Discovery, Technology, and Ethics by Jessica Tyndall

With the ubiquitous use of technology among clients and attorneys alike, lawyers face new and challenging ethics concerns. Gone are the days when attorneys could delegate computing and computer issues to staff and conduct conflicts checks by hand. There is now an expectation and, in many states, an ethical obligation to stay abreast of technology, to utilize technology to evaluate conflicts, to mine for data about adverse litigants and witnesses, and to communicate, carefully, with and about clients. A. Knowledge of Technology and Attorney Competence In 2012, the American Bar Association updated its Model Rules of Professional Conduct, particularly Rule 1.1 pertaining to attorney competence, to include references to a lawyer’s obligations to stay abreast of technology. The Rule continues to state, “A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.” Comment 8, however, now states, “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject. This Comment has been adopted in twenty- three states, including North Carolina.1 The practical impact of the comment is somewhat unclear, as there is little authority interpreting what being “abreast” of benefits and risks of technology entails. As an example, the California State Bar has provided the following guidance to its attorneys who are involved in litigation and electronic discovery: An attorney’s obligations under the ethical duty of competence evolve as new technologies develop and become integrated with the practice of law. Attorney competence related to litigation generally requires, among other things, and at a minimum, a basic understanding of, and facility with, issues relating to e-discovery, including the discovery of electronically stored information (“ESI”). On a case-by- case basis, the duty of competence may require a higher level of technical knowledge and ability, depending on the e-discovery issues involved in a matter, and the nature of the ESI. Competency may require even a highly experienced

1 http://www.lawsitesblog.com/2015/03/11-states-have-adopted-ethical-duty-of-technology-competence.html attorney to seek assistance in some litigation matters involving ESI. An attorney lacking the required competence for e-discovery issues has three options: (1) acquire sufficient learning and skill before performance is required; (2) associate with or consult technical consultants or competent counsel; or (3) decline the client representation. Lack of competence in e-discovery issues also may lead to an ethical violation of an attorney’s duty of confidentiality.2

In contrast, other authorities have cautioned against delegating too much to “technical consultants” and have likened doing so to permitting those non-attorney consultants to engage in the unauthorized practice of law. Consider the District of Columbia Bar’s Ethics Opinion 362, which notes that attorneys must make final staffing decisions and supervise electronic discovery vendors. The Opinion notes that “a lawyer who simply gives a group of documents and a discovery request to a discovery service vendor and asks the vendor to select and organize responsive documents, produce a privilege log, and prepare the response to the request,” is potentially putting an e-discovery vendor in the position of practicing law.3 Thus, the actual legal work must be performed by the attorneys retained by the client for the matter. The obligations created by the comment have also made their way into at least one court decision in which both a litigant and its attorney were sanctioned for discovery violations. After multiple discovery orders pertaining to the production of electronically stored information and the creation of a certain spreadsheet, the attorney offered the following explanation for his client’s failure to comply, “I have to confess to this Court, I am not computer literate. I have not found presence in the cybernetic revolution. I need a secretary to help me turn on the computer. This was out of my bailiwick.” The Court responded in its opinion, stating “Professed technological incompetence is not an excuse for discovery misconduct. Effective March 1, 2013, the Delaware Supreme Court amended Comment 8 to Rule 1.1 of the Delaware Lawyers' Rules of Professional Conduct, which addresses competence, to include maintaining technological competence.” James v. Nat'l Fin. LLC, 2014 Del. Ch. LEXIS 254, *34-36, 2014 WL 6845560 (Del. Ch. Dec. 5, 2014). The Court went on to strike part of the litigant’s defense and to award attorneys’ fees and costs against the litigant and its attorney. Id.

