Negative Online Review? How not to respond.

Whether here or at CLEs, I’ve often mentioned the perils of responding to a former client’s negative online review. As reported by the ABA Journal and Legal Profession Blog, here’s another example of what not to do.

Last week, the New Jersey Supreme Court suspended a lawyer for 1-year for violating several rules, including the Garden State’s rule that prohibits a lawyer from using information relating to the representation to a former client’s disadvantage unless the information has become “generally known.”  The underlying decision of the Disciplinary Review Board is here.

Now, the sanction resulted from multiple violations committed while representing multiple clients. In other words, the lawyer’s response to the negative online review wasn’t the sole basis for the 1-year suspension.  Still, the opinion serves as important reminder that, whether you agree with the rule or the interpretation thereof, it is well-established that information that is “public record” is not necessarily “generally known.”

Before I share the facts of the NJ case, let’s look at Vermont’s rule. It’s V.R.Pr.C. 1.9(c)(1):

“(c) A lawyer who has formerly represented a client in a matter or whose present or former firm has formerly represented a client in a matter shall not thereafter:

(1) use information relating to the representation to the disadvantage of the former client except as these rules would permit or require with respect to a client, or when the information has become generally known.”  (emphasis added).

As reported by the ABA Journal, the New Jersey lawyer “had won unsupervised visitation for the client after she took her children to another state without authorization, ‘seemingly, a good result,’ according to the review board.”  Nevertheless, the client posted a negative online review regarding the lawyer’s services.

The client owns a massage therapy business.  Miffed at the review the client had left for him, the lawyer posted the following Yelp review of the client’s business:

• “Well, [client] is a convicted felon for fleeing the state with children. A wonderful parent. Additionally, she has been convicted of shoplifting from a supermarket. Hide your wallets well during a massage. Oops, almost forgot about the DWI conviction. Well, maybe a couple of beers during the massage would be nice.”

In response to the subsequent ethics complaint, the lawyer wrote:

• “As to the Yelp rating about [client’s] massage therapy business, I admit to same. I was very upset by [her] Yelp rating of my practice. This rating was made more
  than a year and a half after the conclusion of my representation. My disclosures, i.e. her arrests, were public information and I did not violate attorney client
  privilege. My position was that what was good for the goose was good for the gander. I do concede that I do not believe that the rating was my finest moment.
  However, it was not unethical. That posting has subsequently been taken down.”

Long story short, the Disciplinary Review Board disagreed that it wasn’t a violation.  Citing to ABA Formal Opinion 479 and a few court decisions, the Board concluded that the lawyer’s review of the former client’s business violated the rules because the information, “although publicly available, was not generally known.”

As I’ve said before, and as my dad told me as a kid, when it comes to client confidences, lawyers would be well-served to remember this quote:

“You will have many opportunities
to keep your mouth shut.
You should take advantage
of every one of them.”
—Thomas Edison—

Related Posts

• Negative Online Review? Restrain Yourself
• Hey Lawyers: STFU!!
• ABA & Client Confidences: It’s Deja Vu All Over Again
• Can’t Keep Quiet? Try Harder

 

 

 

 

 

 

 

Negative Online Review? Restrain Yourself.

A few weeks ago, a lawyer called me for guidance on how to respond to a negative online review.  It’s not an inquiry I receive often, but it’s a topic that warrants a reminder. Also, the call was timely in that the North Carolina State Bar recently issued an advisory opinion that’s on point.

More on the nuts & bolts of the legal ethics issues in a moment.  I’ll start with a practical observation.

I was struck by how upset the lawyer was to have discovered the negative online review. I get it: none of us enjoys having our work trashed, especially by someone who we feel omitted key information in trashing it.  But remember: a negative online review is not the end of the world.

Most everyone reading this post has shopped online.  Did the product you bought have only positive reviews?  Since the new year, and before the coronavirus pandemic, many of you likely went out to eat.  Odds are that the restaurants you frequented had more than one negative review on Yelp.  Finally, I’m willing to bet that, before the internet, every single lawyer had at least one unhappy client who bad-mouthed their services afterwards.  While the ease with which lawyers now learn about negative online reviews is a function of modern technology, unhappy clients are nothing new.

My point is that you can’t make all clients happy all the time.  However, while you can’t control the unhappy clients, you can certainly control your response to their unhappiness.

Personally, when reviewing hotels or restaurants, I appreciate the proprietor who responds with a simple “we regret your experience, please contact us.”  I do not appreciate the “the food wouldn’t have been cold if you’d have eaten it as soon it was served instead of having 3 more beers.”

Enough of my soapbox.

Generally, Rule 1.9(c) prohibits lawyers from revealing or disclosing information relating to the representation of a former client. There’s an exception for any revelation or disclosure otherwise authorized by Rule 1.6, the confidentiality rule for current clients.  Rule 1.6 includes the so-called “self-defense” exception to confidentiality.

