Bench & Bar – September 2008
Del O’Roark, Loss Prevention Consultant, Lawyers Mutual Insurance Company of Kentucky
Introduction
The purpose of this two-part article is to provide you with a report on the effect the Internet is having on lawyer ethics and malpractice risk management. Part I covered:
- E-Mail Confidentiality
- E-Mail Metadata
- E-Mail Disclaimers
- Uninvited E-Mail
- Computer Assisted Legal Research (CALR)
- Google Research
- Internet Court Case Management Systems
Part I appeared in the May 2008 issue of the Bench & Bar (Vol.72 No. 3, page 29). It is available on Lawyers Mutual’s Website at lmick.com on the Risk Management page/Bench & Bar Articles. If you have not read it, you may want to glance at it before reading this article.
Part II completes this survey of selected Internet issues with a review of:
- Lawyer Websites
- Blogs, Chat Rooms, and Bulletin Boards
- Internet Lawyer Referral Services
- Duty to Protect Client Electronic Documents from Internet Attacks
Websites, Blogs, Chat Rooms And Bulletin Boards
Many, if not most, law firms now have a website. Firms and individual lawyers have blogs and participate on Internet blogs, chat rooms and bulletin boards. Using these Internet features raise the following ethics and malpractice considerations:
- How do the lawyer advertising and solicitation ethics rules apply to websites, blogs, and chat room and bulletin board participation?
- What is the risk of inadvertently establishing an attorney-client relationship over the Internet?
- What potential client confidentiality duties can arise from Internet contacts?
- What is the risk of receiving too much information over the Internet creating a disqualifying conflict of interest with an existing or prospective client?
Advertising And Solicitation Rules
The KBA Ethics Committee in KBA E-403 (1998) adopted the following language from an Illinois Bar ethics opinion that addresses when advertising and solicitation rules apply to Internet communications:
The Committee believes that the existing Rules of Professional Conduct governing advertising, solicitation and communication concerning a lawyer’s services provide adequate and appropriate guidance to a lawyer using the Internet. For example, the Committee views an Internet home page as the electronic equivalent of a telephone directory “yellow pages” entry and other material included in the web site to be the functional equivalent of the firm brochures and similar materials that lawyers commonly prepare for clients and prospective clients. An Internet user who has gained access to a lawyer’s home page, like a yellow pages user, has chosen to view the lawyer’s message from all the messages available in that medium. Under these circumstances, such materials are not a “communication directed to a specific recipient” that would implicate Rule 7.31 and its provisions governing direct contact with prospective clients. Thus, with respect to a web site, Rule 7.1,2 prohibiting false or misleading statements concerning a lawyer’s services, and Rule 7.2,3 regulating advertising in the public media, are sufficient to guide lawyers and to protect the public.
On the other hand, lawyer participation in an electronic bulletin board, chat group, or similar service, may implicate Rule 7.3, which governs solicitation, the direct contact with prospective clients. The Committee does not believe that merely posting general comments on a bulletin board or chat group should be considered solicitation. However, if a lawyer seeks to initiate an unrequested contact with a specific person or group as a result of participation in a bulletin board or chat group, then the lawyer would be subject to the requirements of Rule 7.3. For example, if the lawyer sends unrequested electronic messages (including messages in response to inquiries posted in chat groups) to a targeted person or group, the messages should be plainly identified as advertising material.
The KBA Ethics Committee further considered the Internet and advertising and solicitation rules in KBA E-427 (2007). The question was what kind of web addresses – domain name – may lawyers use. The Committee gave a qualified ‘yes’ to the question: May a lawyer or law firm use a domain name that does not identify the lawyer or firm, but links to a web-site that clearly identifies the sponsoring lawyer or firm?
The Committee has concluded that it is not inherently unethical for a lawyer or a lawyer firm to adopt a domain name, unrelated to the name of the lawyer or the law firm, if the following conditions are met:
- The domain name complies with RPC 7.15; it is not false, deceptive or misleading.
- The website to which the domain name connects prominently identifies the name of the firm or the lawyers involved. The domain name cannot be used as a substitute identity for the lawyer or the firm.
- The domain name does not imply that the lawyer is a specialist, except as permitted by Rule 7.40. (footnote omitted)
KBA E-427 is well written and reasoned. It is recommended reading.
