The Future of Attorney Regulation is Proactive.

Within the world of attorney regulation, there is a trend towards Proactive Management Based Regulation (“PMBR”).  In this post, the Legal Ethics Forum provided one of the more concise descriptions of PMBR that I’ve seen:

  • “With PMBR, the regulator works with lawyers to address risks to avoid problems, rather than reacting to attorney misconduct after it has occurred.”

In other words, focusing as much on preventing fires as putting them out.

To date, PMBR has been implemented in Australia and Canada.  Two states, Colorado and Illinois, have formally adopted it.  Many other states are moving towards it.

The PMBR movement received a welcome boost last week.  The ABA’s House of Delegates approved Resolution 107.   The text:

“RESOLVED: That the American Bar Association urges each state’s highest court, and those of each territory and tribe, to study and adopt proactive management-based regulatory programs appropriate for their jurisdiction, as a way to enhance compliance 4 with applicable rules of professional conduct and supplement existing disciplinary enforcement mechanisms, and to:

a. assist lawyers, law firms, and other entities in which lawyers practice law in the development and maintenance of ethical infrastructures that help to prevent violations of applicable rules of professional conduct;

b. reduce complaints to lawyer disciplinary authorities;

c. enhance lawyers’ provision of competent and cost-effective legal services; and

d. encourage professionalism and civility in the profession.”

The sponsors’ Executive Summary (page 83) urges adoption of “proactive
management-based regulatory (PMBR) programs to enhance compliance with
applicable rules of professional conduct and supplement existing disciplinary
enforcement mechanisms.”

I culled some additional statements from the Executive Summary and will present them as bullet points:

  • “PMBR programs operate separately from the disciplinary process.”
  • “PMBR programs offer a systemic preventive approach to help lawyers, and the entities where they practice law, develop ethical infrastructures to improve the delivery of competent and cost-effective legal services.”
  • “PMBR programs encourage professionalism and civility, and change for the better the relationship between the regulator and regulated.”
  • “PMBR programs provide lawyers with an array tools, including self-assessment
    checklists and online programming, to help them and the entities where they
    practice law develop ethical infrastructures and identify where they may need
    additional skills, training, and education.”
  • “PMBR programs are not one-size-fits-all, may be crafted to meet the needs of each
    jurisdiction, and are reasonable in cost.”

Here in Vermont, we’ve not formally adopted PMBR.  However, we’ve made several of its principles central to the Professional Responsibility Program’s mission.

For example, many of you know that I was disciplinary counsel from 2000-2012.  That entire time, I had a full-time deputy and we reviewed, on average, 246 new disciplinary complaints per year.  During the same period, bar counsel was half-time and responded to, on average, 234 ethics inquiries per year.

Our default, indeed our very set-up, was to react.

In 2012, under the leadership of then-chair Jan Eastman, the Professional Responsibility Board recommended that the Court reallocate resources with the PRP.  The crux: make bar counsel a full-time position, reduce deputy disciplinary counsel to a half-time position.

It worked.

FY                         Disciplinary Complaints                               Inquiries of Bar Counsel 2013                                    285                                                                                   627            2014                                    243                                                                                   750               2015                                    208                                                                                   827               2016                                    181                                                                                   1,100               2017                                    140                                                                                   1,109               2018                                    149                                                                                   1,263

(I’ve previously blogged on the inquiry process and the changes that we made in 2012.)

This is without getting into the sizeable increase in the number of continuing legal education seminars that we present, our focus on issues like civility, wellness, and tech competence, and the fact that, now, we resolve most complaints at screening without referring them to disciplinary counsel, thereby freeing up disciplinary counsel to focus on serious misconduct.

But there’s more we can do for you.

I’ve followed the programs implemented in Colorado and Illinois.  Further, I’m a member of the National Organization of Bar Counsel, one of the strongest leaders in the PMBR movement.  I’ve got some ideas.  Stay tuned.

For now, remember: the future of regulation is proactive.

Image result for images of proactive

 

Encryption & The Evolving Duty to Safeguard Client Information

In December 2015, I posted To Encrypt or not to Encrypt?   

The post began with an analysis of how Rules 1.1 and 1.6 work together to impose a duty to act competently to safeguard client information, including information that is stored and transmitted by electronic means.

From there, I walked readers through a series  advisory ethics opinions.  Over time, the opinions moved from concluding that the duty to act competently to safeguard client information did not include a duty to encrypt to concluding that it might.

