Monday Morning Answers – T. Swift & T. Petty

Now I know what drives traffic – Taylor Swift!

Friday’s questions are here.   The answers follow today’s Honor Roll.

Honor Roll

• Ed Adrian, Monaghan Safar Ducham
• Matthew Anderson, Pratt Vreeland Kennelly Martin & White
• Alberto Bernabe, Professor of Law, The John Marshall Law School
• Robert Grundstein
• Anthony Iarrapino
• Keith Kasper, McCormick Fitzpatrick Kasper & Burchard
• Marsicovtere & Levine
  • Jordana Levine, Audrey Smith, Nikki South, Rachel Thompson
• Kane Smart, ANR, Office of General Counsel, Enforcement & Litigation Division
• Allison Wannop, Law Clerk, Vermont Superior Court

Answers

Question 1 – American Girl; 

“Well she was an American girl
Raised on promises . . .”

Later, the American girl became a lawyer and is admitted to practice in Vermont.  By rule, she has essentially promised:

• A.  Not to disclose information related to the representation of her clients.
• B.  Not to disclose information related to the representation of her clients, unless the information is a matter of public record.
• C.  Not to disclose information related to the representation of her clients, unless the information falls outside the attorney-client privilege.
• D.  Not to disclose her clients confidences and secrets.

For more on this, please see this blog post in which I discuss Rule 1.6 and its interplay with matters of privilege & matters in the public record.

Question 2 – Refugee

Lawyer represents Client in a civil matter.  Trial is scheduled for next week.  Most of Lawyer’s strategy sessions with Client have focused on Witness.  Lawyer plans to have Witness testify and offer evidence in support of Client’s claim.

Yesterday, Client said to Lawyer:

• “We got somethin’, we both know it, we don’t talk too much about it
  Ain’t no real big secret, all the same, somehow we get around it
  Oh listen, it don’t really matter to me, baby
  You believe what you wanna believe.”

Lawyer was somewhat confused, but, having thought about it, thinks that Client might have convinced Witness to offer false evidence.  Which is most accurate?

• A. If Lawyer reasonably believes that Witness will offer false evidence, Lawyer may refuse to offer Witness’s testimony. See, V.R.Pr.C. 3.3(a)(3).  
• B.  Lawyer must offer Witness’s testimony.
• C.  Lawyer must not offer Witness’s testimony.
• D.  Lawyer must withdraw.

The key here is that Lawyer suspected, but did not know, that Client might have convinced Witness to offer false evidence.  A prudent course here would be to remonstrate with client & to make clear to Client (1) that “C” would be correct if Lawyer “knows” Witness will offer false testimony; and, (2) that if Lawyer discovers after-the-fact that Witness provided false evidence, Lawyer has a duty to take reasonable remedial measures, up to and including disclosure to the court.

Question 3 – Don’t Do Me Like That; Jammin’ Me

This is a different case than in Question 2.

Attorney informs Client that Attorney intends to file a motion to withdraw.  Client responds:

• “Don’t do me like that
  Don’t do me like that
  Someday I might need you baby
  Don’t do me like that!”

Attorney replies “the ethics rules require me to withdraw.” Client retorts:

• “You’re jammin’ me, you’re jammin’ me
  Quit jammin’ me
  Baby you can keep me painted in a corner
  You can walk away but it’s not over.”

Assuming that Attorney is correct and that withdrawal is mandatory, which of the following will Attorney be most likely to cite in the motion?

• A.  Client has failed substantially to comply with the terms of the fee agreement.
• B.  Attorney has discovered a non-waivable conflict of interest with a former client.
• C.  The representation has been rendered unreasonably difficult by Client.
• D.  Client insists on taking a course of action that Attorney considers repugnant.

Rule 1.16(a)(1) mandates withdrawal when continued representation will result in a violation of the rules of professional conduct.  Continuing despite a non-waivable conflict would cause Attorney to violate the rules.   Thus, B is correct.  Choices A, C, and D are instances in which withdrawal is permitted, but is not mandatory.  

