Wellness Wednesday: an action plan

On March 3, 2016, I posted my first blog on attorney wellness: Lawyers Helping Lawyers.  Since, I’ve raised the issue as often as possible on this blog and at continuing legal education seminars.  Today, I’m pleased to report that the Vermont Commission on the Well-Being of the Legal Profession recently issued its State Action Plan.

The Vermont Supreme Court created the Commission in response to a report from the National Task Force on Lawyer Well-Being.  That report, The Path to Well-Being: Practical Recommendations for Positive Change, made a series of recommendations in response to a study that found staggering rates of behavioral health issues among lawyers.  Relevant to my job as bar counsel, the national report noted:

  • “To be a good lawyer, one has to be a healthy lawyer.  Sadly, our profession is falling short when it comes to well-being.  The two studies referenced above reveal that too many lawyers and law students experience chronic stress and high rates of depression and substance abuse.  These findings are incompatible with a sustainable legal profession, and they raise troubling implications for many lawyers’ basic competence.”

Competence is the first professional duty set out in the Rules of Professional Conduct.

Again, Vermont’s state action plan is here.  When you have time, give it a read.  Here’s the concluding paragraph from the introduction:

  • “Our profession has a duty to deliver competent legal and judicial services that will serve to uphold the integrity of the justice system. We recognize that the recommendations that follow may impose costs on the profession. We are certain, however, that the benefits of these proposals outweigh the modest cost of implementing them. Neglecting the truths of the national report that issued and its focus on the elevated risks for mental illness and substance abuse will, we believe, impose greater, more damaging costs—both on our profession, the public and its confidence in the rule of law. We hope that these proposals will be recognized as responsibilities fundamental to the privilege of practicing law.”

I agree 100%  We cannot neglect the issue.  As a profession, we must follow-up on the action items.  We cannot congratulate ourselves on the Commission’s fantastic work only to relegate the plan to the digital equivalent of a shelf where it collects electronic dust until that long-off day when someone finds an archived version and says “Wow.  Great ideas. I wonder what ever became of them?”

Wellness

If you’re new to this topic, here are my various posts:

 

 

 

Competence, Confidences and PDFs

In my view, Rules 1.1 and 1.6 impose a duty to act competently to prevent the unauthorized access to or disclosure of information relating to the representation of a client.  I’ve blogged on this issue many times:

Next week, I’m presenting two seminars at the YLD Mid-Winter Thaw in Montreal.  In the first, I’m on a panel with Judge Hayes and the Judiciary’s Andy Stone.  Judge Hayes and Andy will introduce lawyers to the Judiciary’s new case management system.  My job will be to chime in on ethics issues that might arise with electronic filing.   My thoughts will focus on tech competence.

expos

Imagine this scenario: whether in a filing or a communication to opposing counsel, a lawyer includes a PDF.  Prior to transmission, the lawyer redacted the PDF to keep certain information confidential.  Alas, the lawyer did not properly redact the PDF.  By highlighting the redacted the portions and pasting them into a new document, opposing counsel, or anyone else with access to the PDF, can discover what the lawyer intended to obscure.  The filing is here.

Did the lawyer take reasonable precautions to protect the information?  Was it a one-time mistake that doesn’t rise to the level of an ethics violation?  What if it was information that the court had ordered remain confidential and now is public?

Earlier this week, lawyers for Paul Manafort, President Trump’s former campaign chair, filed a response to special counsel Robert Mueller’s allegation that Manafort lied to Mueller’s investigators.  Due to what the ABA Journal described as a “technical oversight,” the filing was not properly redacted.  As such, the media was able to discover that Manafort is accused of sharing polling data with a Russian business person.  The story has been covered by the ABA Journal, BuzzFeed, Fox News, and the Washington Post.

(Update at 1:16 PM on January 10:  Above The Law’s Joe Patrice has a great recap here.)

Go back to the scenario I posited above: what if that’s you in a Vermont case?  What if you meant to redact a client’s proprietary information, or a witness’s mental health records, or a confidential informant’s identity? What if you didn’t do it right?

