Feb. 17, 2021 – COVID-19 vaccines are here and normalcy is on the horizon, but many lawyers and other legal professionals will continue to work remotely until the viral storm passes. Even then, remote work may continue for those who have found efficiencies.
“Many lawyers have worked remotely from home or satellite offices or on the go for years,” said Christopher Shattuck, who manages the State Bar of Wisconsin's Law Office Management Assistance Program (Practice411™).
“But post-pandemic, I think we will see a lot more lawyers and law firms using or implementing remote tools to be more efficient and better serve clients. That’s the silver lining. The pandemic has really forced the legal profession to embrace technology.”
For criminal and civil litigators, remote hearings will likely continue in the courts throughout 2021, in some form. Circuit courts are still operating under local safety and court operation plans and many hearings are still being conducted via Zoom (see Zoom hearing resources).
Now, a new ethics opinion from the State Bar’s Professional Ethics Committee provides more guidance on the ethical obligations of providing legal services remotely. This article highlights the major topic areas covered in the opinion. Read the full opinion.
Ethics Opinion EF-21-02
Recently issued, Wisconsin Formal Ethics Opinion EF-21-02 (Jan. 29, 2021) discusses the “basic responsibilities that a lawyer owes the client – competence, diligence, communication, and confidentiality” – irrespective of the lawyer’s physical location.
Joe Forward, Saint Louis Univ. School of Law 2010, is a legal writer for the State Bar of Wisconsin, Madison. He can be reached by org jforward wisbar email or by phone at (608) 250-6161.
“Historically, the practice of law has been defined by in-person interactions: between lawyers and their clients, between opposing counsel, and through face-to-face discussions or contested hearings in court with all parties present to resolve clients’ matters,” the opinion noted.
“Over time, technological advances have replaced many of these personal interactions, as well as other aspects of practice such as the transfer and storage of client information. In addition, it is expected that lawyers, like other professionals, will continue to work remotely in some form after the pandemic.”
Duty of Competence
The opinion notes that lawyers must provide “competent representation to a client through reasonably necessary legal knowledge, skill, thoroughness and preparation.” That includes competence in the use of technology.
Basic technological competence includes “knowledge of the types of devices available for communication, software options for communication, preparation, transmission and storage of documents and other information, and the means to keep the devices and the information they transmit and store secure and private,” the opinion notes.
“Larger firms will often employ expert staff to address these concerns. Smaller firms or sole practitioners may need to retain the services of an expert if they lack the knowledge to personally manage the technological aspects of practice.”
Duty of Communication
The opinion notes the lawyer’s duty to communicate with clients. “The current pandemic or any other disaster or emergency makes regular contact with clients more important than ever,” the opinion notes. “The client needs to know how to contact the lawyer just as the lawyer must know how to contact the clients.”
When working remotely, the opinion explains, calls and emails may be routed through the firm’s communication system, and lawyers must have a system in place to ensure no communications are missed.
“The lack of personal contact with the client can create additional communication challenges,” the opinion notes.
“Video hearings often will not allow for confidential discussions between the lawyer and client, making advance preparation important. Execution and notarization of documents also present special challenges, which must be communicated to the client.”
Duty of Confidentiality
“Perhaps no professional obligation has been impacted more by technology than the duty of confidentiality,” the opinion notes.
“The use of technology has increased convenience but has at the same time increased the risk of unauthorized access to an inadvertent disclosure of confidential client information.”
Wisconsin adopted modifications to the confidentiality rule in 2017. They relate to the lawyer’s duty to safeguard information and “take reasonable precautions to prevent the information from coming into the hands of unintended recipients.”
“Compliance with these duties can be complicated, particularly when the lawyer is working remotely, physically separated from co-workers, staff, and the information to be protected,” the opinion notes.
Responsibilities of Partners, Managers, and Supervisory Lawyers
Law firm partners, managers, and supervisory lawyers have a duty to provide reasonable assurance that all lawyers in the firm conform to the Rules of Professional Conduct for Attorneys and “to provide reasonable assurance that the conduct of each nonlawyer, including consultants and vendors, is compatible with the Rules.”
“Oversight of fellow professionals is challenging under any circumstance. It can be particularly challenging when those supervised are working in different, remote locations, separate from their supervisor and each other,” the opinion notes.