2 State Bar of California Formal Opinion 2015-193, available at http://ethics.calbar.ca.gov/Portals/9/documents/Opinions/CAL%202015-193%20%5B11-0004%5D%20(06-30- 15)%20-%20FINAL.pdf 3 https://www.dcbar.org/bar-resources/legal-ethics/opinions/opinion362.cfm All of this goes to show that in order for a lawyer to competently represent his or her client and to protect himself or herself against potential malpractice and/or ethical violations, the lawyer should devote some of his or her continuing education hours to gaining at least a working understanding of the technology available to him or her for the purpose of electronic discovery and other aspects of his or her practice. A lawyer should also spend a reasonable amount of time trying to understand with his or her client the client’s document management and retention technology, e-mail technology, and other technology relevant to the engagement. Attorneys can no longer depend on their staff to steer them through technology issues. Attorneys now have an ethical obligation to engage. B. Appropriate Client Communications Electronic communications with clients create potential problems both with maintaining client confidentiality at the attorney/law firm level and preventing the waiver of the attorney-client privilege. Electronic mail has been generally accepted as an ethical means of communications with clients since the mid-1990s. At that time, the technology was relatively new, and email encryption was not widely used. Due to the risk of interception, many states’ ethics authorities required attorneys to take “reasonable precautions” to prevent email interception and/or to obtain client consent to the use of email.4 The consent requirement became obsolete in 1999, when the ABA’s Standing Committee on Ethics concluded that the wide use of email technology made client consent no longer necessary, a conclusion that was adopted by most states.5 The more recent iterations of the Model Rules of Professional Conduct, however, have once again put the onus back on attorneys to ensure that their emails with their clients are properly safeguarded. As described above, Comment 8 to Rule 1.1 mandates that an attorney stay “abreast of technology.” Comment 18 to Rule 1.6, which relates to the confidentiality of communications, advises that a lawyer must “act competently” to prevent the disclosure of “information relating to the representation of a client.” Whether an attorney acts “reasonably” depends upon “the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use).”

4 http://www.lawtechnologytoday.org/2014/11/problem-email-ethics-confidentiality/ 5 http://shop.americanbar.org/eBus/Store/ProductDetails.aspx?productId=219976 Finally, according to Comment 19 to Rule 1.6, a lawyer does not have to use “security measures if the method of communication affords a reasonable expectation of privacy.6” Accordingly, at a minimum, attorneys should take great care in ensuring that their email communications are properly addressed, even turning off, if necessary, features that automatically complete email addresses when known contacts are the recipients. Attorneys should consider a delayed-send feature so that inadvertently sent emails can be retracted before the reach the wrong recipients. Attorneys should take care not to carbon copy unnecessary or non-client parties in email communications, and clients should do the same. Further, attorneys should consider encryption services, which are widely available and in some cases built into email applications. C. Protecting Confidentiality and Preventing Privilege Waivers A particularly concerning issue – beyond simply misaddressing email or email being hacked – is the issue of corresponding with a client who is using an email server or account that is regularly or routinely accessed by third-parties. In 2011, the ABA recognized this problem, particularly in the context of employees utilizing work email to communicate with counsel, and issued Formal Ethics Opinion 11-259. The opinion advised: A lawyer sending or receiving substantive communications with a client via e-mail or other electronic means ordinarily must warn the client about the risk of sending or receiving electronic communications using a computer or other device, or e-mail account, where there is a significant risk that a third party may gain access. In the context of representing an employee, this obligation arises, at the very least, when the lawyer knows or reasonably should know that the client is likely to send or receive substantive client-lawyer communications via e-mail or other electronic means, using a business device or system under circumstances where there is a significant risk that the communications will be read by the employer or another third party.7

The opinion noted that many employers reserve the right to monitor and review employee email, thus obviating the expectation of privacy described in the Comments to Rule 1.6. The Opinion concluded that lawyers working with employee-clients should “instruct the employee-client to avoid using a workplace device or system for sensitive or substantive communications, and perhaps for any attorney-client communications, because even seemingly ministerial communications involving matters such as scheduling can have substantive ramifications.”