Website Contacts: Unintended Formation Of Attorney-Client Relationships And Creation Of Confidentialty Duties And Conflicts Of Interest
The risk of inadvertently establishing attorney-client relationships, owing potential clients confidentiality, and backing into conflicts of interest resulting from a person contacting a lawyer’s website is considerable. I covered these issues in detail in my article “Lawyer Website Disclaimers – Fact or Fiction?” (Bench & Bar Vol. 70, No. 1, Jan. 2006; available on Lawyers Mutual’s website at www.lmick.com — go to the Risk Management/Bench & Bar page). It covers use of disclaimers to avoid these risks, includes the “Best Practice Guidelines for Legal Information Web Site Providers” developed by the E-Lawyering Task Force and the ABA, and the following website risk management guidelines:
- Prepare and keep on file a written firm policy on the purpose of the website, what it is supposed to do, and what it is not intended to do. Include detailed guidance on specific features of the site and how they are to function. Specifically, how legal advice, if any, is to be provided through the website. This guidance should include how information is to be displayed that avoids misleading site visitors into believing they are getting legal advice for their matter; how terms and conditions and disclaimers are prominently featured to assure that site visitors assent to them; and how prospective client e-mail is managed to avoid issues of attorney-client relationships, confidentiality, and failure to respond to an e-mail.
- Keep a complete paper and disk copy of each iteration of the website for at least five years. Be sure it reflects how site visitors manifest assent to terms and conditions and disclaimers. Use “click wraps” or “click throughs” that require a site visitor to click on a disclaimer to show affirmatively the visitor’s assent before accessing the website and before information can be sent to the firm. Be sure that the site visitor cannot finesse the click wrap procedure. Click wraps may be appropriate for several of the website pages.
- Use plain English in drafting disclaimers – think in terms of the least sophisticated site visitor. Do not assume that terms such as “attorney-client relationship” or “confidential,” that have specific meaning for lawyers, are understood by site visitors.
- Be sure that disclaimers are prominently displayed on the home page. While it may be undesirable to pepper the disclaimer notice on every page of the website, that is the percentage way to go. Rulings that have not accepted disclaimers as effective often note their brevity or inconspicuous display on a website. Use click wraps liberally.
- Use letters of non-engagement in response to prospective client e-mails when the firm declines representation. Respond to all e-mails – do not leave a site visitor dangling. Advise site visitors not to consider that their e-mail was received until they receive a confirming e-mail from the lawyer. Save e-mails to disk just as you would file written correspondence from and to potential clients. It is hard to defend against a claim without some record of what occurred.
- Design prospective client information intake procedures so that only the minimum information necessary to perform a conflict of interest check is initially received. Use a click wrap to warn site visitors about sending too much information initially and to protect the firm from a conflict of interest issue if the site visitor does not comply.
- In managing information received from prospective client site visitors, consider the teaching point of Barton4 that a website disclaimer of confidentiality can lead to problems of waiver of the lawyer-client privilege and client confidentiality if the prospective client’s matter is accepted by the firm. Conversely, accepting the information as confidential may lead to a conflict of interest issue if the prospective client is declined. Professor David Hricik offers this disclaimer language as one way of dealing with this issue:
“By clicking ‘accept’ you agree that our review of the information contained in the e-mail and any attachments will not preclude any lawyer in our firm from representing a party in any matter where that information is relevant, even if highly confidential, and could be used against you, unless that lawyer had actual knowledge of the content of the e-mail. We will otherwise maintain the confidentiality of your information.”5
Hricik points out that this disclaimer is a fair balance between a prospective client’s interest and the firm’s by not disqualifying the entire firm. It should work in Kentucky because screening lawyers to prevent imputed disqualifications is permitted by Kentucky Rule of Professional Conduct 1.10, Imputed Disqualifications. To be absolutely sure call the KBA Ethics Hotline.6
- Recognize that a website can be visited from anywhere in the world. Complying with the advertising and unauthorized practice rules of every jurisdiction is impossible. Website disclaimers should clearly indicate that the lawyer is seeking site visitors only in certain jurisdictions and that the website is inoperative in any jurisdiction that has rules different from those of the lawyer’s jurisdiction. Another way to accomplish this is to accept e-mails only from persons residing in specified zip codes in named jurisdictions.7 Admittedly, this is flimsy, but it is the best fix available at this stage of development of Internet ethics.