Question 4 – Runnin’ Down A Dream

Continuing the scenario from the previous question, Attorney filed the motion to withdraw.  As it remained pending, stress & anxiety bedeviled Client.  Then, the court granted the motion.  Shortly thereafter, Client contacted the VBA’s Lawyer Referral Service and received a list of potential new lawyers.  Uplifted, Client called Attorney to schedule an appointment to pick up the file. Client said:

• “I rolled on as the sky grew dark
  I put the pedal down to make some time
  There’s something good waitin’ down this road
  I’m pickin’ up whatever’s mine.”

When Client arrives, Vermont’s rule specifically requires Attorney to:

• A.   Keep a copy of Client’s file.
• B.   Surrender Papers & Property to which Client is entitled.
• C.   A, B, and refund any unearned fee.
• D.   B and refund any unearned fee.

This is Rule 1.16(d).  After complying with the rule by delivering the file, there is nothing in the rules of professional conduct that requires Attorney to keep a copy of the file.  Most carriers, however, have language in their policies that require lawyers to keep copies of a closed files for X number of years.

Question 5 – Free Fallin’

Continuing the scenario . . . Client followed through on her statement that Attorney could walk away, but it’s not over.  Before runnin’ down her dream elsewhere, Client posted a negative online review about Attorney, sued Attorney for malpractice, and filed a disciplinary complaint against Attorney.

Attorney intends to respond with:

• “She’s a good girl, loves her mama
  Loves Jesus and America too
  She’s a good girl, crazy ’bout Elvis
  Loves horses and her boyfriend too
• It’s a long day livin’ in Reseda
  There’s a freeway runnin’ through the yard
  And I’m a bad boy, ’cause I don’t even miss her
  I’m a bad boy for breakin’ her heart”

Assume the information in the response is true, but is not generally known.  Attorney would likely violate the rules by:

• A.  Posting the information online, in response to the negative review.
• B.  Incorporating the response into the defense of the malpractice complaint.
• C.  Incorporating the response into his answer to the disciplinary complaint.
• D.  None of the above.  No matter the forum, Client put the representation in issue.

Client is a “former client.”   Rule 1.9(c)(2) prohibits disclosure of information relating to the representation of a former client unless the rules otherwise permit disclosure.  Here, Rule 1.6(c)(3) permits B & C.  The rule is often referred to as the “self-defense exception” to the general prohibition against disclosure.  It is well-settled that the “self-defense exception” does not apply to negative online reviews.  For more, see my post Negative Online Review? What NOT to do.

Advertisements

Hey Lawyers! STFU!!!

So, for those of you still adjusting to the interwebs, that headline is what we call “clickbait.”

And here you are.  Keepers, I hope.

But, seriously lawyers, shut up!

I’m talking about client confidences and the duty not to reveal “information relating to the representation” of a client.

The rule is Rule 1.6. For those of you averse to clicking on the hyperlink due to my repeated warnings about scams inviting you to do so, I applaud the effort, but frown upon your tech competence. Anyhow, here’s the language you need to remember:

• “A lawyer shall not reveal information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized to carry out the representation, or the disclosure is required by paragraph (b) or is permitted by paragraph (c).”

Let’s look at it a bit differently.  Per the rule, a lawyer may “reveal information relating to the representation of a client” if:

• the client gives informed consent to disclosure; or,
• disclosure is impliedly authorized to carry out the representation; or,
• disclosure is required by paragraph (b); or,
• disclosure is permitted by paragraph (c).

Now, please click on this and review paragraphs (a), (b), and (c).  As you do, I want you to think of, and be prepared to tell me, the two things that you will raise as defenses to a disciplinary complaint and that I will tell you DO NOT APPEAR in either paragraph.

Are you ready?

Here they are:

1. But Mike, the information I revealed wasn’t privileged.
2. But Mike, the information I revealed is a matter of public record.

My responses:

1.  Did you read the rule? It says that you “shall not reveal information relating to the representation of a client unless the client gives informed consent [or] the disclosure is impliedly authorized to carry out the representation . . . ”  As made clear by Comment [3], the duty not to reveal “information relating to the representation” encompasses far more information than is covered by the attorney-client privilege. It encompasses “all information relating to the representation, whatever its source.” (emphasis added)
2. Where in paragraph (a), (b), or (c) does it say that a lawyer may reveal “information that is public record?”  Hint – you don’t need to go back and look.  The answer is “nowhere.”  In other words, “it’s public record” is not the same as:

• the client providing informed consent; or,
• information that is impliedly authorized to be revealed in order to carry out the representation; or,
• one of the disclosures mandated by paragraph (b); or,
• one of the disclosures permitted by paragraph (c),

Rather, it remains “information relating to the representation” that a lawyer “shall not reveal.”