6http://www.americanbar.org/groups/professional_responsibility/publications/model_rules_of_professional_conduct /rule_1_6_confidentiality_of_information/comment_on_rule_1_6.html 7 http://www.americanbar.org/content/dam/aba/publications/YourABA/11_459.authcheckdam.pdf On the opposite side of this conundrum is the employer or defendant being sued by the employee-client. Attorneys representing those clients will also be faced with ethical dilemmas when gathering the employer-defendant client’s email for litigation or document production “harvests” emails that the employee-client and his or her attorney might have thought were adequately protected. On this, the ABA has concluded: When an employer’s lawyer receives copies of an employee’s private communications with counsel, which the employer located in the employee’s business e-mail file or on the employee’s workplace computer or other device, neither Rule 4.4(b) nor any other Rule requires the employer’s lawyer to notify opposing counsel of the receipt of the communications. However, court decisions, civil procedure rules, or other law may impose such a notification duty, which a lawyer may then be subject to discipline for violating. If the law governing potential disclosure is unclear, Rule 1.6(b)(6) allows the employer’s lawyer to disclose that the employer has retrieved the employee’s attorney-client e-mail communications to the extent the lawyer reasonably believes it is necessary to do so to comply with the relevant law. If no law can reasonably be read as establishing a notification obligation, however, then the decision whether to give notice must be made by the employer-client, and the employer’s lawyer must explain the implications of disclosure, and the available alternatives, as necessary to enable the employer to make an informed decision.8

In other words, in the ABA’s opinion, an attorney who comes into possession of potentially privileged emails between his adversary and his adversary’s attorney through a document production by his client has no ethical obligation to disclose his possession of those emails to the other side. Further, unless “relevant law” compels disclosure the question of whether to disclose may have to be left to the employer/litigant client. Attorneys should take care, though, as some states, including North Carolina, advise attorneys differently. North Carolina’s ethics opinion on this issue states:

The attorney-client privilege is fundamental to the client-lawyer relationship and the trust that underpins that relationship. As such, the bar must protect the privilege and seek to limit incursions upon the privilege that are not warranted by law.

Case law from many jurisdictions, including North Carolina, indicates that whether the privilege applies to email exchanges between an employee and his lawyer that occurred over an employer’s email system depends upon whether the employee had a reasonable expectation of privacy in the email communications. This in turn requires an investigation into a myriad of factors, including whether the employer

8 http://www.americanbar.org/content/dam/aba/publications/YourABA/11_460.authcheckdam.pdf has a clear, unambiguous policy regarding email usage and monitoring; whether that policy is effectively communicated to employees; whether the policy is adhered to by the employer; whether third parties have access to the employee’s email account on the employer’s system; when/where the communication occurred (at home or the office; during work or leisure hours); and whether the employee took affirmative steps to preserve the privacy of the communication.

***

Therefore, whether Attorney A may read the email messages recovered by Employer will depend upon an analysis of the case law and the factors set forth therein to determine whether Employee had a reasonable expectation of privacy or, lacking that, waived the privilege when communicating with his lawyer using Employer’s email system. If Attorney A is able to conclude, confidently and in good faith, that the privilege was waived, he may read the emails and use them to represent his client. However, in deference to the bar’s interest in protecting the attorney-client privilege, Attorney A should err on the side of recognizing the privilege whenever an analysis of the facts and case law is inconclusive. If a matter is in litigation, Attorney A may seek the court’s determination of the waiver issue.9

Thus, some states are likely to “err” on the side of upholding the privileged nature of attorney- client communications, despite a litigant knowing of the risk of his or her email lurking on his or her company’s server. D. Conflicts of Interest One area in which the use of technology has been prevalent for some time is the use of computerized conflicts checks. The ABA suggests that twenty pieces of information per client are necessary for a truly thorough check, but at a minimum, the information must include: (1) the full name of current clients; (2) the names of adverse persons, and (3) a summary of the representation.10 Of course, conflicts checks are only as good as the data entered into the software (or – if on paper – maintained in the rolodex). It is, therefore, of basic importance to ensure that names are spelled correctly and that correct information about how a party or witness is related to the representation, if that information is considered, is noted. Information pertaining to conflicts should be kept on file by a law firm or lawsuit for at least six years, though, in some cases, it would be prudent to maintain the information for a longer period of time.11 While a non-lawyer can run