- Links to other websites require disclaimers of responsibility for their content and currency. Links require routine maintenance to assure that they are still operative and relevant.
- The website should not contain links that serve as referrals to other lawyers that a site visitor can unilaterally choose other than bar referral services. Referral to another lawyer is a malpractice risk and should be done only after sufficient information is received to competently evaluate the site visitor’s matter – preferably by telephone or an in-office consultation.
Blogs, Chat Rooms, And Bulletin Boards
The nature of Internet chat rooms and bulletin boards are self-explanatory and are covered in KBA E-403 (see above). A blog is a website that anyone including lawyers and law firms may have to put on it just about anything – personal thoughts, legal information, political views, etc. The key risk management considerations for lawyers in using any of these Internet media is that they are interactive with the public and can be construed as advertising or solicitation as well as creating expectations of confidentiality and representation by correspondents. This invokes all the risk management considerations discussed above plus one.
Individual law firm members including lawyers and non-lawyers may have personal blogs outside the firm’s practice and privately participate on interactive blogs. There is nothing risky about this as long as firm business is not discussed and interactive contacts are not made that expose the firm to bad publicity, ethics violations, and malpractice claims.
What is currently causing problems for firms are the so-called gossip blogs such as Above the Law and Greedy Associates.8 Leigh Jones in her article “Gossip blogs bedevil law firms”9 reports that there are several blogs that “dig up the legal profession’s dirt.” Postings include firm bonuses, firings, retaliatory discharge allegations, and sexual harassment allegations. Jones points out that while it is permissible to prohibit media contact about a firm’s internal operations as a condition of employment, few firms have such agreements. Jones attributes this to the generation gap between partners and associates.
In response to the gossip blog problem some firms now routinely monitor the legal gossip blogs. Jones writes that in addition to blog monitoring, firms are directing lawyers not to submit firm information to gossip blogs and are applying blocking software to firm computer systems that do not allow forwarding or printing of internal e-mail.
A current consideration for use of blogs by Kentucky lawyers is a proposed change to Kentucky’s lawyer advertising rule, SCR 3.130 (7.02), Definitions. The change would except blogs that conform to the following limitation from the advertising rules:
(1) (j) Information and communication by a lawyer to members of the public in the format of web log journals on the internet that permit real time communication and exchanges on topics of general interest in legal issues, provided there is no reference to an offer by the lawyer to render legal services.
The explanation for the recommended change is: “The list of exceptions is merely expanded to include web log journals (commonly referred to as blogs and blawgs) maintained by attorneys, as long as they do not make offers regarding legal services.”
This change, if approved, would seemingly make the ethical issues of lawyer blogs clearer. Perhaps so, but there are two considerations when blogging to keep in mind. First, the fact that conduct is ethical is not a defense to a malpractice claim. If blog activity leads to a claim of malpractice by a disgruntled correspondent, even if frivolous, it must be defended and that can be costly. Second, there is a view that lawyer blogs are inherently a form of advertising.10 A survey of several law firm blogs revealed that many of them provided information that easily could be viewed as seeking new clients from readers. For example, many lawyer blogs have links to firms, include firm news that is laudatory, and list practice areas of the lawyer blogger.11 The proposed change to Kentucky’s advertising rules removes the concern that blogs are inherently advertising, but it is not going to be that simple to avoid bad publicity and professional conduct and malpractice risks when firm members go blogging.