Lawyers seem to get hung-up on the “public record” thing.  No need to get hung-up.  As I just said, the rule makes it very, very clear: “it’s public record” is not one of the exceptions to “a lawyer shall not reveal information relating to the representation.”

Of course, this almost never comes up with “current clients.” In my experience, lawyers seem to think that they can disclose information relating to the representation of a former client if the information is in the public record.

Nope.

Please look at Rule 1.9(c)(2).

Still click averse? Fine.

• “A lawyer who has formerly represented a client in a matter . . . shall not reveal information relating to the representation except as these rules would permit or require, or when the information has become generally known.”

The rules do not require or permit lawyer to reveal information merely because it has become a matter of public record.  Further, the fact that information is “public record” does not necessarily mean that it has become “generally known.”  There is plenty of authority for the proposition that “public record” does not equal “has become generally known.” I’ve listed a few cases at the end of this post.  For now, I’ll start with this:

Vermont’s Rule 1.6 is derived from ABA Model Rule 1.6.  The model rule expresses “the basic principle of professional ethics that all information `relating to’ a lawyer’s professional relationship with a client is presumptively confidential and must not be disclosed unless an exception applies.”  1 Hazard & Hodes, The Law of Lawyering (3d Ed.2001) 9-52, Section 9.15.

Or, think about it this way:

1. 25 years ago, you represented me in a divorce. The case went to a trial and the evidence, including my own testimony, established that I had an affair.
2. Now, in 2017, I’m running for public office, or, applying for a job and I listed you as a reference.  You tell a voter or my prospective employer “i’d never support someone who had an affair.”

Good luck with your “but it’s in the public record!” defense to my ethics complaint.

I’ve mellowed since I typed the headline.  So, I’ll conclude with this:

“Hey Lawyers! Be Quiet.”

But . . .

UPDATE – OCTOBER 5, 2017 

A few cites:

Most recently, take a look at, Dougherty v. Pepper Hamilton LLP, 133 A.3d  792 (2016), 2016 PA Super 23.  A thorough and relevant analysis begins on page 798. The court quotes the Restatement 3d, which includes the following language: “the fact that information has become known to some others does not deprive it of protection if it has not become generally known in the relevant sector of the public.”  Restatement (Third) of the Law Governing Lawyers § 59, cmt. d.

Akron Bar Ass’n v. Holder, 102 Ohio St. 3d 307 (2004). The case was decided under the Ohio rule that prohibited the disclosure of a client’s “confidendences & secrets.”  Some of you might remember that “confidences & secrets” are what we were required to keep confidential when Vermont followed the Code. We switched to the Rules in 1999.  In any event, after noting that its standard was “less encompassing than that in [ABA] Model Rule 1.6(a),” the Ohio court stated that “[t\here being an ethical duty to maintain client secrets available from sources other than the client, it follows that an attorney is not free to disclose embarrassing or harmful features of a client’s life just because they are documented in public records or the attorney learned of them in some other way.” 102 Ohio St. 3d (306, paragraphs 38-39). Again, the Ohio rule is encompasses less than the rule on which Vermont’s rule is based.

Here’s another: Lawyer Disciplinary Board v.McGraw, 461 S.E.2d 850 (W.Va. 1995).  The Moutaineer Supreme Court stated that “[t]he ethical duty of confidentiality is not nullified by the fact that the information is part of a public record or by the fact that someone else is privy to it.” Id. at 861-862.

Finally, I concede that the Restatement is not as restrictive as my take in the blog post.  Here’s more language from the Restatement:

• “Whether information is generally known depends on all circumstances relevant in obtaining the information. Information contained in books or records in public libraries, public-record depositaries such as government offices, or in publicly accessible electronic-data storage is generally known if the particular information is obtainable through publicly available indexes and similar methods of access. Information is not generally known when a person interested in knowing the information could obtain it only by means of special knowledge or substantial difficulty or expense. Special knowledge includes information about the whereabouts or identity of a person or other source from which the information can be acquired, if those facts are not themselves generally known.”

