TECHNOLOGY & ETHICS Association of Corporate Counsel © 2014 1
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
TECHNOLOGY & ETHICS
Association of Corporate Counsel
© 2014
2
AGENDA
Technology & Competence (ABA Model Rule 1.1)
Technology & the Duty of Confidentiality (ABA Model Rule 1.6)
Receiving Counterparty’s Metadata (ABA Model Rule 4.4)
Outsourcing & Cloud Computing (ABA Model Rule 5.3)
Social Media (still being chartered…)
3
WHAT’S NEW?
• August 2012 – ABA modernizes model rules of professional conduct
• Six new technology-related changes, including modifying definition of writing to include “electronic communications”
• Topics addressed include: competence, confidentiality, and outsourcing
• California – has addressed each of these issues through formal opinions; although has not adopted ABA Model Rules, California Bar is trendsetter in this space
Not in scope: Technology and Client Development
4
“An attorney’s obligations under the ethical duty of competence evolve as new technologies develop and
then become integrated with the practice of law.”
California State Bar Formal Opinion Interim No. 11-0004 (Feb. 28, 2014) (related to ESI and discovery request)
5
For IHC, where is tech competence relevant?
• Responding to discovery • Choosing to store client information in a cloud• Advising on compliance with data privacy regulation• Managing cyber and warrantless surveillance risks• Managing corporate information flows• Advising on document retention policies• Sending & receiving documents with metadata• Leveraging technology to lower department costs• Advising on social media for investigations, hiring, etc.
Proficiency needed may vary.
6
TECHNOLOGY & COMPETENCE
ABA Model Rule 1.1:“Competent representation requires
the legal knowledge, skill, * * * reasonably necessary for the representation.”
Comment [8] (new):“To maintain the requisite knowledge and skill, a lawyer
should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology…”
7
Takeaways on competence
• Not a new obligation• IHC should understand how
technology works• We can still rely on
consultants and IT experts
However– • Remember, we have the big
picture• Legal analysis of
technology- related decisions is key
8
TECHNOLOGY & CONFIDENTIALITY
ABA Model Rule 1.6(c) (new):“A lawyer shall make reasonable
efforts to prevent the inadvertent disclosure of, or unauthorized access to, information relating to the representation of a client.”
Earlier focus was simply:
“A lawyer shall not reveal information relating to the representation of a client * * *.”
ABA Model Rule 1.6(a).
9
ABA Model Rule 1.6(c)
Why?• Guidance on duty to
safeguard• Confi concerns with ESI
Possible situations1. Email sent to wrong person
2. Legal dept. or lawyer’s account is hacked
3. Employee releases info without authorization
California State Bar, Formal Opinion No. 2010-179 (recognizing
duty to prevent)
ABA Formal Opinion 11-459 (2011) (duty to protect confidentiality
of email communications)
10
Reasonableness from two angles
Does IHC have a legal duty to safeguard?• Confi agreement?• Other applicable law?
As part of ethical duty, are efforts to safeguard reasonable?• Sensitivity of information• Likelihood of disclosure• Cost• Difficulty of implementation• Adverse impact on representation?
(e.g., too difficult to use software or equipment)• Client consent?
11
Spotlight: Warrantless surveillance?
• Resulting ethical questions:– Privacy expectation: Can IHC no longer reasonably expect
certain communications to be private?
– Confidentiality: Must we protect against warrantless surveillance as part of the reasonable efforts to prevent inadvertent disclosures?
– Privilege: Must we protect against warrantless surveillance to intend that a communication be made in confidence?
• It depends: – Type of information at issue, the client’s business, significance of
risk, and other factors…
12
HYPO 1 – Inbox always full!• Situation: In-house counsel’s work is never done at the end of the day. In-
house counsel just received information from the compliance team that an employee may be offering bribes to public officials to secure company contracts.
• Action: The employee forwards the relevant documents and emails, including the name and other data on the suspected employee, to a personal email account so that he can spend the rest of the night working on the issue. This is much easier than trying to log back in through VPN. And the home network is password protected.
• Issue: Is the in-house counsel meeting the ethical obligation to make reasonable efforts to prevent inadvertent disclosure?
13
Takeaways on confidentiality
• Assess risks of handling information –
systemically & matter specific
• “Reasonable efforts” for ethical duty; business need
may require more
• Analyze separately from other legal obligations
• And yet, consider third party best practices (e.g. NIST Cybersecurity
Framework)
Either way, add value!