To help achieve the level of supervision envisioned by the rules, the opinion recommends “developing a structure to adhere to a schedule, facilitate collaboration, communication, and conduct regular meetings by videoconference.”
“Regular mandatory training, review of the circumstances of a remotely-working lawyer, the assignment of experienced mentors to new lawyers, and the creation of teams are also strategies that can facilitate efficiency in the context of remote work.”
Unauthorized Practice of Law
Advances in technology have made it possible for lawyers to easily work remotely and in virtual law practices, raising questions about the unauthorized practice of law and multijurisdictional practice, which involves a plethora of issues.
“[T]he focus of this opinion is whether a lawyer, while in a location where the lawyer is not licensed, may conduct a virtual practice in a jurisdiction where the lawyer is licensed,” the opinion notes.
The conclusion is that a lawyer who is not licensed in Wisconsin can still represent clients from the state where the attorney is licensed even if the attorney is located in Wisconsin.
“Based on the language of SCR 20:5.5, its purpose, and the other ethics opinions, we conclude that the Rule does not prohibit an out-of-state lawyer from representing clients from the state where the attorney is licensed even if the out-of-state lawyer does so from the lawyer’s private location in Wisconsin,” the opinion notes.
For situations in which a lawyer is licensed to practice in Wisconsin but is located in another state or providing virtual legal services to clients in jurisdictions outside Wisconsin, the opinion notes that lawyers must look to the rules in those jurisdictions.
Ethics Opinion EF-21-02 notes that it is impossible to provide specific requirements for working remotely because lawyers’ ethical duties are continually evolving as technology changes. It is possible, however, to provide some general guidance.
“The following cybersecurity practices have been recommended by a number of ethics opinions and other resources. None of these practices are new: they are reasonable precautions that have helped lawyers fulfill their ethical obligations, especially the duty of confidentiality, when working in the office and when working remotely, whether at home during evenings and weekends, or during travel for work or vacation.”
- Require strong passwords to protect data and to access devices. The more complex the password, the less likely that an unauthorized user will be able to access data or devices by using password-cracking techniques or software.
- Use two-factor or multifactor authentication to access firm information and firm networks. Although requiring an additional authentication step, such as a six-digit code sent to the lawyer’s phone or email, may seem inconvenient or burdensome, it is a reasonable precaution that increases protection and reduces the likelihood of unauthorized access by providing an additional layer of security beyond a strong password
- Avoid using unsecured or public Wi-Fi when accessing or transmitting client information. Hackers can access unencrypted information on unsecured WiFi and can use unsecured Wi-Fi to distribute malware.
- Use a virtual private network (VPN) when accessing or transmitting client information. A VPN encrypts information and allows users to create a secure connection to another network.
- Use firewalls and secure router settings. A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules: it establishes a barrier between a trusted network and an untrusted network. A router connects multiple devices to the internet, and connects the devices to each other.
- Use and keep current anti-virus and anti-malware software. Anti-virus and anti-malware both refer to software designed to detect, protect against, and remove malicious software.
- Keep all software current: install updates immediately. Updates help patch security flaws or software vulnerabilities, which are security holes or weaknesses found in a software program or operating system.
- Supply or require employees to use secure and encrypted laptops. All lawyers and staff should use only firm-issued devices with security protections and backup systems and prohibit storage of firm or client information on unauthorized devices. All devices used by the lawyer, such as desktop computers, laptops, tablets, portable drives, phones, and scanning and copy machines, should be protected.
- Do not use USB drives or other external devices unless they are owned by the firm or they are provided by a trusted source.
- Specify how and where data created remotely will be stored and how it will be backed up.
- Save data permanently only on the office network, not personal devices. If saved on personal devices, taking reasonable precautions to protect such information.
- Use reputable vendors for cloud services. Transmission and storage of firm and client information through a cloud service is appropriate provided the lawyer has made sufficient inquiry that the service is competent and reputable.
- Encrypt emails or use other security to protect sensitive information from unauthorized disclosure. A lawyer should balance the interests in determining when encryption is appropriate.
- Encrypt electronic records, including backups containing sensitive information such a personally identifiable information.
- Do not open suspicious attachments or click unusual links in messages, email, tweets, posts, or online ads.
- Use websites have enhanced security whenever possible. Such websites begin with “HTTPS” in their address rather than “HTTP,” and encrypt the communication.