Still, as a lawyer, I’d be wary.  Arguably, “special knowledge” includes “I’m the only person who knows or remembers that there’s something in the public record about my former client.”

 

Protecting Data: Cybersecurity Tips

For those of you pressed for time, the tips are in this post from the ABA Journal.  For the rest of you, I will now return to our regularly scheduled programming.

The phishing scam I warned about yesterday turned out to be a false alarm; a case of the school that conducted a fire drill without notifying the fire department.

Still, I’ll channel my inner Dwight Schrute:

FACT: lawyers and law firms are frequent targets of phishing scams & malware/ransomware attacks.

Some readers asked what the perpetrators of a phishing scam hope to gain by targeting lawyers and law firms.

Access to information.  Either yours or your clients’.

For example, be wary of an unsolicited e-mail that asks you to click on a link and confirm an account number or password.  This is obvious, correct?  If you respond, what have you done?  That’s right – you’ve given out an account number and its password.

Lately, there’s been a rash of well-publicized phishing scams designed to release malware or ransomware. In some instances, the malware provides the scammer with access to data – account numbers, passwords, secure client information.  In other instances, ransomware encrypts an office’s data.   And by “encrypts” I mean “prevents the office from accessing the data unless or until a ransom is paid.”  Think I’m exaggerating?

The Providence Journal has this story about a firm that was locked out of its data for three months earlier this year.  The firm paid a ransom, then paid another, lost $700,000 in billings, and is in litigation with its cybersecurity carrier.  Oh yeah, and how about being in the news for  having had confidential information breached?  Probably not the marketing campaign most of us would choose.

Or, from the FindLaw blog: last year, a prosecutor’s office in Pennsylvania paid a ransom to release files that had been locked after an employee clicked on a link in an e-mail that the employee believed to be from another government agency.  Sound familiar?  It should – that was yesterday’s pseudo-scam: an invitation for lawyers to click on links in an e-mail that appeared to be from the “ethics board.”

It’s not just small firms and state agencies that are at risk.

DLA Piper is one of the largest firms in the U.S. and has offices all over the world.  Last June, DLA Piper issued this cybersecurity advice in response to a global ransomware attack.  Unfortunately, and as reported by Above The Law, DLA Piper fell victim to a similar attack shortly after issuing the warning.

Today, I came across a post in the ABA Journal: Practical cybersecurity for law firms: How to batten down the hatches.  Give it a read.  It’ll be worth your time.

Remember: the Rules of Professional Conduct impose a duty to act competently to safeguard client information.  I understand that some of you worry that your unfamiliarity with technology will make you look silly if you ask for help.  Stop worrying. Doing nothing other than hoping that it doesn’t happen to you is not a reasonable alternative.

 

 

 

 

 

 

 

Protecting Client Data

Next week, the Professional Responsibility Board will review several proposed amendments to the Vermont Rules of Professional Conduct, including proposals to change the rules that relate to the duty to act competently to protect client data.

I’ve blogged often on this issue.  Nevertheless, it bears re-visiting.

Rule 1.1 requires a lawyer to provide a client with competent representation.  I’ve asked the Board to recommend that the Court follow the ABA’s and add the underlined & bolded language to Comment [6]:

• [6] To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.

Per Robert Ambrogi’s Law Sites Blog, 28 states have adopted a duty of tech competence.

Rule 1.6 prohibits the disclosure of information relating to the representation of a client.  A few years ago, the ABA amended Model Rule 1.6 to include the following language:

• “A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.”

I’ve asked the Board to recommend that the Court do the same.

I view Rules 1.1 and 1.6 as creating an affirmative duty to act competently to safeguard client information, including client information that is transmitted or stored electronically.

Now, if the proposals are adopted, will a lawyer need to know how to create an encryption key? Of course not.  Just like, right now, a lawyer does not have duty to know how to build a lock, a file cabinet, or a fob that opens & closes a keyless door.  But, a lawyer probably has a duty to understand the risks and benefits associated with leaving client files in a box that’s in a shared hallway, as opposed to in a locked file cabinet that’s in a room behind a keyless door to which only 2 firm employees have fobs.