The self-defense exception permits a lawyer to disclose otherwise confidential information:

1. “to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client;” or,
2. “to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved;” or,
3. “to respond to allegations in any proceeding concerning the lawyer’s representation of the client.”

I’ll give it to you straight, no chaser: a negative online review doesn’t fall within any of the exceptions.  For those of you that need more than my word, I don’t blame you.

In January, the North Carolina State Bar proposed this advisory opinion.  Citing the NC rule that is the same as Vermont’s, the opinion concludes:

• “Thus, the self-defense exception applies to legal claims and disciplinary charges arising in civil, criminal, disciplinary or other proceedings. A negative online review does not fall within these categories and, therefore, does not trigger the self-defense exception.”

As far as I’m aware, no bar association or court has concluded otherwise.

The North Carolina opinion includes a helpful summary of opinions from other bar associations. I won’t regurgitate them here.  However, harkening back to my earlier point, I will share two sentences from New York State Bar Association Ethics Opinion 1032:

• “Unflattering but less formal comments on the skills of lawyers, whether in hallway chatter, a newspaper account, or a website, are an inevitable incident of the practice of a public profession, and may even contribute to the body of knowledge available about lawyers for prospective clients seeking legal advice.  We do not believe that [the rule] should be interpreted in a manner that could chill such discussion.”

In short, a negative online review does not operate as a client’s waiver or consent that the lawyer may disclose otherwise confidential information.

So, what can a lawyer post in response? Again, being risk averse and appreciating politeness, I’d not post much, if anything.  But some people can’t help themselves.  So, let’s look again at the NC opinion.

It concludes that an attorney “may post an online response to the former client’s negative online review provided the response is proportional and restrained and does not contain any confidential client information.”   As an example, it cites Pennsylvania Bar Association Ethics Opinion 2014-200 which suggests the following response:

• “A lawyer’s duty to keep client confidences has few exceptions and in an abundance
  of caution I do not feel at liberty to respond in a point-by-point fashion in this
  forum. Suffice it to say that I do not believe that the post presents a fair and accurate picture of the events.”

Even that gives me pause.  But, as the North Carolina opinion points out, most to address the issue have concluded that a lawyer does not violate the rules by denying the merit of the client’s assertions.

Okay.  This post is officially too long.  So, I’ll leave you with this.

Catherine Sanders Reach is the Director of the Center for Practice Management at the North Carolina State Bar Association.  Last month, Catherine posted Responding to Negative Online Reviews.  It’s a fantastic resource that I highly recommend.

Or, you can remember a lesson my dad taught me (via Thomas Edison) that I’ve often used on client confidences:

• “You will have many opportunities in life to keep your mouth shut: You should take advantage of every one of them.”

 

Blogger’s Note: this picture is more than a year old.  As I blog today, I’m at home, doing my part. I am not at my office and I’m not touching my face.

Buried Ledes, Hackers, and Protecting Client Data

A friend of mine used the word “lede” in a text she sent me earlier this week.  So impressed that she knew the proper spelling, the word has stayed on my mind ever since.  Good thing.  Because as I proofed this post, I realized that I almost buried the lede.

Even Vermont-sized law firms are vulnerable to hackers.

In January, hackers stole data from five small firms.  From each, the hackers demanded 100 Bitcoin to restore access to the data and 100 Bitcoin not to sell it. Then, the hackers began publishing the data on the web. Among others, Law.Com, CoinTelegraph and the ABA Journal have the story.

Did I mention that, at the time, 100 Bitcoin cost $930,000?  Today it’s only $890,416.

I’ll return to the story in a moment.  First, however, I’d like to introduce Jim Knapp.

Jim is Vermont State Counsel for First American Title Insurance.  But the day I blog about underwriting will be the day I retire as a blogger.

For many years, Jim and Kevin Ryan presented their famed “Road Show” across Vermont. It was a CLE that included great tips on tech and data security. You know – tech competence!

I’ll start with the basic premise: lawyers have a duty to take reasonable precautions against the inadvertent disclosure of or unauthorized access to information relating to the representation of a client. The duty applies to the electronic transmission and storage of client information & data.

As I noted here, there is no set answer to “what are reasonable precautions?”  The ABA’s Standing Committee on Ethics and Professional Responsibility agrees. In Formal Opinion 477, the Committee advised:

• “What constitutes reasonable efforts is not susceptible to a hard and fast rule, but rather is contingent upon a set of factors. In turn, those factors depend on the multitude of possible types of information being communicated (ranging along a spectrum from highly sensitive information to insignificant), the methods of electronic communications employed, and the types of available security measures for each method.”

With respect to cyber threats, the Committee stated:

• “the reasonable efforts standard. . . rejects requirements for specific security measures (such as firewalls, passwords, and the like) and instead adopts a fact-specific approach to business security obligations that requires a ‘process’ to assess risks, identify and implement appropriate security measures responsive to those risks, verify that they are effectively implemented, and ensure that they are continually updated in response to new developments.”

Now, back to the story of the hackers.