Jason Tashea writes for the ABA Journal. Today, he posted How to redact a PDF and protect your clients.  If this is an area of tech competence that interests or concerns you, I’d suggest giving Jason’s post a read.

 

TBT: Counsel Clients on Social Media Use

The post below is a cut & paste job.  The original ran several months ago.  I’m re-running it because I recently heard from two different attorneys whose clients posted damning information to social media.

Summary: I think you can make an argument that the duty of competence includes advising a client that the opposing party & lawyer will likely look for and use any information that the client posts to social media.

*****

Earlier this month, the ABA Journal posted a blog in its “ethics” section: Celebrity attorneys face challenges, ethical pitfalls.   I enjoyed it as much from the pop culture slant as I did from the “it’s my job” slant.

However, speaking of the “it’s my job” slant, I want to discuss two things.

First, over the past year, the news has been filled with lawyers making public statements about their clients and former clients.  So much so that several times I’ve been asked what I think about it.

Regular readers know what I think it.  I’m a big believer in two concepts:

  1. Hey Lawyers! STFU!!!
  2. Can’t Keep Quiet? Try Harder.  

As Thomas Edison said:

“You will have many opportunities
to keep your mouth shut.
You should take advantage
of everyone of them.”

(aside: choosing not to blog is probably one of the opportunities of which I should take advantage.)

Second, while most of the article discusses trial publicity and Rule 3.6, there’s a little nugget that, in my view, is great advice not just for lawyers who represent celebrities, but for lawyers who represent, well, clients.

Referring to lawyers who represent famous people, the article says:

  • “Client and entourage use of social media can compromise a defense. Ethically, attorneys have to make sure their clients and their team understand ground rules and place limitations on social media use related to the case.”

Trust me, I understand that very few of my readers represent the Vinny Chases of the world.  Nonetheless, I think the second sentence is critically important even for lawyers whose clients don’t have their own versions of E, Turtle, and Johnny Drama.

Why?

Because these days, entourage or not, what client isn’t on social media???  And that’s where the very next paragraph in the ABA Journal post comes in.  Quoting Ann Murphy, a professor at Gonzaga University School of Law, the post notes:

  • ” ‘Attorneys, as part of their ethical duties, must now counsel their clients on the use of social media,’ Murphy says. ‘Once it is out there, it is out there. Even if someone deletes a Facebook post—it likely has been saved as a screenshot and is of course subject to discovery,’ she adds. ‘Personally, I think the best advice is tell the client that any posts about his or her case must be viewed in advance by the attorney.’ “

That’s a fantastic tip.  Professor Murphy – if perchance you find this blog, In Few I Trust. Go Zags! 2019 national champs!

See the source image

Now, I can hear some of you now – “mike, am I supposed to know what my client puts on social media?”

Well, opposing counsel will.  So unless you’re comfortable finding out about that damning tweet or post at deposition or in mediation, my response is:

See the source image

At the very least – and by “very least” I mean “barest of bare minimums” – I think lawyers have a duty to communicate to their clients the risks associated with posting info to a public forum.

In sum, while the ABA Journal article focuses on the risks associated with representing famous clients, it includes a tidbit that applies to any lawyer who has a client on social media: what happens on social media rarely stays on social media.

Tech competence.  It’s a thing.

By the way, among my friends, I’m definitely E.  My brother is almost definitely Drama.  Alas, while we have several candidates for Turtle, not many for Vinny.   And at risk of offending my friends, the “many” in that previous sentence?  It’s pronounced with a silent “m.”

See the source image

Five for Friday #140

Quick: without thinking, name a song by The Eagles.

Now, hold that thought.

I don’t particularly enjoy writing about music.  Nonetheless, when I do, I receive more feedback than on virtually any other topic that I cover.  The #fiveforfriday posts Beatles v. Stones and T. Petty & T. Swift are the most read in the history of the quiz.  The tribute to Prince is in the top 5.

Even this month’s ode to M.C. Hammer, Don’t Post Thatgenerated significantly more response than most of my posts. Albeit with a complaint that my musical references are too dated.

What can I say?  I AM dated!