Similarly, will a hack or data breach automatically lead to a disciplinary sanction? No. Again, if a lawyer has taken reasonable precautions to protect client data, whether by encrypting e-mail or exercising due diligence in choosing a cloud vendor, the fact of a breach likely is not a violation.

However, I believe we’re rapidly approaching, if we haven’t passed, the day when it will no longer be considered reasonable not to have encrypted email.  Further, if you’re considering a move to the cloud, while you don’t know how to build your own cloud server, the duty of tech competence includes a duty to know what you don’t know.

For example, let’s say you ask a potential cloud vendor whether your clients’ data will be encrypted.  The vendor replies “yes, we use a BTTF flux capacitor to encrypt data at rest.  For data in transmission, we guarantee it will make the Kessel Run in 12 parsecs or less.”

What’s your response?

To read more about a BTTF flux capacitor click HERE.  An update on the Kessel Run and parsecs (which are units of distance, not time) is HERE.

Finally, if adopted, my hope is that the new language in Rules 1.1 & 1.6 leads us away from re-evaluating the ethical duty with each technological advance that gives us a new method of transmitting and storing data.

As I’ve written, today’s cloud-based practice management systems are not much different than the businesses that lease storage units on the outskirts of damn near every town.  Before storing client information on or at either, a lawyer must review whether each affords reasonable precautions against unauthorized access and disclosure.

No, the question should not be “is this new way of storing information ethical?”  Nor should it be “is it okay to use smoke signals to communicate with my client?”  Rather, whenever the next big thing comes along, the question should be “does this means of transmitting and storing client information provide reasonable precautions and safeguards against unauthorized access and disclosure.”

For related posts:

• Encryption & The Evolving Duty to Safeguard Client Information
• The Cloud: What are Reasonable Precautions?
• To Encrypt or not to Encrypt? THAT is the question
• Competence Includes Tech Competence

 

Monday Morning Answers #83

Friday’s questions are HERE.

Spoiler alert: the answers follow today’s Honor Roll in 5, 4, 3, 2, 1……if you don’t know, now you know.

Honor Roll

• Ed Adrian, Monaghan, Safar, Ducham
• Andrew Costello, Leeds Brown
• Robert Grundstein
• Keith Kasper, McCormick, Fitzpatrick, Kasper & Burchard
• Patrick Kennedy, First Brother, Dealer.Com
• Deborah Kirchwey, Law Offices of Deborah Kirchwey
• Elizabeth Kruska, Esq.
• Jeffrey Messina, Bergeron, Paradis, Fitzpatrick
• Hal Miller, First American
• Daniel Richardson, Tarrant Gillies & Richardson
• Kane Smart, Agency of Natural Resources, Office of General Counsel
• Emily Tredeau, Office of the Defender General, Prisoners’ Rights

Answers

Question 1

There’s only ONE thing that the rules require Vermont lawyers to keep for a period of years.  What is it?

• A.   Copies of advertisements for 2 years after they first run.
• B.   Client’s file for 7 years following the termination of the representation of Client.
• C.   Trust account records of funds held for Client for 6 years following the termination of the representation of Client.  Rule 1.15(a)(1).
• D.   Client’s confidences & secrets for 7 years following the termination of the representation of client.

Notes:  A is incorrect because the rule was repealed years ago.  B is NOT CORRECT.  The file must be delivered upon the termination of the representation.  See, Rule 1.16(d).  It’s a good idea to make a copy for yourself, but the rules do not require you to do so.  Your carrier probably does though.  Finally, D is not correct.  We stopped using the word “secrets” in 1999.  Also, information relating to the representation of a former client is governed by Rule 1.9(c) and is not subject to a 7-lear limit.

Question 2

Attorney called.  Among other questions on a single topic, she asked me whether the rules define “person of limited means.”  What general topic did Attorney call to discuss?

The pro bono rules.  Per rule 6.1, a majority of the 50 hours should go to providing representation to persons of limited means, or, to organizations that primarily address the needs of persons of limited means.  For more, including the definition of “persons of limited means” see this blog post.

