On March 10, 2021, the American Bar Association Standing Committee on Ethics and Professional Responsibility issued Formal Opinion 498, addressing ethical rules implicated by virtual practice. The ABA opinion explains that the Model Rules of Professional Conduct permit virtual practice, defined as "technologically enabled law practice beyond the traditional brick-and-mortar law firm." However, a lawyer must take steps to ensure that they satisfy their obligations to provide competent representation, to maintain client confidentiality, and to effectively communicate with the client. The ABA opinion tracks with the issues we discussed in our May 2020 article, "Zooming and Attorney-Client Privilege." In that piece, we examined the use of videoconferencing and the accompanying risks to the privacy of client data and attorney-client privilege. The ABA's formal opinion provides detailed guidance for a profession "unexpectedly thrust into practicing virtually."

Ethical Duties

The ABA's opinion begins with an overview of the ethical duties that apply to a lawyer's virtual practice, including:

  • Competence, Diligence, and Communication: A lawyer must maintain the relevant knowledge and skill to be competent, including staying abreast of the benefits and risks of evolving technology. The opinion cautions that the difficulties of practicing virtually must not impede a lawyer's ability to communicate effectively with the client or to vindicate the client's interests.
  • Confidentiality: A lawyer engaging in virtual practice "must fully consider and implement reasonable measures to safeguard confidential information and take reasonable precautions when transmitting such information." There is no requirement that a lawyer use special security measures if the method of communication "affords a reasonable expectation of privacy." However, when practicing virtually, a lawyer should consider whether new technology and a new working environment pose risks to client confidentiality, particularly regarding highly sensitive information or private information protected by law or a confidentiality agreement. These risks may require that the lawyer take special measures to enhance the security of communications and client data.
  • Supervision: A lawyer must make reasonable efforts to ensure that subordinate lawyers and non-lawyer assistants comply with the rules of professional conduct. Supervising others may be especially challenging when working remotely, but "practicing virtually does not change or diminish this obligation." Video conferencing and "screen share" technologies help lawyers to supervise, but these technologies also present potential pitfalls that a lawyer may avoid if they understand how to use security features built into the technology.

Virtual Practice Considerations and Issues

The ABA opinion emphasizes that lawyers practicing virtually need to assess whether their technology and work environment are consistent with their ethical obligations. The opinion highlights several common features of virtual practice:

  • Hardware and Software: There are many options available for safeguarding client communications, including use of updated security-related software, secure Wi-Fi, Virtual Private Networks (VPNs) or firewalls, and complex and unique passwords that are changed regularly.
  • Client Files and Data: Having reliable remote access to client files and data is critical to any virtual practice. Lawyers should vet any third-party service, such as cloud service, to ensure appropriate levels of security, and lawyers should regularly back up their data.
  • Virtual Meeting Platforms and Videoconferencing: Lawyers should review the terms of service for virtual meeting or videoconferencing platforms to ensure that using the platform is consistent with the lawyer's ethical obligations. Access to accounts and meetings should be through strong passwords, and the lawyer should explore whether the platform encrypts communications, as well as if the platform offers higher tiers of security for businesses that are not available on free or inexpensive consumer level applications.
  • Virtual Document and Data Exchange Programs: Virtual document and data exchange platforms should ensure that documents and data are being archived appropriately for later retrieval and that the service or platform is and remains secure. The lawyer may use encryption when sending confidential information by email, and use secure file-share programs to transfer confidential data.
  • Prevent Being Overheard: A lawyer should ensure that their virtual workplace does not enable confidential and privileged communications to be overheard by non-lawyer individuals in the workplace, or by the myriad electronic listening devices that may be sitting around. Smart speakers, virtual assistants, smart phones with enabled voice access, and other devices that may be listening should be disabled if not being used by the lawyer to assist their communications. Otherwise, the lawyer is exposing the client's and other sensitive information to unnecessary and unauthorized third parties and increasing the risk of hacking.

The ABA's opinion provides helpful practical guidance for lawyers working virtually, but only scratches the surface of the ways that the security of client data and communications can be threatened. When an organization's personnel are working virtually, data can be put at risk through bring-your-own-device policies or the use of personal email accounts to communicate client information, as two examples. Lawyers, and their IT support, should implement steps to mitigate these risks. As working virtually transforms from a temporary necessity to a long-term choice, it will be necessary for lawyers to remain up-to-date about evolving technology and risks, and to think proactively about ways to protect their client's confidences.