A virtual law office relies on a third-party provider to operate. A legal SaaS provider maintains my virtual law office and the data is hosted on a server that is maintained by another third-party company that has leased its servers to my SaaS provider.
By using this form of technology to practice law online, am I “outsourcing” as governed by ABA Formal Ethics Opinion 08-451? Does my use of a third-party technology provider fall under supervision of “non-lawyers” in Model Rule 5.3?
*open can of worms*
The ABA Ethics Commission 20/20 has raised the question of whether cloud computing should be classified as a form of outsourcing. This can be found in the issues paper entitled “Client Confidentiality and Lawyers’ Use of Technology.” ABA Formal Ethics Opinion 08-451 describes a lawyer’s obligations when outsourcing work to lawyers and non-lawyers. One comment to Rule 5.3 states that the duty to supervise non-lawyers extends to those who serve as independent contractors.
My position: Selecting a cloud-based technology solution for practice managment is not outsourcing. It is a business method, a form of delivery. Rules 1.6 (duty of confidentiality) and 1.15 (safe-guarding client property) require that attorneys use reasonable care in protecting the confidentiality of their client’s property. To comply, attorneys must do their due diligence in researching and selecting their SaaS provider and any other third-party services. This requirement provides adequate regulation for the use of a cloud-based technology in law practice management. State bars may provide their members with guidelines and education about how to handle the selection of technology providers or larger firms may decide to hire IT consultants to help them with these decisions.
There has been and always will be some third-party involved in the delivery of legal services to our clients, whether the delivery is online or traditional.
Attorneys have been using online banking for years now, shall we consider this a form of outsourcing? Go back further to the days of snail mail. The USPO as non-lawyer requiring supervision? Think Wells Fargo is going to let me supervise their business practices when I use online banking for my law office accounts? Think Google or Microsoft are going to report all of their business practices to individual attorneys in order to get the business of the legal profession? I hate to think of the chill on legal technology innovation that such requirements would cause.
As with any business method chosen by a law firm, it is their repsonsibility to research and select a service provider that is best suited to help the firm comply with the Rules of Professional Responsibility.
There is a lot more going on here that we could discuss. If it’s outsourcing, would it require notice and consent of clients prior to its use? What do other virtual lawyers think about potential rule changes that would change the classification of cloud-based technology?
Bradley B. Clark
I could not agree with you more, Stephanie.
The USPS example is perfect.
Another example: most clients communicate with us from email addresses hosted by Google, Yahoo, or their employer. If we respond to that email address (which we all do) have we violated the rules? Should we obtain written consent (after full disclosure of the risks) to communicate with clients at these email addresses? These questions all make for a great debate but the bottom line remains: our state bar rules, the model rules, and the committee’s interpreting the rules must understand and appreciate how our clients choose to communicate with us.
Bradley B. Clark
Why does it seem like ABA’s Ethics 2020 Committee is coming after virtual lawyering from every possible angle? On one hand, the ABA appears to promote this efficient & cost-effective delivery method, which affords so many pro se litigants the opportunity to receive sufficient, if not full, representation. Yet, they’ve created this oversight committee which seems hell-bent on finding a way to regulate and/or control this method of practicing law.
Rather than spend our dues creating a committee that requires us to defend virtual law practice, why not create one that looks for ways to support their members, and lawyers at large, in pursuing use of this significant technology that will become a predominant method of legal services delivery in the future?
You raise an interesting point about third party disclosures. It seems absurd that sending an email over Gmail would be considered a third party disclosure. I would argue that we have an obligation to only use services that are reputable/have quality security measures in place, but beyond that, we can’t allow the perfect to be the enemy of the good. Check out an interesting overview of Alambama’s efforts on this front here: http://blog.laptopsentry.com/post/Alabama-State-Bar-Association-Mandates-Client-Data-Protections.aspx.
Thanks for the great article!