Question 3

Speaking of encrypting email, if there is a duty to encrypt, it flows from two duties set out in the rules. One is the duty to maintain the confidentiality of information related to the representation.  What’s the other?  The duty to:

• A.  Safeguard client property & funds
• B.  Provide a client with diligent representation
• C.  Provide a client with competent representation.  See, Rule 1.1.  Also, the link to my blog on encrypting email was included with the questions.  It outlines how the duty of competence dovetails with the duty to maintain confidences to include a duty to act competently to safeguard information relating to the representation of a client.
• D.  Communicate with a client

 

Question 4

Lawyer represents Client.   Shortly before trial, opposing party discloses Witness. Lawyer determines that he has a conflict that prohibits him from representing Client in a matter in which Witness will testify for Opposing Party.

Lawyer moves to withdraw and discloses the conflict in both his motion and the argument on the motion.  The court denies the motion and Lawyer represents Client at trial.  Witness testifies, Lawyer cross-examines Witness.

True or False: Lawyer violated the Vermont Rules of Professional Conduct by representing Client at trial and cross-examining Witness.

False.  Rule 1.16(c).  (“When ordered to do so by a tribunal, a lawyer shall continue representation nothwithstanding good cause for terminating the representation.)

Question 5

I’m not making this up.

In Vermont, V.R.Pr.C. 3.1 is the equivalent of civil rule 11.  It prohibits lawyers from asserting a position unless there is a non-frivolous basis for doing so.

I’m not making this part up either.

In 2014, a New York lawyer was sued for allegedly helping a client to fraudulently transfer assets.  Let’s call the lawyer “Defendant.”

In 2015,  Defendant filed a motion in which he requested the he and plaintiff either have a duel or “trial by combat.”  When questioned by the media, he responded that “”I have a good-faith belief that this is still part of our state constitution. I want the law to be clear on this issue, and I have every right to ask for this.”

What’s Defendant’s favorite television show?

Game of Thrones.

The lawyer’s request was denied.  In an article on the denial, Staten Island Live has a fascinating quote from Attorney Richard Luthmann:

• “I believe that the court’s ruling is based upon my adversaries’ unequivocal statement that they would not fight me,” said Luthmann, who’s based in Castleton Corners.  “Under my reading of the law, the other side has forfeited because they have not met the call of battle. They have declared themselves as cowards in the face of my honorable challenge, and I should go to inquest on my claims.”

 

 

 

Legal Ethics, Cloud Storage, and . . . Game of Thrones?

So, you want to store client data in the cloud? Excellent! Odds are it’ll make you more efficient.

What are your duties under the rules of professional conduct?  Good question.

In my view, a lawyer has a duty to take reasonable precautions to protect client information from unauthorized access or disclosure.   The duty applies no matter the “place” that the information is stored.  That is, the cloud is a “place to store client information” in the exact same sense as a storage facility out on the old county road.

For more, here’s my post The Cloud: What Are Reasonable Precautions?

Now, about that headline.

Jeff Bennion has a great post over at Above The Law: How Are Lawyers Supposed  To Have More Security Than HBO?  It’s well-worth the few minutes you’ll need to read it.  A summary of his tips:

• Know your duties
• Don’t make unnecessary copies of things
• Know that some client data is more sensitive than other data
• Secure all devices & places where client data is stored.

Only 109 hours, 44 minutes until The Dragon & The Wolf.  Until then, just as I’m sure you’ll take reasonable precautions to avoid spoilers, do the same to avoid the inadvertent or unauthorized disclosure of client information.

 

 

Crossing the Border? Consider Bringing Only What You Really Need.

There’s a lot going on in Montreal.

The city is celebrating its 375th anniversary.  The Impact and Alouettes have opened their seasons.  Guns N’ Roses plays Parc Jean Drapeau in a few weeks, and hopefully things go better than at the Big O in 1992.  The Museum of Fine Arts has Revolution.  The Lachine Rapids are a great way to beat the August heat.

Whatever draws you north, think twice about bringing electronic devices that contain client information.

A few weeks ago, I posted an update on protecting client information while returning to the U.S. from abroad.  In it,  I included this quote from another blogger: “I wish I could conclude this post with easy answers, but it appears that there are none at the moment.”

Moments change.

On July 27, the New York City Bar Association issued Formal Opinion 2017-5.  In short, and as reported by the ABA Journal, lawyers should take reasonable precautions to avoid disclosure of client information during a border crossing.