Along with blogger’s bloc, the story made realize today is a great day for a Q&A with Jim Knapp. Jim was kind enough to agree.

MK: Thanks for doing this Jim. First reaction when you read about the hack?

Jim: So, this would be deemed a really bad day! First you are locked out of your system, and even if you had good recent backups, and could expend the money and time to restore everything, second, the bad actors are still threatening to sell / release your data. Not to mention, now you have a data breach and must satisfy all the legal requirements related to the analysis and notifications imposed by State laws. What a way to start a week!

MK: I’ll say. For me, this hit home because it didn’t involve one of the ginormous multi-national firms. The firms involved are similar in size to most Vermont firms. How do Vermont lawyers protect themselves?

Jim: As we’ve seen, 2020’s are barely a few weeks old and the news is not good. Ransomware has reached a new high(?) / low (low). The bad actors are not just encrypting your files, they are offering to publish your firm’s files to the public, or at least the public that uses the dark web.

You can no longer rely on having anti-virus software as your only means of protection. Backups are important to recover your data in the case of disaster, but a good backup won’t stop a bad actor from publishing data they have stolen from your firm. Acting reasonably is acting from a sufficient pool of knowledge to understand the risks and the potential solutions.

MK: I love the last sentence: “acting reasonably is acting from a sufficient pool of knowledge to understand the risks and the potential solutions.” Many lawyers, myself included, aren’t exactly tech savvy. My sense is that many firms “leave that to the IT person.” Of course, in the end, a lawyer is responsible for ensuring that the nonlawyer staff – including IT staff and vendors – are protecting client data. Anyhow, how do we move from toes-in-the-water to the deeper end of that pool of knowledge? Some states require tech CLE. In December 2018, I posted this blog wondering if we should.

Jim: While the idea of mandatory participation in professionalism, mindfulness, wellness, etc., are all good subjects, it seems to me that perhaps mandatory participation in cybersecurity training would be a worthy subject. Not just for lawyers but for all persons who work in a law office. As regards Vermont, out of the 2700+ lawyers, I’ll bet not more than 350-400 unique persons have attended a well prepared and presented program on cybersecurity. Of course, those folks will roll their eyes, if they have to hear one more presentation on “don’t click”; have good passwords etc.

MK: I agree. But I still run into lawyers who say, “I wouldn’t even know what the presenters are talking about.”

Jim: Gaining a suitable level of the essential elements of data security is a challenging task if you choose to pursue this on your own. The key is finding a suitable CLE program that can translate the arcane elements of information security into knowledge you can use to assess how safe your law office environment is. Everyone whose practice depends on the availability of information stored on a computer system owes it to their clients and to themselves to attend enough CLE programs to understand what options exist for protecting their digital information.

MK: Music to my ears! But it has to be more than just “go to a tech CLE,” right?

Jim: Training is a key element to protecting your digital environment. But training alone isn’t sufficient, as no matter how diligent you are in reminding all your colleagues not to open questionable emails, stay away from questionable websites, and to watch out for the social engineers looking to convince you to hand over key information like passwords, the bad actors will eventually find an opening and pounce.

Information security for a law office involves all kinds of elements, from

• properly configuring the hardware included in your network, like the router that connects your office to the outside world; to,
• running a suitable firewall; to,
• using effective anti-malware software; to,
• keeping your operating system and applications up to date with all patches (Note: if you are still using Windows 7 you must STOP now. Microsoft is no longer providing patches for Windows 7 and there are still numerous vulnerabilities that have never been fixed and now will not be fixed)
• possibly running intrusion detection and intrusion prevention systems within your network;
• and more.

MK: Good stuff! Last question before we lose everyone: I’ve often called you for tips on backing up client data. Can you give us the quick version that you’ve given me on backups, airgap, etc.?

Jim: Backup, like all tech issues, has lots of components. The right backup strategy depends on what kind of data you have, how much data you have, and where you store your data. But, everyone should consider at least the following elements:

• Nearline – a backup that is connected to your network storage, or to your personal PC (wherever you store your day to day work product) all the time and periodically (hourly, every few hours, at least twice a day), duplicates the data in your data storage. Usually, an external USB hard drive purchased for less than $100.00 will suffice. This allows you to recover immediately, or nearly immediately from a problem with your storage device, e.g. your hard drive or SSD croaks at 3:30 and the response to the motion for summary judgment is due tomorrow.
• Offline – a backup that is stored off-site. It can be cloud based, or a rotation of physical drives, one of which is stored off-site at all times. This provides a recovery option for the electrical surge that kills your onsite storage, a fire, a flood, or somebody breaks into your office and steals the computers. This backup is run at an interval calculated by how much work-product you are willing to lose and have to recreate. It could be measured in weeks, but I would offer that daily is a more reasonable assessment.
• Airgap – this a backup device that is only connected to your network or the PC while the backup is running. This is one tool in the kit to address a ransomware attack on your systems. Again, an airgap backup will typically fit on a good quality external USB hard drive which is a $100 item. To run the back-up, you connect the device to the storage device you want to backup, and as soon as the backup is complete, you disconnect the backup device and store it safely away from any connection to your data storage systems.