9 2012 Formal Ethics Opinion 5, available at https://www.ncbar.gov/for-lawyers/ethics/adopted-opinions/2012- formal-ethics-opinion-5/ 10http://www.americanbar.org/groups/professional_responsibility/services/ethicssearch/ethicstipsofthemonthdecemb er2013.html 11 North Carolina State Bar, 2009 Formal Ethics Opinion No. 9, available at the conflicts check software (or review the paper files), it is up to any attorney to conduct the conflicts analysis. The main rules governing conflicts are Model Rules of Professional Conduct 1.7 and 1.9. Rule 1.8 also pertains to conflicts, but governs specific situations that do not generally arise in the regular course of undertaking a new representation or engagement. The text of Rule 1.7 states: (a) Except as provided in paragraph (b), a lawyer shall not represent a client if the representation involves a concurrent conflict of interest. A concurrent conflict of interest exists if:

(1) the representation of one client will be directly adverse to another client; or

(2) there is a significant risk that the representation of one or more clients will be materially limited by the lawyer's responsibilities to another client, a former client or a third person or by a personal interest of the lawyer.

(b) Notwithstanding the existence of a concurrent conflict of interest under paragraph (a), a lawyer may represent a client if:

(1) the lawyer reasonably believes that the lawyer will be able to provide competent and diligent representation to each affected client;

(2) the representation is not prohibited by law;

(3) the representation does not involve the assertion of a claim by one client against another client represented by the lawyer in the same litigation or other proceeding before a tribunal; and

(4) each affected client gives informed consent, confirmed in writing

Thus, according to Rule 1.7, taking on the representation of a client that is adverse to a current client is not automatically verboten. Such a scenario could arise in the contexts of large law firms with a large institutional client with varying interests. An attorney not regularly engaged in the representation of that client could have a reasonable belief that taking on an adverse representation in an area of law for which the firm does not service the institutional client would be neither detrimental to the current client nor the prospective client. That reasonable belief would then prompt a request for a conflict waiver, but it is ultimately up to the attorney to decide whether asking for such a waiver is the right thing to do from a business perspective. Navigating Rule 1.9 can be more difficult, as it deals with undertaking representations adverse to past clients. The text of the Rule states: (a) A lawyer who has formerly represented a client in a matter shall not thereafter represent another person in the same or a substantially related matter in which that person's interests are materially adverse to the interests of the former client unless the former client gives informed consent, confirmed in writing.

(b) A lawyer shall not knowingly represent a person in the same or a substantially related matter in which a firm with which the lawyer formerly was associated had previously represented a client

(1) whose interests are materially adverse to that person; and

(2) about whom the lawyer had acquired information protected by Rules 1.6 and 1.9(c) that is material to the matter; unless the former client gives informed consent, confirmed in writing.

(c) A lawyer who has formerly represented a client in a matter or whose present or former firm has formerly represented a client in a matter shall not thereafter:

(1) use information relating to the representation to the disadvantage of the former client except as these Rules would permit or require with respect to a client, or when the information has become generally known; or

(2) reveal information relating to the representation except as these Rules would permit or require with respect to a client.

Possibly the hardest call to make is whether a past representation is “substantially related” to the new prospective representation. Comment 3 to the Rule provides substantial guidance on that issue. It provides that matters are “substantially related” if the involve the same transaction or legal dispute or if there is a substantial risk that confidential factual information derived from the representation of the former client would materially advance the interests of the prospective client in the current matter. It further provides that: Information that has been disclosed to the public or to other parties adverse to the former client ordinarily will not be disqualifying. Information acquired in a prior representation may have been rendered obsolete by the passage of time, a circumstance that may be relevant in determining whether two representations are substantially related. In the case of an organizational client, general knowledge of the client’s policies and practices ordinarily will not preclude a subsequent representation; on the other hand, knowledge of specific facts gained in a prior representation that are relevant to the matter in question ordinarily will preclude such a representation.