Still, for younger readers, when it comes to posting client confidences online, think of Maroon 5 Girls Like You, ft. Cardi B.  In particular, Cardi B’s:

“red light, red light, stop!”

Anyhow, since I can’t think of anything related to “140,” I’m resorting to writing about something that happened on a November 30 of yesteryear.  Specifically, a musical event that I’ll try to relate to legal ethics.

Michael Jackson’s album Thriller was released 36 years ago today.  A few weeks ago, I heard a story about the best-selling album of all-time.

It’s not Thriller.

For whatever reason, that surprised me. I’m not a big fan of Michael Jackson’s music, but like most of us, I’m generally aware of a lot of his songs.  I just kind of assumed that Thriller was the top-selling album ever.

Nope.  Measured by U.S. sales, The Eagles hold the top spot.  Earlier this year, Their Greatest Hits (1971- 1975) overtook Thriller.

See the source image

Now, back to my original question.  Name a song by The Eagles.

As I suspect you said “red hammer,” I’m willing to bet you picked “Hotel California.”

The Eagles released Hotel California after they released Their Greatest Hits (1971-1975).  Maybe it’s just me, but I find that mind-boggling. The song that, arguably, is the band’s greatest is not on the band’s album that happens to be the best-selling of all-time.

Take a look at the track list: the songs on Their Greatest Hits (1971-1975) are solid songs and, obviously, quite popular.  But, I’d argue that none is Hotel California.  And maybe that says something about competence.

I often preach Rule 1.1 and a lawyer’s duty of competence.  Remember: the rule doesn’t require you to be a superstar. It requires you to be competent.  Over and over again.  For each and every client.

Consistent competence.

Early in their career, The Eagles were competent, over and over again.  The result: before the band did its best work, it did a lot of good work that, when compiled, went on to be the best-selling album of all-time. To me, the whole was greater than the sum of its parts.

So, as lawyers, maybe our goal shouldn’t be the legal equivalent of creating Hotel California. Rather, maybe our goal should be consistent competence.  We should strive to be competent over & over & over again.  Knowing that consistent competence might have a greater impact than being a rock star in any single case.

Onto the quiz.

Rules

  • None.  Open book, open search engine, text/phone/email-a-friend.
  • Exception – but one that is loosely enforced – #5 (“loosely” = “aspirational”)
  • Unless stated otherwise, the Vermont Rules of Professional Conduct apply
  • Team entries welcome, creative team names even more welcome.
  • E-mail answers to michael.kennedy@vermont.gov
  • I’ll post the answers & Honor Roll on Monday
  • Please don’t use the “comment” feature to post your answers
  • Please consider sharing the quiz with friends & colleagues
  • Please consider sharing the quiz on social media.  Hashtag it – #fiveforfriday

Question 1

At a CLE, you wake from a brief nap to hear me using the terms “concurrent,” “former,” and “prospective.”  I’m talking about the:

  • A.  rules on conflicts of interest
  • B.  trust accounting rules
  • C.  advertising rules
  • D.  rule on client confidences insofar as it relates to encrypting e-mail

Question 2

By rule, the interest on your pooled interest-bearing trust account goes to:

  • A.  Clients
  • B.  The Vermont Bar Foundation
  • C.  A or B
  • D.  B, but only with client consent

Question 3

“Impliedly authorized to carry out the representation” is an exception to the rule that prohibits:

  • A.   Conflicts of interest
  • B.   Commingling of funds
  • C.    Contacting a represented person without the permission of the person’s lawyer
  • D.   Disclosing information relating to the representation of the client

Question 4

True or false.

An associate does not violate the rules if the associate acts in accordance with a partner’s reasonable resolution of an arguable question of a professional duty, even if the partner’s resolution turns out to be wrong.

Question 5

Sydney Carton was a brilliant lawyer who struggled with alcohol & depression.  His most famous client was Darnay.

While not explicitly clear from the historical record, I’m pretty sure that Darnay filed a disciplinary complaint against Carton.   In it, he alleged that Carton failed to provide him with competent & diligent representation in a criminal trial that resulted in a death sentence for Darnay.