MK: I lied, one more question: you & I bumped into each other at church on Ash Wednesday. Was that your cell phone that went off during mass? Tech competence is a thing at worship too.

Jim: Fortunately no, neither of my cell phones was that particular culprit.

MK:  Good.  The ringtone reflected a failure to act competently when choosing a ringtone.

Jim:  I have two cell phones because of the nature of the insurance business and my employer’s policies. Particularly, in the case of regulators, they can demand access to Company information, some of which may be stored on my phone. And, the Company retains the right to monitor and inspect all data stored on or passing through their data-stream. Now, while I have few secrets worth discovering, and after 40 years of practice in Vermont, net worth is not one of them, I have no desire to expose my personal information to either the regulators or the Company. Hence, I have a personal cell phone and a work cell phone. I would suggest that lawyers should consider the same analysis I did. If you were sued, do you really want opposing counsel and your appointed defense counsel rummaging through the materials on your phone?

MK:  It’s almost as if you’ve seen what’s on my phone.  No, I don’t want anyone rummaging through!  Good reminder though: as I blogged here, lawyers who travel abroad should consider leaving behind devices that contain client data.

Thanks Jim, this was great!

To be clear: being hacked isn’t necessarily an ethics violation.  Even reasonable security can be breached.  My point today is to encourage lawyers and firms to assess the measures that they have in place.  And, to encourage those who don’t know how to perform such an assessment to find someone who does.

Finally, if you or your firm has been breached, you should (1) read my post ABA Addresses Lawyer’s Duties in Response to a Data Breach; and (2) review the Attorney General’s outline of duties that arise under Vermont’s Security Breach Notice Act.

As always, let’s be careful out there.

Facebook Post Leads to Public Reprimand

I’ve blogged often on the risk associated with disclosing information relating to the representation of a client.  At times, I sense that lawyers think I’m exaggerating to make a point.

I’m not.

Earlier this week, the Legal Profession Blog posted Public Discipline For Facebook Posts That Violated Duty Of Confidentiality. The post shares this opinion from the Massachusetts Board of Bar Overseers.

Briefly, a lawyer represented Jane Doe in connection with a petition for guardianship of her grandson.  Following a confidential juvenile hearing, the lawyer posted the following on his personal Facebook wall:

“I am back in the Boston office after appearing in Berkshire
Juvenile Court in Pittsfield on behalf of a grandmother who
was seeking guardianship of her six year old grandson and
was opposed by DCF yesterday. Next date-10/23.”

Two people commented.

The first asked the grounds on which DCF opposed the petition.  The lawyer replied:

“GM [grandmother] will not be able to ‘control’
her daughter, the biological mother, and DCF has ‘concerns.’ Unspecific.” 

The second asked if DCF preferred foster care.  The lawyer replied:

“The grandson is in his fourth placement in foster care since his removal from GM [grandmother]’s residence in late July. I will discover what DCF is doing or not doing as to why DCF opposes the GM [grandmother] as guardian. More to come.”

Eventually, Jane Doe’s daughter saw the post and comments and told Jane Doe about them. Doe sent the lawyer an email in which she stated that he

“seem[ ed] to think that discussing my custody case (and who knows what else) with your Face book [sic] buddies on an open account … is okay and at the least just [a] mistake. I beg to differ. Posting client information on Face book [sic] is a violation of the attorney client law.”

The lawyer replied that he had not disclosed protected information and that his post indicated “from where I was returning and DCF’s position only.”

The MA disciplinary prosecutor charged the lawyer with violating Rule 1.6(a) of the Massachusetts Rules of Professional Conduct.  With few exceptions, none of which were present, the rule states that a lawyer “shall not reveal confidential information relating to the representation of a client.”

(I emphasized confidential.  Why?  Because Vermont’s rule isn’t as narrow.  Vermont’s rule states that a lawyer “shall not reveal information relating to the representation of a client.”)

Anyhow, the MA rules defines “confidential information” as “information gained during or relating to the representation of a client, whatever its source, that is (a) protected by the attorney-client privilege, (b) is likely to be embarrassing or detrimental to the client if disclosed, or ( c) information that the lawyer has agreed to keep confidential.”

At the trial level, the disciplinary prosecutor argued (b).  That is, that the Facebook post revealed information that was likely to be embarrassing or detrimental to Jane Doe if disclosed.

The hearing committee recommended dismissal of the disciplinary charges.  Upon review, the Board of Bar Overseers characterized the committee’s decision as follows:

• “In recommending dismissal of the petition for discipline, the hearing committee
  concluded that, ‘the information at issue could only be embarrassing or detrimental to Doe if it could reasonably be linked to her.’ Based on its reading of [the rule] the hearing committee concluded that, ‘there must be enough revealed to get to a certain threshold, some identifiable or linear nexus reasonably connecting the information to a particular person.’ Thus, in recommending dismissal of the petition, the hearing committee found that, ‘There is no reasonable likelihood that the client could have been recognized.'”