Internet Lawyer Referral Services
Before discussing the Internet implications of lawyer referral services, I offer this update on the status of the professional conduct rules that apply to these services. Comment [4] to Kentucky Rule of Professional Conduct 7.20, Advertising, provides this guidance on when a lawyer may pay others for referring clients:
A lawyer is allowed to pay for advertising permitted by this Rule, but otherwise is not permitted to pay another person for channeling professional work. This restriction does not prevent an organization or person other than the lawyer from advertising or recommending the lawyer’s services. Thus, a legal aid agency or prepaid legal services plan may pay to advertise legal services provided under its auspices. Likewise, a lawyer may participate in not-for-profit lawyer referral programs and pay the usual fees charged by such programs.12
The KBA Advertising Commission has recommended to the Supreme Court the following addition regarding referral services (underlined) to Rule 7.20, paragraph 2:
A lawyer shall not give anything of value to a non-lawyer for recommending the lawyer’s services, except that a lawyer may:
(c) pay the usual charges of a not-for-profit or qualified lawyer referral service that has been approved by the highest court in the jurisdiction where the service operates an agency designated by that court or by the Kentucky Bar Association
While some authorities argue that Internet lawyer referral services require special ethics rules, Kentucky’s rules are not hard to apply to an Internet traditional lawyer referral service program. If the Commission’s recommended changes to the advertising rules on referral services are approved by the Supreme Court (which is considered likely), we will have all the guidance needed to ethically use traditional lawyer referral services on the Internet.
The problem with some Internet referral services, however is that they are not traditional referral services.13 Some online services do not refer the prospective client to the next lawyer in line on the list. Others seem to merge blogging with referral activities. One example is LegalMatch. It is an online lawyer-client matching service. “A customer enters information about his or her legal issue on LegalMatch’s website, and the company searches its database of attorneys in the client’s geographical area who specialize in that practice. It then provides the customer with a list of possible attorneys, their biographies, and their consumer rating (footnotes omitted).”14
I understand that the KBA Ethics Committee is considering questions concerning novel Internet referral services and should issue an opinion in the near future – perhaps before this article is published. For that reason, rather than speculate on guidance for using novel referral services, I suggest we all consult that opinion for answers when it is issued. Editor’s Note: This new opinion, KBA E-429, appears on pages 52-55 of this issue.
Duty To Protect Client Electroinc Files From Internet Attacks
As use of the Internet has dramatically expanded in the delivery of legal services, the risk of theft and destruction of firm electronic files has equally increased. Firm computers connected to the Internet allow access to them from the public creating the risk of hackers breaking into electronic files and the destruction of them by a virus attack. Access to electronic files by firm employees from locations remote from the firm office further increase the risk of a breach of electronic file security.
It is axiomatic that lawyers owe clients a duty to protect and keep confidential electronic records as much as any other part of a client’s file. Negligent failure to do so risks claims of ethics violations and malpractice. The question, thus, becomes what should a competent lawyer do to protect electronic files.
One method is to have two computer systems in the office – one for Internet connections with no access to electronic files and the other for internal office use with full access to electronic files. This really works, but is expensive and cumbersome. An Arizona lawyer facing this dilemma asked the Arizona State Bar Ethics Committee for guidance resulting in a well reasoned opinion. I am unaware of any Kentucky authority on point and, therefore, offer the following extracts from the Arizona opinion for your evaluation.
Question Presented
How do we protect the confidentiality and integrity of client information while continuing to increase reliance on [the] internet for research, filings, communication, and storage of documents? A panoply of electronic and other measures are available to assist an attorney in maintaining client confidences. “Firewalls” - electronic devices and programs which prevent unauthorized entry into a computer system from outside that system - are readily available. Recent upgrades in Microsoft operating systems incorporate such software systems automatically. A host of companies, including Microsoft, Symantec, McAfee and many others, provide security software that helps prevent both destructive intrusions (such as viruses and “worms”) and the more malicious intrusions which allow outsiders access to computer files (sometimes call “adware” or “spyware”).
Software systems are also readily available to protect individual electronic files. Passwords can be added to files which prevent viewing of such files unless a password is first known and entered. The files themselves can also be encrypted so that, even if the password protection is compromised, the file cannot be read without knowing the encryption key — something that is extremely difficult to break.
It is not surprising that few lawyers have the training or experience required to act competently with regard to computer security. Such competence is, however, readily available. Much information can be obtained through the internet by an attorney with sufficient time and energy to research and understand these systems. Alternatively, experts are readily available to assist an attorney in setting up the firm’s computer systems to protect against theft of information and inadvertent disclosure of client confidences.
The Inquiring Attorney also expressed concern that allowing access to client files on computers which are also used to access the internet can lead to the malicious destruction of those files. The threat of such destructive viruses is well known.
