No. 2010-179 (recognizing duty to prevent) ABA Formal Opinion 11-459 (2011) (duty to protect confidentiality of email communications) 9
10
Reasonableness from two angles Does IHC have a legal duty to safeguard? Confi agreement? Other applicable law? As part of ethical duty, are efforts to safeguard reasonable? Sensitivity of information Likelihood of disclosure Cost Difficulty of implementation Adverse impact on representation? (e.g., too difficult to use software or equipment) Client consent? 10
11
Spotlight: Warrantless surveillance? Resulting ethical questions: –Privacy expectation: Can IHC no longer reasonably expect certain communications to be private? –Confidentiality: Must we protect against warrantless surveillance as part of the reasonable efforts to prevent inadvertent disclosures? –Privilege: Must we protect against warrantless surveillance to intend that a communication be made in confidence? It depends: –Type of information at issue, the client’s business, significance of risk, and other factors… 11
12
HYPO 1 – Inbox always full! Situation: In-house counsel’s work is never done at the end of the day. In- house counsel just received information from the compliance team that an employee may be offering bribes to public officials to secure company contracts. Action: The employee forwards the relevant documents and emails, including the name and other data on the suspected employee, to a personal email account so that he can spend the rest of the night working on the issue. This is much easier than trying to log back in through VPN. And the home network is password protected. Issue: Is the in-house counsel meeting the ethical obligation to make reasonable efforts to prevent inadvertent disclosure? 12
13
Takeaways on confidentiality Assess risks of handling information – systemically & matter specific “Reasonable efforts” for ethical duty; business need may require more Analyze separately from other legal obligations And yet, consider third party best practices (e.g. NIST Cybersecurity Framework) Either way, add value! 13
14
RECEIVING COUNTERPARTY’S METADATA ABA Model Rule 4.4(b): “A lawyer who receives a document or electronically stored information relating to the representation of the lawyer’s client and knows or reasonably should know that the document or electronically stored information was inadvertently sent shall promptly notify the sender.” 14
15
ABA Model Rule 4.4(b) Triggers Must know or should know ESI sent inadvertently Relates to representation “Inadvertently sent” ESI itself Info that includes ESI Obligations Notify sender No need to send back You can read metadata But avoid using special forensic software to access it HOWEVER: in California, no duty to notify. Sender must exercise reasonable care Oregon State Bar Formal Opinion 2011-187 15
16
HYPO 2 – Seal the deal! Situation: In-house counsel is negotiating a joint venture agreement with a real estate company. The deal would include the acquisition of critical IP assets that are difficult to value. Action: The counter-party sends the in-house counsel an iteration of the acquisition agreement that includes metadata showing an internal back and forth on pricing and other potentially privileged commentary. Issue? Can in-house counsel use the information to get the best deal for the client without notifying the counterparty? 16
17
OUTSOURCING & CLOUD COMPUTING ABA Model Rule 5.3 “With respect to a nonlawyer employed or retained by or associated with a lawyer: * * * (b) A lawyer having direct supervisory authority over the nonlawyer shall make reasonable efforts to ensure that the person’s conduct is compatible with the professional obligations of the lawyer; * * *.” 17
18
ABA Model Rule 5.3 What’s new Comment clarifies that rule applies to nonlawyers outside dept. –Investigators –Paraprofessionals –Document management –Printing or scanning co. –Internet-based svcs Comment includes monitoring responsibility 18
19
When are efforts reasonable? Depends on– Nonlawyer’s education, experience and reputation Nature of services How client information is protected Legal & ethical environments of jurisdictions New Hampshire Bar Opinion 2011-12/5 (2011) 19
20
Cloud Computing Ethics rules allow it It’s a form of outsourcing Exercise reasonable care to protect confidentiality of client information States largely agree that reasonable care required WSBA Advisory Opinion 2215 (2012) 20
21
HYPO 3 – We need cutting edge! Situation: GC determines that the widely dispersed legal team needs a more efficient way to communicate real time to serve the client. Additionally, legal documents – including contracts, advice memos, and board documents – need to be stored and properly catalogued in a central repository with tiered access rights. Action: GC is poised to hire an innovative start-up that would provide a custom solution at a competitive cost. Issue: Is there anything the GC needs to consider before signing the deal? 21
22
States may require a mix of precautions… Stay abreast of best practices Depending on sensitivity of date, get client consent Heed client instructions Understand provider’s security controls Periodically review security measures Have enforceable confi agreement Get notice of breach Ensure access to client data Delete data & return to client when not needed Ensure back-up strategy Consult expert as needed 22 E.g. New Hampshire State Bar Opinion 2012-13/4 (Cloud Computing)
23
Takeaways on outsourcing Give appropriate instructions to nonlawyers. If directing outside counsel to use certain vendors, agree on who is monitoring the vendors. Ensure nonlawyers in non-US jurisdictions understand your professional obligations. Remember, cloud computing is a form of outsourcing – so the same standards of diligence apply. 23
24
SOCIAL MEDIA A few rules of thumb– Check it for public info Preserve it as evidence Avoid using it to deceive Don’t share confi info on it Oregon State Bar Formal Opinion 2013-189 New Hampshire Bar Opinion 2012-13/05 (2013) New York City Bar Opinion 2010-2 (2010) Philadelphia Bar Opinion 2009-02 (2009) 24
25
PRACTICE TIPS FOR IN-HOUSE COUNSEL 1.Understand benefits & risks of relevant technology. 2.Take reasonable steps to protect client information from inadvertent disclosure. 3. Know that discovering metadata in your documents may trigger notification requirements. 4.Understand and plan for risks with cloud computing. 5.Know who is monitoring nonlawyer assistance and communicate your professional obligations. 6.Exercise care and diligence with social media. 25
26
THANK YOU! Association of Corporate Counsel Large Law Department 26
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.