The Board disagreed.

First, the Board concluded that the Facebook post was “confidential” because the disclosure that Jane Doe and her grandson were involved in a DCF matter was likely be embarrassing or detrimental to Jane Doe.

Next, the Board noted it was enough that Jane Doe and her daughter had recognized the post as referring to the lawyer’s representation of Jane Doe.  More specifically, the Board rejected the hearing committee’s conclusion that “there must be enough revealed to get to a certain threshold, some identifiable or linear nexus reasonably connecting the information to a particular person.”  Rather, after concluding that the daughter, who was not the lawyer’s client, figured out the the post was about her mother, the Board wrote:

• “Even if there were no evidence that a third party actually recognized the client in the post, we would still conclude that the respondent had violated Rule l.6(a). There is no requirement that a third party actually connect the dots. If it would be reasonably likely that a third party could do so, the disclosure runs afoul of the rule. In addition to her daughter knowing about the case, Doe could have mentioned to a friend that the respondent was representing her in a case (perhaps in connection with making a referral). If the friend looked up the respondent on Facebook, the friend would learn about the ’grandmother’ and her litigation with DCF. There are numerous other reasonable scenarios.”

Now, I know what you’re thinking:  if that’s the rule, how can I ever run anything by another lawyer who isn’t in the same office as I am? The Board’s answer:

• “In posting on Facebook, the respondent did not seek advice from other lawyers, nor can we discern any other purpose that would have served his fiduciary duty to his client. There is no legitimate analogy between seeking advice from other lawyers and the respondent’s Facebook post.”

Turning to the appropriate sanction, the Board publicly reprimanded the lawyer. While dissenting members urged a private admonition, the Board stated:

• “The post is no different than publishing the facts in a newspaper or broadcasting them on television. Furthermore, the matter discussed by the respondent here was a sensitive child custody case that our legislature has deemed to be worthy of confidential protection by statute [citation omitted]. The respondent’s conduct ignored not only the basic tenets of Rule 1.6, but the basic confidentiality requirements that all attorneys who handle these sort of child custody and protection matters should honor.”

The Board concluded:

• “Confidentiality is a central tenet of our profession.  If nothing else, the public knows that attorneys are obligated to protect their confidences.  This obligation exists to encourage clients to be truthful and to place great trust in their counsel.  By posting information about his client on Facebook, the respondent jeopardized that trust.  Public discipline is warranted.”

When it comes to disclosing information relating to the representation of a client, my thoughts remain the same.  Unless required or permitted by the rule, don’t.  As this case proves, “not much” can be “too much.”

 Related Posts:

• Don’t Post That
• Keep Quiet & Lawyer On
• Disclosing Information That Is Public Record
• ABA & Client Confidences: It’s Deja Vu All Over Again
• Can’t keep quiet? Try harder.
• Hey Lawyers! STFU!!!

Client alleges you did wrong? Still, don’t talk too much.

When it comes to client confidences, I think lawyers would be well served to remember lessons imparted by Run-DMC: it’s not tricky, don’t talk too much.

Information relating to the representation of a client, no matter the source, is confidential.  Per Rule 1.6, such information can only be disclosed if:

• the client gives informed consent to the disclosure;
• disclosure is impliedly authorized to carry out the representation;
• disclosure is required by Rule 1.6(b); or,
• disclosure is permitted by Rule 1.6(c).

Today, I want to look at one of the instances in which paragraph (c) permits disclosure of otherwise confidential information.  I’m going to refer to (1) an ineffective assistance of counsel claim made by a criminal defendant against a defense attorney; and, (2) an ABA advisory opinion on the extent to which Rule 1.6 applies to claims of ineffective assistance.

Don’t tune out simply because you don’t do criminal defense.  There’s a larger point: the mere fact that the client alleges that you did something wrong does not give you license to disclose anything and everything that the client ever shared with you.

Rule 1.6(c)(3) permits (but does not require) a lawyer to reveal information relating to the representation if the lawyer reasonably believes that disclosure is necessary:

• to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client;
• to establish a defense to a criminal charge or civil claim against the lawyer based upon conduct in which the client was involved; or,
• to respond to allegations in any proceeding concerning the lawyer’s representation of the client.

Per Comment [14], if a lawyer reasonably believes that (c)(3) permits disclosure, disclosure is nonetheless limited to “the extent the lawyer reasonably believes the disclosure is necessary to accomplish one of the purposes specified.”  It continues:

• “[D]isclosure adverse to the client’s interest should be no greater than the lawyer reasonably believes necessary to accomplish the purpose.  If the disclosure is made in connection with a judicial proceeding, the disclosure should be made in a manner that limits access to the information to the tribunal or other persons having a need to know it and appropriate protective orders or other arrangements should be sought by the lawyer to the fullest extent practicable.”