14
RECEIVING COUNTERPARTY’S METADATA
ABA Model Rule 4.4(b):
“A lawyer who receives a document or
electronically stored information relating to the representation of the lawyer’s client and knows or
reasonably should know that the document or electronically stored information was inadvertently sent shall promptly notify the sender.”
15
ABA Model Rule 4.4(b)
Triggers• Must know or should know ESI
sent inadvertently• Relates to representation
“Inadvertently sent”• ESI itself• Info that includes ESI
Obligations• Notify sender• No need to send back• You can read metadata• But avoid using special forensic
software to access it
HOWEVER: in California, no duty to notify. Sender must exercise reasonable care
Oregon State Bar Formal Opinion 2011-187
16
HYPO 2 – Seal the deal!• Situation: In-house counsel is negotiating a joint venture agreement
with a real estate company. The deal would include the acquisition of critical IP assets that are difficult to value.
• Action: The counter-party sends the in-house counsel an iteration of the acquisition agreement that includes metadata showing an internal back and forth on pricing and other potentially privileged commentary.
• Issue? Can in-house counsel use the information to get the best deal for the client without notifying the counterparty?
17
OUTSOURCING & CLOUD COMPUTING
ABA Model Rule 5.3“With respect to a nonlawyer employed or retained by or associated with a lawyer: * * *
(b) A lawyer having direct supervisory authority over the nonlawyer shall make reasonable efforts to ensure that the person’s conduct is compatible with the professional obligations of the lawyer; * * *.”
18
ABA Model Rule 5.3
What’s new
• Comment clarifies that rule applies to nonlawyers outside dept.
– Investigators – Paraprofessionals– Document management – Printing or scanning co.– Internet-based svcs
• Comment includes monitoring responsibility
19
When are efforts reasonable?
Depends on–
• Nonlawyer’s education, experience and reputation
• Nature of services
• How client information is protected
• Legal & ethical environments of jurisdictions
New Hampshire Bar Opinion 2011-12/5 (2011)
20
Cloud Computing
• Ethics rules allow it
• It’s a form of outsourcing
• Exercise reasonable care to protect confidentiality of client information
• States largely agree that reasonable care
required
WSBA Advisory Opinion 2215 (2012)
21
HYPO 3 – We need cutting edge!• Situation: GC determines that the widely dispersed legal team needs
a more efficient way to communicate real time to serve the client. Additionally, legal documents – including contracts, advice memos, and board documents – need to be stored and properly catalogued in a central repository with tiered access rights.
• Action: GC is poised to hire an innovative start-up that would provide a custom solution at a competitive cost.
• Issue: Is there anything the GC needs to consider before signing the deal?
22
States may require a mix of precautions…
Stay abreast of best practices Depending on sensitivity of date, get client consent Heed client instructions Understand provider’s security controls Periodically review security measures Have enforceable confi agreement Get notice of breach Ensure access to client data Delete data & return to client when not needed Ensure back-up strategy Consult expert as needed
E.g. New Hampshire State Bar Opinion 2012-13/4 (Cloud Computing)
23
Takeaways on outsourcing
• Give appropriate instructions to nonlawyers.
• If directing outside counsel to use certain vendors, agree on who is monitoring the vendors.
• Ensure nonlawyers in non-US jurisdictions understand your professional obligations.
• Remember, cloud computing is a form of outsourcing – so the same standards of diligence apply.
24
SOCIAL MEDIA
A few rules of thumb–
• Check it for public info
• Preserve it as evidence
• Avoid using it to deceive
• Don’t share confi info on it
Oregon State Bar Formal Opinion 2013-189
New Hampshire BarOpinion 2012-13/05 (2013)
New York City Bar Opinion 2010-2 (2010)
Philadelphia Bar Opinion 2009-02 (2009)
25
PRACTICE TIPS FOR IN-HOUSE COUNSEL
1. Understand benefits & risks of relevant technology.
2. Take reasonable steps to protect client information from inadvertent disclosure.
3. Know that discovering metadata in your documents may trigger notification requirements.
4. Understand and plan for risks with cloud computing.
5. Know who is monitoring nonlawyer assistance and communicate your professional obligations.
6. Exercise care and diligence with social media.
26
THANK YOU!
Association of Corporate Counsel
Large Law Department
Related Documents