I stated that, at the very least, lawyers had a duty to warn clients about the risks associated with unencrypted electronic communications.  Then, I wrote:

  • “My sense is that we will soon reach, if we haven’t already reached, a day upon which it will not be considered reasonable to transmit client information via unencrypted email.  Encryption is not as difficult or expensive as it used to be and more secure alternatives are readily available.”

Last week, that day drew closer.

On May 11, the ABA’s Standing Committee on Ethics & Professional Responsibility issued Formal Opinion 477: Securing Communication of Protected Client Information. The opinion analyzes the duties imposed by Rules 1.1 and 1.6.  It reviews a series of advisory ethics opinions and discusses the trend towards requiring lawyers to encrypt electronic client communications.

Opinion 477 concludes that lawyers must make reasonable efforts to safeguard client information.  It states that “[w]hat constitutes reasonable efforts is not susceptible to a hard and fast rule, but rather is contingent upon a set of factors.”  That is, lawyers must employ a “fact-based analysis” when transmitting & storing client information.  Factors in the analysis include:

  • the sensitivity of the information,
  • the likelihood of disclosure if special safeguards are not used,
  • the cost of using special safeguards, and
  • the difficulty of using special safeguards.

With respect to these factors, the opinion concludes that lawyers must, on a case-by-case basis, constantly analyze how they communicate electronically about client matters . . . to determine what effort is reasonable.”

The opinion makes clear that lawyers must remain cognizant that the analysis will change as technology evolves. In other words, what’s reasonable today might not be reasonable in 2020.

More importantly, what was unreasonable in 1997 might be reasonable today.  For example, as the opinion notes, “a fact-based analysis means that particularly strong protective measures, like encryption, are warranted in some circumstances.”

The opinion suggests that the duty to safeguard client communications likely requires lawyers to:

  • Understand the nature of the threat,
  • Understand how information is transmitted & where it is stored,
  • Understand & use reasonable electronic security measures,
  • Determine how electronic communications should be protected,
  • Label communications as “privileged & confidential,”
  • Train partners, associates, and nonlawyer assistants in information security, and
  • Exercise due diligence when choosing a vendor.

For more on each, see pages 5-9 of formal opinion 477.

In my view, the opinion sends a strong signal that the failure to use basic and widely available tools violates the duties imposed by Rules 1.1 and 1.6.  Those tools include:

  • Within an office, using adequate login passwords
  • Changing those passwords on a regular basis
  • Password protecting email attachments
  • Using secure WiFi (as in, not the coffee shop’s Wifi)
  • Installing & updating firewalls, anti-malware, anti-spyware, and anti-virus software
  • Using client portals instead of email
  • Using established & secure cloud-based file storage vendors to send, exchange, and view documents
  • Remembering that client information is on, or has been accessed from, multiple devices: cell phones, tablets, remote log-ins

If you take anything away from this, as usual, let it be my refrain that “competence includes tech competence.”  For, if you find yourself in times of trouble, it will not be acceptable to respond “but that tech stuff is too complicated!”

It isn’t.

As technology evolves, so evolves the standard of “reasonable efforts to safeguard client information.”

Have you evolved?

Electronic Communication

 

 

 

 

Succession Planning: can your clients make it without you?

Many of you spend a lot of time advising your clients to prepare for the worst. Have you taken the time to protect your clients if the worst happens to you?

An unexpected diagnosis. A car accident. A skiing mishap. What if you had been away during Hurricane Irene, unable to return to Vermont for that trial, or that deposition, or that closing?

No matter the reason, what if you are not available? Will your clients be protected?

Does anyone know where your files are? Or where you keep your schedule and deadlines? Or the password to your cloud storage platform?  Or how to access your trust account?

Rule 1.3 of the Vermont Rules of Professional Conduct requires lawyers to act with reasonable diligence while representing a client. Comment 5 to Rule 1.3 states that “to prevent neglect of client matters in the event of a sole practitioner’s death or disability, the duty of diligence may require that each sole practitioner prepare a plan, in conformity with the applicable rules, that designates another competent lawyer to review client files, notify each client of the lawyer’s death or disability, and determine whether there is a need for immediate protective action.”

Among other things, a sound succession plan will help to ensure that:

1. deadlines will be met.

2. disbursement of funds held in trust will not be delayed.

3. client files and property will be located and safeguarded.

4. clients are protected.

The Vermont Bar Association has presented seminars on Succession Planning.  To review a seminar by DVD, go to this list and look for Seminar ID #483.  You might also want to review this helpful guide from my colleagues at the Washington State Bar Association or this article from Mark Bassingthwaighte of ALPS.