In simple terms, do what you advise your clients to do in depositions and on the witness stand: listen to the question and answer only the question.   Actually, a federal magistrate recently stated it far more succinctly.

Yesterday, I came across this post in the ABA Journal.  The opening paragraph:

• “A federal magistrate judge has ordered a West Virginia lawyer accused of ineffective assistance of counsel to respond to his one-time client’s allegations in a way that limits disclosure of confidential information.”

The magistrate’s opinion is here.  The analysis includes reference to Rule 1.6 and ABA Formal Opinion 10-456.  The magistrate’s succinct conclusion:

• “Simply put, the filing of an ineffective assistance of counsel claim does not operate as an unfettered waiver of all privileged communications.”

I’ll stop there otherwise I risk sudden onset of carpal tunnel syndrome.

Suffice to say, even when a client puts your representation into issue, don’t talk too much.

After all, who wants to be this guy? (80’s lyrics are the best!)

“Everywhere that you go, no matter where you at
I said you talk about this, and you talk about that
When the cat took your tongue, I say you took it right back
Your mouth is so big, one bite would kill a Big Mac.”

~ Run-DMC, “You Talk Too Much,” King of Rock, Track 3, 1985.

Related Posts

• Subpoena to Disclose Client Info?
• Tips for Online Reputation Management

Safeguarding Client Data: Don’t Forget Email Safety.

Like Starship built a city on rock ‘n roll, I built this blog on tech competence.  More specifically, on a phrase that, while once my mantra, I’ve not typed in ages:

competence includes tech competence.

The story of a lawyer’s duty of tech competence includes many chapters.  Perhaps the most important is the chapter on the duty to take reasonable precautions against the unauthorized access to or inadvertent disclosure of information related to the representation of a client.  Given the feedback I’ve received here and at CLEs, lawyers seem to associate that duty most closely with cloud storage.

Yes, protecting client data this transmitted or stored electronically is important. So important that I’ve run my post The Cloud: What Are Reasonable Precautions? four different times.

But don’t forget e-mail security.  And, within the topic of e-mail security, don’t get so pre-occupied with whether there’s a duty to encrypt that you forget about some of the simple things.  For instance, whether a lawyer has a duty to disable autocomplete.

Almost two years ago, I posted Client Confidences: Disable Autocomplete?  Two “real-life” events inspired the post.

The first was a story that I repeated often on this spring’s CLE circuit.  As reported by Above The Law, it’s the story of a lawyer who meant to send a message to other lawyers in the firm, but mistakenly sent it to a Wall State Journal reporter in what appears to have been an autocomplete snafu.

The second hit closer to home.  Thanks to autocomplete, an email that a lawyer intended to send to me mistakenly went to Judge Michael Kainen.

Catherine Sanders Reach runs the North Carolina Bar Association’s Center for Practice Management.  Earlier this week, Catherine posted Make Email Less Dangerous.  It’s a fantastic piece on protecting client data when using email.  Catherine’s tips include instructions on:

• disabling autocomplete
• using “delay send” and “undo send”
• Microsoft Add-Ins that protect against sending to the wrong recipient
• keeping internal emails internal

I recommend Catherine’s blog.

After all, and to tie this back to the intro, better to spend some time with Catherine’s tips than to find yourself Knee Deep in the Hoopla that will certainly ensue if you inadvertently send confidential information to an unintended recipient.

Yes.  I’m quite aware that I posted a blog constructed around what some consider to be the worst song of all-time.

 

 

 

 

Redacting Confidential Info

In January, Paul Manafort’s lawyers made headlines for failing to take proper steps to redact a document.  Myriad outlets covered the story, including The Atlantic, BBC, and Legal Tech News.

In response, the ABA Journal posted How to redact a PDF and protect your clients.  A few days later, I recommended the ABA post in my blog Competence, Confidences and PDFs. 

Today, the ABA Journal published more helpful information: Redacting confidential client information: The devil is in the details.  The post points out the risks in failing to understand how property to redact a document.  I recommend it.

One risk? Disciplinary action.  Lawyers have a duty not to disclose information relating to the representation of a client.  There’s also a duty to use reasonable safeguards to protect against unauthorized access to or inadvertent disclosure of confidential information.  In my view, employing a redaction method that fails to keep information confidential is not a reasonable safeguard.

Rather, it’s tech incompetence.

 

 

 

Talking culture, compliance, confidences & candor.

Flashback to 1994:  I was a brand new attorney.  Another attorney in my office mentioned Shelley Hill.  I asked, “who’s Shelley Hill?”  The attorney responded, “someone you never want to hear from.”

Back then, Shelley was Vermont’s disciplinary prosecutor.  The attorney’s answer to my question was the extent of the ethics guidance I received in my first ever job as a lawyer.

We’ve come a long way.  It’s no longer taboo to talk legal ethics.  We talk it.  A lot.  Not only does it help us do better for our clients, it improves the image of the profession.  To that end, one of my goals as bar counsel is to foster an ongoing and open dialogue about legal ethics and professional responsibility that helps to build a culture of compliance that we put out there for the world to see.

