In today's world, technology is ever changing and data breaches are widespread. Both have repercussions for the legal profession. As technology has evolved and become more intrusive, the obligations of attorneys and how attorneys handle client matters has also evolved.
Attorneys must conduct business while maintaining their fiduciary duty to clients and adhere to the Michigan Rules of Professional Conduct (the "Michigan Rules"). However, these standards are evolving with technology. Attorneys have an obligation to maintain a client's utmost trust and confidence.
Specifically, Michigan Rule 1.1 states that an attorney shall provide competent representation to a client. The comment to Rule 1.1 further states that "a lawyer should engage in continuing study and education." While the rules and comments do not mention technology explicitly, being a competent attorney in today's world undoubtedly requires some understanding and use of technology. Michigan Rule 1.6 deals with confidentiality and states that "a lawyer shall exercise reasonable care to prevent employees, associates, and other whose services are utilized by the lawyer from disclosing or using confidences or secrets of a client." Essentially, this means that an attorney should make reasonable efforts to prevent the disclosure of sensitive information. This pertains to any way that someone could inadvertently get client information, including through the use of technology. In addition to being knowledgeable of various legal arguments, attorneys should also be aware of technological implication that may impact their ability to competently represent clients and safeguard sensitive information.
Technology is further shaping the professional rules of conduct. Not only should attorneys consider physical disclosures, they, also, must consider the security of client information stored on the cloud, email servers, personal devices, or social media websites. Accordingly, attorneys must be competent in a multitude of technological platforms in order to protect client information and adhere to professional standards.
One case that highlights this point is from the Western District of Virginia (Harleysville Insurance Company v. Holding Funeral Home, Inc.). In that case, an investigator for the plaintiff's insurance company uploaded information onto an internet-based file sharing service without any password protections. Later, the defense received a link to that file during discovery, thus the defense had access to the entire file that the plaintiff intended to rely on in the lawsuit. The plaintiff requested a disqualification of the defendants' counsel, but Judge Pamela Meade Sargent did not grant the motion. She analogized having this information on an internet-based service with no protections like leaving a "claims file on a bench in the public square and telling its counsel where they could find it."
Essentially, this decision meant that the plaintiff had waived their privilege when it uploaded the documents to the online service. The attorney could have properly addressed this issue if there was a better understanding of the technological impact of saving client data onto an internet-based file sharing site. Advising everyone involved in the case on how to handle sensitive information could have prevented this outcome.
Other circumstances where these breaches may arise are through the improper use of personal email or social media, the use of the cloud for document storage with no password protections, and working on public internet connections such as in coffee shops or bookstores. These ideas do not only apply to attorneys, but also to businesses.