Here are some highlights from the NYC Opinion:

• Rules 1.1 (competence) and 1.6 (confidences) impose a duty to act competently to safeguard client information.
• The duty includes taking reasonable precautions against disclosing information that should not be disclosed.
• The duty requires “attorneys to make reasonable efforts prior to crossing the U.S. border to avoid or minimize the risk that government agents will review or seize client confidences that are carried on, or accessible on, electronic devices that attorneys carry across the border.”
• What are reasonable efforts/precautions? It’ll depend on a variety of factors.
• Those factors suggest “that an attorney should not carry clients’ confidential information on an electronic device across the border except where there is a professional need to do so.”
• The factors also suggest that “attorneys should not carry clients’ highly sensitive information except where the professional need is compelling.”

The opinion goes on to provide some detail on how to evaluate the risk that confidential information will be reviewed at the border. (It’s low).  The opinion also sets out safeguards to implement, with “the simplest option with the lowest risk [being] not to carry any confidential information across the border.”  (emphasis mine)

Importantly, the opinion suggests that an attorney does not violate New York’s rules by complying “with a border agent’s demand, under a claim of lawful authority, for an electronic device containing confidential information during a border search.”   Key, however, is that the opinion stresses that an attorney must first undertake “reasonable efforts to dissuade border agents from reviewing clients’ confidential information or to persuade them to limit the extent of their review.”

Finally, the opinion states that if client information is reviewed during a border crossing, Rule 1.4’s duty of communication requires the lawyer to inform each affected client.

I cannot give you “yes” or “no” answers for every conceivable possibility related to client information, electronic devices, and border searches.  I’ll leave it at this: if devices containing client information are searched – and that’s a big if – will you sleep easier knowing that you took precautions against it happening?

Remember, not every unauthorized access creates ethics liablity for the attorney.  “Reasonable precautions” does not mean “fool-proof.”  However, the failure to take precautions might be viewed as clear & convincing proof of foolishness – a determination that might lead to sleepless nights.

Whatever you do before you travel to Canada with devices that contain client information, do whatever will help you (and your clients) sleep best after you return.

 

Update: Protecting Client Information at the U.S. Border

Two months ago, I posted Protect Client Info When Traveling Abroad.

Earlier this week, Jeff Richardson posted New information on your iPhone being searched by Customs at the border.  If you’re heading to Montreal this summer, it might be worth a read.

For those of you who reflexively avoid any tech-related post, do so at your own risk. Here’s the concluding paragraph from Jeff’s post:

• “I wish I could conclude this post with easy answers, but it appears that there are none at the moment.  I don’t know how you should weigh the usefulness of having your iPhone and iPad with you outside of the country versus the risk that a border agent will try to search the device as you enter the country.  And remember, we are just talking about U.S. border agents right now; you may also find yourself facing an official in another country who demands access to your device and who has no regard for the Rules of Professional Conduct or the Rules of Evidence governing privilege.” (emphasis added)

By the way, Jeff’s blog is a helpful resource (think “tech competence“) for lawyers who use iPhones and iPads.

Protect Client Info When Traveling Abroad

Given the proximity of the Canadian border, and with the YLD Thaw in mind, this article strikes home.

As reported by the ABA Journal in this post, ABA President Linda Klein recently authored a letter to DHS in which she expressed “serious concern about standards that permit searches of lawyer laptops and other electronic devices at the border in the absence of reasonable suspicion.”  President Klein’s letter is here.

Let me be clear: I am NOT suggesting that Vermont lawyers have an affirmative duty to refrain from bringing devices that contain client data to Montreal when traveling for the weekend. However, understand what might happen upon your return.  And, as I often say in response to inquiries, avoiding problems is a great way not to have any.  So, if you don’t need your device that contains work & client data while you’re wandering the Old Port, consider not bringing it.

Somewhat related, I’ve previously posted a blog Subpoena to Disclose Client Info?

 

 

 

Phising Scheme Alert: Google Docs

A phishing scheme is making the rounds today. It’s an attack in which an email invites the target to edit a document in Google Docs.

Adi Robertson at The Verge has the details here.

Let’s be careful out there.