Reflective of the today’s world, the conversation happens in many forums.**  Today, I woke to having been mentioned in a tweet by a lawyer who was concerned by the news that Nikolas Cruz’s public defender disclosed Cruz’s potential inheritance in a motion to withdraw from representing him in the criminal case.  The lawyer tweeted:

“i would be interested to learn the circumstances of the public defender of Nikolas Cruz disclosing to the court in Mtn to Withdraw and on the record that his client inherited $430,000 (VERY vulnerable to civil suit if not exempt) – seems a bit problematic, eh @VTBarCounsel?”

The entire string is here.

Look at us.  We are talking legal ethics in public! THAT is professional responsibility.

I’ve blogged often on client confidences and Rule 1.6.  Basically, my position is that lawyers should STFU.  Or, to borrow a quote from Thomas Edison that my Dad instilled in me as a kid:

“You will have many opportunities
to keep your mouth shut.
You should take advantage
of everyone of them.”

Obviously, it’s far wiser to take my Dad out in public than his eldest son.

Anyhow, as indicated in my reply Tweet this morning, I don’t comment without hearing all sides to a story, not to mention that I have no idea what Florida’s rules are.  But it’s a great construct to use as a mini-refresher on Vermont’s rules.

By rule, “information relating to the representation of a client” is confidential.  The scope is broader than the privilege and includes all information related to the representation no matter the source.  Comment [3].  Such information shall not be disclosed unless:

• the client gives informed consent to the disclosure;
• disclosure is impliedly authorized to carry out the representation;
• disclosure is required by paragraph (b);
• disclosure is permitted by paragraph (c).

Returning to the Parkland case, if Vermont’s rules applied, the first possibility is that Cruz gave informed consent for his public defender to make the disclosure.

I’d be surprised if any of exceptions in paragraph (b) applied.  However, it’s possible that one of the exceptions in paragraph (c) applies.  That is, disclosure of the inheritance might be authorized by another rule.  Stay with me here.

This morning I did something rare: I did some research before I tweeted.  I learned that, as reported by the South Florida SunSentinel, a year ago Cruz’s inheritance was the subject of a hearing as to whether he qualified for public defender services.  Per the report, it appears as if it was represented to the court that Cruz stood to inherit far less than recent developments indicate.

If so, and again if Vermont’s rules applied, it’s possible that the new information required the public defender to make the disclosure pursuant to Rule 3.3.  The rule, entitled “Candor to a Tribunal,” requires a lawyer to correct a prior material statement of fact that was false.  Were the statements made in last year’s hearing on Cruz’s eligibility for public defender services “material” and “false?”  If so, one might argue that the public defender was required to make the disclosure in the motion to withdraw.

Finally, reading today’s reports left me with the impression that Cruz’s public defenders believe that, given the inheritance, the law precludes him from being eligible for their services.  Thus, it appears to me that they argued that they are required to withdraw.

In Vermont, Rule 1.16 governs withdrawal.  Perhaps most relevant here, Rule 1.16(a)(1) requires withdrawal when “the representation will result in violation of the rules of professional conduct or other law.”  So, it looks to me as if the argument is “by law, the inheritance prohibits us from representing him, thus withdrawal is required.”  The Florida courts will decide.

Aside: as some of you know from having called me or heard me speak.  When it comes to a motion to withdraw, I think it best to limit the motion to citing the text of whichever provision(s) of Rule 1.6 you’re arguing.  Then, if the court asks for more information, respond, but in such a way as to disclose no more information than is necessary to answer the court’s question.  Being mindful, the entire time, of a larger duty not to harm to your client’s interests on your way out.  Others may disagree with me, but that’s fine.

Indeed, that’s why it’s so important to continue to discuss legal ethics and professional responsibility.  The discussion makes us do better by our clients, the courts, and the profession.

Talk on.

** I couldn’t decide whether to go with “fora” or “forums.”  Flipped a coin.

 

Inadvertent Production

Edited at 9:05 PM to fix typos in a first edition that, sadly, I cannot honestly claim to have been inadvertently produced. 

In Vermont, what’s an attorney’s ethical duty when the attorney receives information that the attorney knows or should know was inadvertently sent?

The answer lies in Rule 4.4(b).

The lawyer’s ethical duty is to promptly notify the sender.

But Mike, what if the sender asks the attorney to destroy the information or return it unread?

Again, the ethical duty is to promptly notify the sender.

Indeed, per Comment [2], whether the lawyer has a duty to return the information “is a matter of law beyond the scope of these rules, as is the question of whether the privileged status of the document has been waived.”  Further, here’s Comment [3]:

• “Some lawyers may choose to return a document unread, for example, when the lawyer learns before receiving the document that it was inadvertently sent to the wrong address.  Where the lawyer is not required by applicable law to do so, the decision to voluntarily return such a document is a matter of professional judgment ordinarily reserved to the lawyer.”

