The Arizona State Bar has published Ethics Opinion 09-04 “Confidentiality; Maintaining Client Files; Electronic Storage; Internet” in December 2009. This opinion will apply to attorneys operating virtual law practices within the AZ Bar jurisdiction and is similar to the NC Bar 2008 Formal Ethics Opinion 5, Web-based Management of Client Records published July 2008. In fact the NC Formal Ethics Opinion 5 is cited in this new AZ opinion.
AZ Opinion 09-04 addresses the ability of an attorney to work with clients and deliver legal services online. The question presented in the opinion lays out the method that the inquiring attorney would use to securely deliver the documents to his or her clients online. In this case, the documents would be converted to “password-protected PDF format,” and the client would access those files for review over a secure site which uses “encryption and three layers of unique randomly generated alpha-numeric folder names and passwords.”
The AZ Bar pointed to the two related, existing rules of professional conduct which are the same rules that we have seen applied in other opinions related to virtual law practice: Competence and Confidentiality of Information. A previous AZ Bar ethics opinion has permitted electronic storage of law office data, including clients’ files (Az Ethics Op.05-04).
Here is what I love about this opinion. They allow for the proposed method of delivering legal services online to the client, but they recognize that this is not where it ends. From the Opinion:
However, the Committee also recognizes that technology advances may make certain protective measures obsolete over time. Therefore, the Committee does not suggest that the protective measures at issue in Ethics Op. 05-04 or in this opinion necessarily satisfy ER 1.6’s requirements indefinitely. Instead, whether a particular system provides reasonable protective measures must be “informed by the technology reasonably available at the time to secure data against unintentional disclosure.” N.J. Ethics Op. 701. As technology advances occur, lawyers should periodically review security measures in place to ensure that they still reasonably protect the security and confidentiality of the clients’ documents and information. (emphasis added)
This is clearly the best way that the state bars can address virtual law practice without preventing or discouraging innovation. The attorney practicing law online has the responsibility to stay current on the security issues involved in using the technology. If they are not able to do so for themselves, then they need to trust an IT professional or their SaaS provider to keep their system up to date and protected.