As with the inadvertent disclosure analysis above [the ethics rules] require the lawyer to act competently in assuring that electronic information transmitted to the attorney is not lost or destroyed. Much of the security software and hardware discussed above provides protection against such destructive intrusions. Moreover, it is common practice to routinely back-up computer files. In that way, even if a computer system is entirely disabled through malicious attack, nearly all data can be retrieved from back-up files. Easy to use and inexpensive systems are available to make this kind of back-up an automatic process.
Conclusion
[The ethics rules] require that an attorney act competently to safeguard client information and confidences. It is not unethical to store such electronic information on computer systems whether or not those same systems are used to connect to the internet. However, to comply with these ethical rules as they relate to the client’s electronic files or communications, an attorney or law firm is obligated to take competent and reasonable steps to assure that the client’s confidences are not disclosed to third parties through theft or inadvertence. In addition, an attorney or law firm is obligated to take reasonable and competent steps to assure that the client’s electronic information is not lost or destroyed. In order to do that, an attorney must either have the competence to evaluate the nature of the potential threat to the client’s electronic files and to evaluate and deploy appropriate computer hardware and software to accomplish that end, or if the attorney lacks or cannot reasonably obtain that competence, to retain an expert consultant who does have such competence.15
This opinion is available on the Arizona State Bar Association’s website. It is well worth reading in its entirety. John Comford’s article Competent Computing: A Lawyer’s Ethical Duty To Safeguard the Confidentiality and Integrity of Client Information Stored on Computers and Computer Networks (19 Geo. J. Legal Ethics 629 (2006)) is a more detailed analysis of this issue with emphasis on the insider threat to firm computer security. The author points out that it is essential that those with access to confidential electronic files be given guidance on system security requirements and that there is an enforcement mechanism to assure compliance.
Have you ever checked under computer keyboards at the office to see how many members of the firm keep passwords on a piece of paper under them? It could prove to be an interesting experiment.
Summing Up
Anytime you get on the Internet for whatever purpose you must be mindful of the advertising and solicitation rules. It is imperative that you manage the risks of inadvertently establishing attorney-client relationships, creating confidentiality duties, involving yourself in a conflict of interest, or causing a claim that you were somehow negligent in providing what was taken to be legal advice. Persons coming to you via a lawyer Internet referral service may have unreasonable expectations at the inception of an Internet contact of what your duties are. Your website and e-mail address should have appropriate disclaimers and click wraps that require agreement to limitations on any obligation you have by reading an e-mail. Written office procedures should be provided to all firm members on Internet and computer use. These procedures should make it clear to all members of the firm that firm business is not to be discussed on a personal or any other blog and that they should avoid any blog activity that could be construed as firm advertising, solicitation, or promises of confidentiality. Finally, you must take steps to protect the firm computer system from hackers by establishing effective firewalls.
Endnotes
- Kentucky’s current solicitation rule is SCR 3.130(7.09).
- Kentucky’s current communications concerning a lawyer’s services rule is SCR 3.130(7.15).
- Kentucky’s current advertising rule is SCR 3.130(7.20).
- Barton v. United States District Court, 9th Cir. Ct. App. No. 05-71086 (June 9, 2005).
- David Hricik, Mercer University School of Law, “Whoops! I Did It Again! What Britney Spears Can Teach Us About the Ethical Issues Arising From the Intentional Transmission of Confidences From Prospective Clients to Firms,” E-Ethics Vol. III, No. I (May 2004). Available at www.hricik.com (last viewed 7/7/2008).
- SCR 3.530(2).
- D.C. Legal Ethics Committee Opinion 302 (11/21/2000).
- Last viewed on 7/7/2008.
- Leigh Jones, Gossip blogs bedevil law firms, The National law Journal, June 2, 2008, Vol. 30. No. 38, p 1.
- Sarah Hale, Lawyers at the Keyboard: Is Blogging Advertising and if So, How Should It be Regulated?, 20 Geo. J. Legal. Ethics 669 (2007).
- Id. at p. 671.
- See KBA E-428, 6/19/2007.
- See, Geeta Kharkar, Googling for Help: Lawyer Referral Services and the Internet, 20 Geo. J. Legal Ethics 769 (2007).
- Id. at 775.
- Arizona State Bar Ethics Committee Opinion No. 05-04.