By Michael Filbin
In 2012, the American Bar Association amended its Model Rules of Professional conduct, adding a requirement that lawyers have technological competence. Specifically, the ABA set forth that “a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…” Since then, over 30 states have added similar requirements to their own Rules of Professional Conduct.
Today the majority of states require lawyers to have tech competency, but it is unclear what exactly a lawyer needs to know. The 2012 Amendment is not specific, nor have there been many judicial opinions regarding lawyers’ technological competency. Regardless, there are certain risks that come with using technology today that all lawyers should be aware of.
Lawyers frequently communicate through email, utilize third-party software companies to conduct document review, and store sensitive client data on hard drives. In addition, cyber-attacks and data breaches are happening more and more often. Consequently, the potential for sensitive client data ending up in the wrong hands is great if lawyers are not technologically competent. While it is not exactly clear what is required for a lawyer to have tech competence, I believe that lawyers should at the very minimum have a rudimentary understanding of what they can do to safeguard client data.
Knowing how to protect client data will obviously vary from practice to practice, however, there are several basic things almost all attorneys can do to make sure their client’s information is safe. First, lawyers should make sure that they have some form of anti-virus and antispyware software. McAfee and Norton are popular companies that offer anti-virus and anti-spyware software. Second, when lawyers are electronically sending sensitive client information, they should encrypt their files with a password, and send the password to the intended party in another email, so if the email is intercepted or sent to a wrong party the client’s information will remain safe. And third, lawyers should understand the threat of phishing scams. Even if firms have robust security software in place, hackers are still able to send emails to lawyers pretending to be someone else in attempts to get information or access to their networks. If lawyers do not recognize the recipient, or if the email does not seem right, they should err on the side of caution and report the email as junk, and then follow up with the person over the phone or in person to confirm if the email was legitimate or not.
Overall, I strongly support the American Bar Association and the states that have followed suit in requiring lawyers to have technological competence. Even though the requirement is currently broad and vague, it nonetheless recognizes the importance of lawyers having tech knowledge, which is a step in the right direction. By simply installing anti-virus technology, taking steps to secure client information, and being cognizant of phishing scams, lawyers can make a huge difference in preventing client information from ending up in the hands of nefarious individuals.
Student Bio: Michael Filbin is a third-year student at Suffolk University Law School. He is an Articles Research Officer on the Journal of High Technology Law. Michael holds a B.S. in Finance from Stonehill College.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.