Lawyers in Manhattan have a duty to acquire and maintain the technological competence required to safeguard their clients’ electronically transmitted or stored information (ESI), the New York County Lawyers’ Association’s Committee on Professional Ethics (“Ethics Committee”) has advised as part of a recent opinion.
This duty, the Ethics Committee said, stems from the New York Rules of Professional Conduct (RPC), which require lawyers to “provide competent representation” and demonstrate the requisite “legal knowledge, skill, thoroughness and preparation necessary” to do so. More broadly, the opinion explained that the lawyer’s ethical duty of competent representation is not limited to his or her substantive legal expertise but “extends to the manner in which he or she provides legal services.”
Lawyers Must Know Legal Technology and Emerging Data Types
Just how much technological savvy a lawyer needs will differ from one engagement to another, depending on the sophistication of the client’s system and/or the complexity of the case. In general, the Ethics Committee opinion explained that the duty “expands” as new technologies change the business processes of providing legal representation. If a lawyer is unable to satisfy the duty of technological competence associated with a matter, the committee said, then the lawyer should decline representation.
Lawyers Must Safeguard Against Data Breach – Even When They Send Data to Third Parties
A comment to the rule (RPC 1.1, Cmt. ) specifies that this requirement imposes a duty of technological competence, including a duty to “keep abreast of the benefits and risks associated with technology the lawyer uses to provide services to clients or to store or transmit confidential information.” The Ethics Committee opinion also cited another RPC provision (RPC1.6), which, among other things:
- prohibits lawyers from knowingly revealing clients’ confidential information or allowing it to be used to the disadvantage of the client (or for the advantage of the lawyer or a third party) and
- imposes a duty to “exercise reasonable care to prevent disclosure” of clients’ confidential information through the lawyer’s employees, vendors, and others whose services the lawyer utilized in the course of representing the client.
Lawyers Must Understand eDiscovery Legal Tech
Reading these provisions together, and citing prior ethics opinions from the bar associations of New York state and New York City regarding a lawyer’s duty to protect and secure clients’ confidences and secrets, the Ethics Committee outlined the duty of technological competence specifically as it relates to electronic information. For example, lawyers dealing with client’s electronically stored information (ESI) must assess, from the start of an engagement:
- whether eDiscovery will be required;
- what kinds of issues may arise;
- who the relevant document custodians are;
- how the client’s network and databases work (as they relate to the relevant ESI); and
- how to collect and preserve potentially relevant ESI in a manner that would allow the lawyer to retrieve responsive ESI in the event that eDiscovery is demanded.
The Ethics Committee noted that the Federal Rules of Civil Procedure (particularly Rule 16 regarding pretrial conferences, Rule 26 regarding discovery procedures, and Rule 37 regarding “failure to make disclosures or to cooperate in discovery”) as well as New York’s Uniform Trial Court Rules (Rules 202.12(b) and 202.70(g)) impose specific obligations regarding ESI in matters governed by those rules. In some cases, depending on the client’s location, the ESI-related rules of other states may also apply.
Lawyers Must Vet Their Vendors for Security
The New York ethics rules require the lawyer to “assess his or her own eDiscovery skills and resources in order to meet these ESI demands” of various jurisdictional rules, the committee said in its opinion. If the lawyer’s skills are inadequate, he or she must get proper training or expert help from another professional. In any event, the lawyer remains solely responsible for his or her own ethical obligations and for ensuring that the work of anyone whose expertise is sought to fulfill those obligations is actually sufficient to fulfill them. Moreover, the lawyer must ensure that “everyone involved in the eDiscovery process on behalf of the client is conducting themselves accordingly.”
The opinion pointed to threats from hacking, data breaches, and “software or hardware error” as reasons that lawyers must keep current with their technological knowledge—either personally or through proficient associates or advisors—so that they can take appropriate measures to avoid exposing the client’s ESI to such threats while also utilizing the client’s ESI for effectively representing the client.
Want to learn how to assess your vendors to ensure your – and your clients’ – data will be safe in their hands? Download our free “Seven Essential Questions to Ask your eDiscovery Provider” handbook today!