Thus, a lawyer evaluating a potential conflict with a past client must evaluate whether the information he or she learned in the past representation is truly confidential (ie. it has not been disclosed to the public or third parties) and whether it is still timely such that there would be a material benefit to the new prospective client. If the answers to those two questions are “yes,” then the attorney must decline the representation or pursue a waiver. E. Social Media Pitfalls Rounding out the discussion of technical competence and ethics is the consideration of social media, both in terms of the attorney’s social media presence and the client’s. Lawyers maintaining social media profiles must think of those profiles, in part, as legal advertising and must not the Model Rules (or their state’s professional conduct rules) on False or Misleading Statements. As an example, attorneys should be careful about holding themselves out as specialists or experts, even if the website used automatically utilizes the term “specialist” or “expert.” Some states also require disclosures regarding legal advertising be added to social media profiles and posts, including Twitter posts.12 Lawyers must also be careful about making prohibited solicitations. Consider the scenario of learning of someone’s legal problem on Facebook. If that person is not a close contact and is also a non-lawyer, sending that person a private message offering to help may very well rise to the level of a prohibited solicitation. Likewise, utilizing LinkedIn and Facebook’s options to “link” with or “friend” everyone in the attorney’s contacts could lead to undesired contact with non- lawyer, including potentially adverse parties, court personnel, and jurors. It is worth noting here that some jurisdictions frown upon “friending” a judge while others permit judges and attorneys to become “friends” on social media on a case-by-case basis so long as both individuals conclude there is no risk of improper conduct or the appearance of improper conduct.13 Lawyers can also find themselves with ethics problems if they post a status of comments about their client’s matter, including “checking in” at a particular location. Though lawyers have a right to free speech and to “blog” as much as non-lawyers, posting specific information about clients can lead to disciplinary action. Consider In re Skinner, 740 S.E.2d 171 (Ga. 2013), where

12 http://www.nysba.org/workarea/DownloadAsset.aspx?id=47547 13 http://www.americanbar.org/content/dam/aba/administrative/professional_responsibility/formal_opinion_462.authch eckdam.pdf a Georgia attorney was forced to account for information she posted on the internet after a client fired her and gave her a scathing online review. Similarly, the Illinois Supreme Court suspended an attorney from practice for sixty days where the attorney blogged about his clients and implied that one person might have committed perjury. In re Peshek, M.R. 23794 (Ill. May 18, 2010). Thus in posting information on social media, attorneys should consider whether the information they are posting is client-specific or identifiable, whether the information is publicly available, and whether the post is truly necessary. Turning now to ethics considerations involving social media and clients, every savvy litigator knows to “google” their opponents, witnesses, and their clients. In discharging the duty of technical competence, an attorney should advise clients to be careful about what they post on social media, and it is acceptable to advise a client to set his or her social media profiles to the most private settings. It is not acceptable, however, to advise a client to take down information and posts that were on social media simply because a lawsuit has been filed. Instead, such items should be preserved in line with the guidance on spoliation of evidence.14 F. Conclusion The presence of technology in the practice of law will continue to increase over time and has now become engrained in to both the Rules of Civil Procedure and the Rules of Professional Conduct. Technology helps the practice of law speed up and become more efficient, but to avoid ethical pitfalls, attorneys should take their time and focus on the ethical principals that have guided the profession since its inception.

14 See e.g. 2014 Formal Ethics Opinion 8, available at https://www.ncbar.gov/for-lawyers/ethics/adopted- opinions/2014-formal-ethics-opinion-8/?opinionSearchTerm=