But does that end the discussion?

Yes.  This blog is over.

Just kidding!  Of course it doesn’t end the discussion!

Don’t forget about the Rules of Evidence and the Rules of Civil Procedure.

In my view, the ethical duty to provide a client with competent representation includes understanding what to do upon (1) receiving information that was inadvertently produced; and, (2) learning that you inadvertently produced information.  In addition, Rule 3.4(c) imposes an ethical obligation to comply with court rules.

Also, here are 2 practical reasons not to forget about the interplay between inadvertent production, your ethical duty, the Rules of Evidence, and the Rules of Civil Procedure.

First, you do not want you firm to be named in a Bloomberg Law headline that announces that your firm conducted itself “poorly.”

Second, you do not want to be the attorney for either side in a matter in which a United States Magistrate’s ruling on a motion to disqualify begins like this:

“The facts underlying this disqualification motion establish that, unfortunately, lawyers on both sides of the litigation acted poorly.”

Especially when the Magistrate continues:

“At the heart of this dispute is a disappointing but obvious inability of opposing counsel in this case to talk and correspond with each other in good faith, to rely on each other’s representations, and to deal honestly and squarely with one another. From its inception, this case has been replete with numerous and extensive discovery disputes, myriad motions, lengthy hearings, and finger-pointing by opposing counsel against each other for various alleged bad acts. The Court does not know if this conduct and mistrust is based upon past dealings between counsel or due to other factors, but the attorneys should be aware that their conduct is not helping their respective clients’ positions in this litigation. In fact, it is downright unproductive and silly.”

The Bloomberg Law article is here.  The magistrate’s opinion is here.

I recommend reading the opinion, particularly if you litigate.  A quick summary:

• Just before Christmas, defense counsel produced over 14,000 documents in response to plaintiff’s discovery request;
• Shortly after Christmas, plaintiff’s counsel informed defense counsel that it appeared as if 100 of the documents were privileged, but that plaintiff’s counsel would assume that they were correctly produced and not privileged;
• The lawyers did not immediately reach an agreement as to whether plaintiff’s counsel would provide defense counsel with the Bates numbers of the documents that appeared to privileged, or, whether defense counsel should provide plaintiff’s counsel with the Bates numbers of all privileged documents that were inadvertently produced.

Long story short, three points:

1. The defense firm knew what to do – under both the Rules of Evidence and the Rules of Civil Procedure – to preserve the privilege of material that it had inadvertently produced.  Do you?
2. There is no such thing as “It appears as if you inadvertently produced documents. But I’m going to assume you meant to produce them. Therefore, they aren’t privileged.”
3. I am not convinced that a lawyer who receives information that the lawyer knows was inadvertently produced complies with Rule 4.4(b) by saying something to the effec that “100 of the 14,500 documents you produced look they might have been inadvertently produced, but I’m not going to tell you which ones.”

 

 

 

 

 

 

 

Tips for Online Reputation Management

Online Reputation Management is a thing.  An important thing.  But not so important that the Rules of Professional Conduct go out the window when a lawyer manages her online reputation.

Rule 1.6 prohibits a lawyer from disclosing information relating to the representation of client.  The rule is much broader than the attorney-client privilege and applies to all information relating to the representation no matter the source.

There are exceptions to the rule.  They are:

• the client’s gives informed consent to the disclosure;
• disclosure is impliedly necessary to carry out the representation;
• disclosure is mandated by Rule 1.6(b);
• disclosure is permitted by Rule 1.6(c).

Rule 1.6(c)(3) permits a lawyer to disclose information related to the representation of client:

• to establish a claim or defense on behalf of the lawyer in a controversy between the lawyer and the client; or,
• to establish a defense to a criminal charge or civil claim against the lawyer based on conduct in which the client was involved; or,
• to respond to allegations in any proceeding concerning the lawyer’s representation of the client.

As I’ve previously blogged, a negative online review is not a “controversy between the lawyer and the client” that triggers the exception.  Neither is a negative online review a “proceeding” in which allegations have been made against the lawyer. My blog posts, which includes advisory opinions & disciplinary decisions, are here:

• Negative Online Review? What NOT to do
• Negative Online Review? UPDATE!
• Negative Online Review? More of what not to do

As the headlines suggest, the posts focus on what not to do.  For instance, don’t reveal client confidences in response to an online review.  Don’t post fake positive reviews.  Don’t create a fictitious lawsuit in order to get a court to order a website provider to take down a negative review.

Today’s ABA Journal has some great tips related to online clients reviews.  They appear in Kelly Newcomb’s post How lawyers can make positive – and negative – online reviews work for them.  

Whether on AirBnB, Yelp, Amazon, or myriad other sites, I suspect many lawyers have read through the reviews before making a purchase or reservation.  Odds are, potential clients are doing the same before hiring you.  Today’s post in the ABA Journal helps to frame not only a lawyer’s professional obligations when dealing with online reviews, but the marketing benefits that come with knowing how best to manage an online reputation.