The complaint became moot when Carton, who bore an uncanny resemblance to his client, switched places with Darnay just before the execution.  Carton’s final words before the guillotine fell:

  • “It is a far, far better thing that I do, than I have ever done; it is a far, far better rest that I go to than I have ever known.”

Name the book.

Bonus: name the lawyer who “mentored” Carton.

On a serious note, if you know a lawyer who, like Carton, is dealing with substance abuse or mental health issues, please read this.

 

 

 

ABA Addresses an Attorney’s Obligations in Response to a Data Breach

I’ve blogged often on a lawyer’s duty to act competently to safeguard client data.  Generally, an attorney must take reasonable precautions to protect against inadvertent or unauthorized disclosure of client information.  Some of my posts:

Last month, the ABA’s Standing Committee on Ethics & Professional Responsibility issued Formal Opinion 483.  It sets out a lawyer’s obligations following an electronic data breach or cyber attack.

The opinion is detailed and technical.  It’s worth reading, or, at the very least, sharing with your IT support staff.  Also, various outlets have reported on the opinion, including The National Law Review, Louisiana Legal Ethics, and The ABA Journal.  I suggest each.

I’m going to try to stick to a summary.

  •  Prior to a breach, a lawyer has a duty to act competently to safeguard client property and information.  This likely includes adopting an “incident response plan” that will kick in once a breach occurs.
  • The duty includes an obligation “to monitor the security of electronically stored client property and information.”  In other words, there’s a duty to take reasonable efforts to monitor for and detect unauthorized access. This includes reasonable steps to ensure that vendors act in accordance with the lawyer’s professional obligations.
  • A breach is not necessarily evidence that the lawyer failed to act competently to safeguard client information.
  • If a breach occurs, a lawyer must take reasonable steps to stop it and mitigate the damage that results.
  • If a breach occurs, a lawyer must assess its scope.  This includes determining what information, if any, was lost or accessed.
  • A lawyer must notify current clients if the breach:
    • involves material, confidential client information; or,
    • impairs or prevents the lawyer from representing the client. For example, as would be the case in a ransomware attack.
  • Lawyers must be aware that their ethical obligations are independent of any post-breach obligations imposed by law.  Compliance with professional obligations is not necessarily compliance with other law, and vice versa.

Again, the full opinion is here.

As usual, I like to analogize to non-tech issues.  For instance, when it comes to paper files, most lawyers probably know that there’s a duty to take reasonable safeguards to protect them.  Locked file cabinets.  Locked rooms.  Secure office space.

If a lawyer arrives at work and realizes that the office has been broken into, I imagine the lawyer would intuitively understand the need to determine what, if anything, was viewed or taken.  Then, as appropriate, will notify clients. I also imagine that the lawyer would replace the broken locks, doors, and windows.

Thus, in my view, the ABA opinion clarifies that very standards that most of us already apply to clients’ paper files also applies to their electronic files.

Image result for images of a data breach

 

 

 

 

Estate Planning: Crypto Competence

I blog often on the duty of competence.  It’s in the very first rule.

Until today, I’d not considered Rule 1.1’s application to lawyers who provide estate planning services to clients who own cryptocurrencies.  Rather, with cryptocurrency, I’d only considered the ethics issues associated with accepting it as payment for legal fees.

Today, I came across this post in the ABA Journal.  It includes tips for lawyers who want to provide estate planning services to clients who own crypto assets.

My gut tells me that limiting an estate plan to a client’s non-crypto assets likely isn’t a reasonable limitation.  Even if it was, as a practical matter, I don’t know that many clients would be interested in an estate plan that excludes some of their assets.  Thus, it strikes me that, if it isn’t already, “crypto competence” soon will be a thing for lawyers who provide estate planning services.

See the source image

 

 

Yes!!!

I’m not a huge fan of the “Throwback Thursday” trope, but I am a huge fan of readers.  So, as it has, when blogger’s block strikes, I resort to the trope.

But not without reason.

