The State Bar of California has released a draft formal ethics opinion (No. 10-0003) regarding the use of a “virtual law office practice” by an attorney. This seven page ethics opinion was tentatively approved by the State Bar Standing Committee on Professional Responsibility and Conduct on November 5th and has been published for a 90-day public comment period.
The question posed in the opinion:
May an attorney maintain a virtual law office practice (“VLO”) and still comply with her ethical obligations, if the communications with the client, and storage of and access to all information about the client’s matter, are all conducted solely through the Internet using the secure computer servers of a third-party vendor (i.e., “cloud computing”)?
The opinion acknowledges the impact that the Internet and technology have had on the legal profession and that “the provision of legal services via a VLO has started to emerge as an increasingly viable vehicle in which to deliver accessible and affordable legal services to the general public.”
The draft opinion finds that the ethics issues involved in the use of technology in law practice are the same for both a VLO and a traditional law practice. It refers attorneys to CA State Bar Formal Opinion 2010-179 which was published last December and covers in more detail the duty to protect client confidentiality when using technology to transmit or store client information.
However, this draft opinion states that while the duties are the same, the use of a VLO requires more specific due diligence because of its “wholly outsourced Internet-based nature.” At the same time the opinion also provides in a footnote that not all VLOs will be completely web-based but may be incorporated into a traditional law firm structure.
Due diligence in the selection of the VLO vendor is required as is the duty to have a basic understanding of the security of the technology or to consult with someone who can advise on this. The opinion then provides a list of factors for the attorney operating a VLO to consider when conducting due diligence on a technology provider and references ABA, CA and other state bar ethics opinions where more guidance on these issues may be found. The factors to consider are:
1. Credential of the vendor,
2. Security of the data,
3. The technology provider’s transmission of the client’s information across jurisdictional boundaries and other third-party servers (ie, understanding the transmission of your client data, relationships between your technology provider and their hosting company, and the security involved in this process),
4. The attorney’s ability to supervise the vendor (This one concerns me, especially with the ABA’s Commission on Ethics 20/20 attempting to add Internet-based providers to the comments of a revised version of Model Rule 5.3. They need to distinguish between human and non-human outsourcing in this rule because there is no way your average attorney is going to be able to “monitor” or “supervise” a technology provider or negotiate any specifically unique terms for a SLA. At least not the same way an attorney would with outsourcing a document preparation or review service. This difference in the level of supervision possible should be addressed.), and
5) Terms of Service of Contract with Vendor.
I like that the proposed rule makes the point of requiring due diligence as an on-going process and recommends re-assessment of the technology and security on a regular basis. Basically, if you can’t keep up with the changes in technology and security, you have no business delivering legal services online.
The opinion suggests but does not require that the attorney receive consent from clients for the use of the technology. I don’t think this is a big deal in the first place because it can easily be obtained from the client in the process of having them sign the engagement agreement.
The draft opinion’s discussion of competence is really no different that what occurs in a traditional law practice, just in a digital format (ex. web conferencing to “look the client in the eye” and to pick up on nonverbal cues) and using technology to communicate and affirm competency and understanding of the client.
Clients having sufficient access to the technology and knowledge of how to use it is discussed. This is probably not as much of an issue for a VLO because clients registering online to work with an attorney start out seeking online legal services so they are empowered by search engines and other resources and are typically competent in how to navigate the Internet to do any number of tasks online.
The opinion also acknowledges that limited scope representation services may be delivered online and briefly discusses the best practices for ensuring that this is handled properly.
The opinion concludes:
The Business and Professions Code and the Rules of Professional Conduct do not impose greater or different duties upon a VLO practitioner operating in the cloud than they do upon attorneys practicing in a traditional non-VLO.
While Attorney may maintain a VLO in the cloud, Attorney may be required to take additional steps to confirm that she is reasonably addressing ethical concerns raised by issues unique to this type of VLO. Failure by Attorney to
comply with her ethical obligations relevant to these issues will preclude the operation of a VLO in the cloud as described.
I am winding up a fall course on virtual law practice for around 20 LLM students and several of them have created business plans to implement their own virtual law offices in CA, both completely web-based and integrated into more traditional law firms. This draft will be a welcome addition to their existing research into the subject as they strive to comply with their professional responsibilities.
I am going to review the draft opinion again to make sure I have processed it all, but from my initial review, it is a balanced draft of an ethics opinion that could provide much-needed guidance to members of the CA Bar looking to engage in virtual law practice.