A Federal Court judge recently told me that when he asked the lawyer about the ESI (Electronically Stored Information) in his matter, the lawyer replied there wasn’t any. When the judge asked if there were going to be any e-mails that he’d be producing, the lawyer said, “yes, but that’s not ESI.”
Given the readily available technology that greatly increases security of client data, eDiscovery review technology that substantially reduces overall review time and costs by surfacing up more relevant data faster, and the general availability of free eDiscovery education and resources, the question becomes whether a lawyer may be brought up on ethics violations or potentially face malpractice charges for intentionally or negligently (by virtue of her ignorance) failing to employ the appropriate technology?
I had the opportunity to sit down over a cup of coffee with Dennis Rendleman, Ethics Counsel at the American Bar Association, Center for Professional Responsibility, in Chicago one cold afternoon this past winter. Besides having a wonderful conversation with Dennis on a broad range of issues, I tested my hypothesis out on Dennis. Ultimately, he said that if I add “maybe” and “could be” to my hypothesis, rather than “shall” or “will,” the answer “might be,” “potentially,” and “possibly,” under the right set of facts – yes!
Of course, this answer reminds me of a quote by Jeremy Bentham, the famed English philosopher, who once said: “Lawyers are the only persons in whom ignorance of the law is not punished.” And yet, if we hold litigants to the maxim of ignorantia juris non excusat, shouldn’t we, as lawyers, apply it to ourselves as well when it comes to cybersecurity and eDiscovery technology?
To answer this question, I always like to start with Rule 1.1 of the ABA Model Rules of Professional Responsibility. It states:
A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.
But then the question becomes how do you define competence as it relates to relevant technology? To answer this, Comment 8 is our guiding light. It states:
“To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject” (emphasis added).
In other words, irrespective of the expertise that may be required in a matter, if the lawyer is not keeping up with the “benefits and risks” associated with “relevant technology” in eDiscovery, then she may not be considered competent in that particular matter. The addition of these highly probative phrases were added in 2012. Interestingly enough, since 2012, 36 states in the country have modified their own state’s ethics rules to include the same or substantially same verbiage.
Still, when does an attorney become subject to a potential ethics violation for not understanding the “benefits and risks associations with relevant technology?” If we dig deeper, would any of the following examples potentially subject a lawyer to an ethics violation?
Given the advancements in technology as a result of the sheer volume of data that is being created today, it is imperative that every lawyer either understand the basics of cybsersecurity and eDiscovery technology or work with another lawyer to ensure compliance within the Federal Rules of Civil Procedure (FRCP) and the Federal Rules of Evidence (FRE) (or her particular states’ analogous laws). Additionally, she can become knowledgeable through receiving the input and advice of her Litigation Support staff, CISO or IT Director, eDiscovery paralegal, and/or their trusted service providers to make the appropriate decisions from there.
Deliberately choosing to put one’s head in the sand is not a tactic that pays off in the long run. Courts have been increasingly chastising lawyers for not paying attention to “relevant technology.” In fact, a whole post can be written on every judge throughout the country who has lambasted (and sanctioned) lawyers in case law for not understanding eDiscovery. Why chance it? Take advantage of free education through ACEDS, attend free webinars, partner with your litigation support team, and your trusted service provider to ensure that ignorantia juris non excusat doesn’t translate into a potential ethics violation – or possibly worse.
[i] See Rule 1.6(c) that requires lawyers to “make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” Under Comment 17, it says that a “lawyer must act competently to safeguard information relating to the representation of a client against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision.” Comment 18 says lawyers must take “reasonable precautions to prevent the information from coming into the hands of unintended recipients.” Comment 19 really sums it all up: a “lawyer must make reasonable measures to ensure the inadvertent disclosure.” Jill Rhodes, the chief information security officer for Trustmark Companies said once that the “biggest factor that makes law firms of all sizes vulnerable to a cyber-attack is insider ignorance. All it takes is to step away from your computer without locking it or working on sensitive client information while using the free WIFI at your local coffee ship where the system is “very exposed and makes law firm data vulnerable.” https://www.law360.com/articles/464016/big-law-firms-are-most-vulnerable-to-hackers-aba-panel