I’m heading to Rutland tomorrow.  Two years ago, and a few days after heading to Rutland, I blogged on how I hoped never again to have to assuage lawyers that there’s nothing inherently unethical about storing client information in the cloud.

I’m happy to report that we seem to have accepted the premise.

Yes!!!

Thank you.

That being said, refreshers aren’t inherently bad either. Especially since the effective date of the recent amendment on tech competence is nigh.  So, here goes.

The original post ran on November 10, 2016.

*******************************************

Last Friday, I presented a CLE for the Rutland County Bar Association. My assigned topic: the ethics of storing client information in the cloud.  I started by saying that I hoped it was my final seminar on the topic.  I was serious.

Let’s walk through this.

In general, a lawyer has a duty not to disclose information relating to the representation of a client absent client consent.  See, Rule 1.6.  A lawyer also has a duty to keep client property safe.  See, Rule 1.15.

I view the cloud as the latest in a long line of different places to store information.  In that sense, the cloud is not different than manila folders, boxes, offices, attics, basements, barns, file cabinets, file cabinets with locks, storage facilities, hard drives, floppy disks, CDs, and thumb drives.

No matter where a lawyer stores client information, a lawyer must act competently to protect the information against inadvertent or unauthorized disclosure. See, Rule 1.6, Comment [16].  When transmitting client information, a lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients.  Rule 1.6, Comment [17].

So, think about cloud storage like this:  client information is electronically transmitted to a place where it will be kept.  Thus, a lawyer must take reasonable precautions to protect client information both while it is in transit and while it is at rest.

In fact, that’s almost exactly what the VBA’s Professional Responsibility Committee said – SIX YEARS AGO when it issued Advisory Ethics Opinion 2010-06.  Here’s the digest of the opinion:

  • “Vermont attorneys can utilize Software as a Service in connection with confidential client information, property, and communications, including for storage, processing, transmission, and calendaring of such materials, as long as they take reasonable precautions to protect the confidentiality of and to ensure access to these materials.”

(Aside: for anyone wondering why I included an advisory opinion about “Software as a Service” in a post on cloud computing, I remind you that Rule 1.0’s duty of competence includes tech competence.)

The question I hear most often is this:  “what are reasonable precautions?”  In Rutland, I suggested to the audience that they already know the answer, if only by treating the cloud as if it were a storage facility out on Old County Road. Some questions you might ask when considering that facility:

  • who do you let into this facility?
  • do you require a passcode or badge for the gate?
  • are there locks on the individual units?
  • who besides me has a key or knows the combination?
  • can i get into my unit whenever i want to?
  • what happens to my files if I don’t pay or if you go out of business?

Indeed, take a look at page 6 of the VBA Opinion.  The Committee suggested some of those exact questions when considering a cloud vendor.

Or, take a look at this post from Robert Ambrogi.  He writes that “[s]ome basic questions to ask of a cloud vendor, distilled from various ethics opinions, include:

  • Is it a solid company with a good reputation and record?
  • Can you get access to your data whenever you want, without restrictions?
  • If your service is terminated – by you or by the company – can you retrieve your data?
  • Does it allow use of advanced password protocols and two-step verification?
  • What are its internal policies regarding employee and third-party access to your data?
  • Is your data encrypted both while in transit and while at rest on the company’s servers?
  • How is your data backed up?
  • What security protections are in place at the data centers the company uses?”

Finally, remember that asking the questions isn’t enough.  You need to understand the answers or find someone who does.  For example, imagine this:

  • You:   Will my data be encrypted in transmission and at rest?
  • Vendor:  Yes.  In transmission, we use a BTTF Flux Capacitor.  At rest, we use the latest cloaking technology from Romii.
  • You.  Sounds awesome. Sign me up.

Umm, no.  You just signed up to star in the next entry in Was That Wrong.

In conclusion, you may store client information in the cloud so long as you take reasonable precautions.  This entry includes links that will help you determine what “reasonable precautions” are.  Don’t fear the cloud, but know what you don’t know.

Speaking of which, info on the BTTF Flux Capacitor is HERE. And, for more on Romii cloaking technology, go HERE.

cloud

Court Adopts Comment on Tech Competence

The first rule in the Vermont Rules of Professional Conduct requires lawyers to provide clients with competent representation.  I’ve long argued that Rule 1.1’s duty of competence includes tech competence.

Last week, the Vermont supreme Court promulgated amendments to Rule 1.1.  The amendments add three new comments, including one that makes it clear that, in fact, the duty of competence includes tech competence.  As amended, Comment [8] now reads:

Maintaining Competence

[8] To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technologygy, engage in continuing study and education and comply with all continuing legal education requirements to which a lawyer is subject.

As reported by Robert Ambrogi’s LawSitesBlog, Vermont becomes the 32nd state to adopt the duty of tech competence.

Take a look at the picture that Bob uses on his blog:

Image result for lawyer technology competence

No more.

Don’t confuse the meaning of the new comment. It does not require lawyers to know how to use every new gizmo, gadget, or app.  It’s far more practical than that.

For instance, do you understand the risks and benefits of using certain technologies to transmit confidential communications? Or the risks and benefits of mobile payment services? Have you thought about disabling autocomplete? Do you advise clients against being too social?

Also, don’t sleep on the other new comments. As legal outsourcing becomes more prevalent, the new comments provide helpful guidance.

The new comments take effect on December 10.

Related Posts

 

 

Discovery: It’s not a Toy

Since 2000, I’ve reviewed approximately 4,000 disciplinary complaints.  Not many – I’d guess fewer than 20 – involved allegations of discovery violations.

Anecdotally, however, it’s common for lawyers to tell me that “so & so abuses discovery all the time.”  Or, “once I found out who was on the other side, I told my client that she wouldn’t be able to afford the discovery.”

A few thoughts: there’s a common misconception that discovery violations are the sole province of the courts, not the Professional Responsibility Program.  Trust me, I do not want to – and won’t – become the arbiter of legitimate discovery disputes.  Abusive or dilatory discovery tactics?  That’s another issue.

Take a look at Rule 3.4 of the Vermont Rules of Professional Conduct:

“A lawyer shall not . . .

  • (c) knowingly disobey an obligation under the rules of a tribunal except for an open refusal based on an assertion that no such obligation exists;
  • (d) in pretrial procedure, make a frivolous discovery request or fail to make reasonably diligent effort to comply with a legally proper discovery request by an opposing party.”

Of interest, the title of the rule: “Fairness to Opposing Party and Counsel.”

And isn’t that important?  Although adversarial, the process is supposed to be fair.  Not only that, the rules of the game require lawyers to play fairly.

In my view, the rules of procedure – whether civil, criminal, probate, or family – are rules of a tribunal.  Thus, a knowing violation of the obligations imposed by the procedural rules violates Rule 3.4(c).  In addition, Rule 3.4(d) speaks for itself when it comes to abusive & dilatory discovery.

Earlier today, I came across a post in the ABA Journal: Let’s trash ‘data dump’ litigation The author makes compelling arguments against not just abusive & frivolous discovery, but what I call “mindless” discovery.   By “mindless,” I mean a discovery request or response made for no other reason than to say “we asked for everything!” or “we gave them everything!”

In one sense, mindless discovery is CYA discovery.  Or, lazy discovery.  CYA & lazy aren’t good.  Indeed, there’s nothing wrong with precise requests and responses.  Odds are that they do the job, and satisfy the duties of competence & diligence, without leaving a lawyer with the need to cover anything.

In another more cynical sense, mindless discovery is less a product of absent-mindedness than it is a product of a mindset to drive up costs or to foster delay.  You know, two of the very things that give lawyers a bad name.

Give the ABA Journal post a read. It makes interesting points on (1) a trend in the federal courts towards requiring “precision” in discovery; (2) the benefits that technology can bring to the discovery process; and (3) the benefits of – oh no! – actually having an honest discussion with opposing counsel about what each side really needs.

A quote from the post jumped out at me:

“Access to justice should not be a function of who can afford the best toys, so there has to be a solution.”

My two cents on a potential solution: don’t use discovery as a toy.

See the source image