How Technology is changing an Attorney’s Duties under the Pennsylvania Rules of Professional Conduct
Prior to the technology boom, attorneys could sit idly back and claim tech-ignorance. Since November 21, 2013, that is simply no longer the case. On November 21, 2013, the Pennsylvania Rules of Professional Conduct were amended to require that all attorneys keep apprised of changes in the law and its practice, including the benefits and risks associated with technology and their case.
The Pennsylvania Rules of Professional Conduct added amendments to Rule 1.1 “Competence” and Rule 1.6(d) “Confidentiality of Information.” Together, these amendments provide better safeguarding of client information across all modes of technology, from emails to social networking.
Rule 1.1 – Competence
The new amendment to Rule 1.1 of the Pennsylvania Rules of Professional Conduct appears in a Comment. The amendment to Rule 1.1 addresses an attorney’s obligation to be competent in the area of technology. The comment specifically states:
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
PA. Rules of Prof’l Conduct R. 1.6, cmt. 8 (new matter emphasized). Most Courts interpret this amendment as requiring all attorneys to at least possess an email address.
Rule 1.6 – Confidentiality of Client Information
This is the most sacred duty an attorney can owe to a client – safeguarding their information. The Pennsylvania Rules of Professional Conduct place strict limits on what information an attorney can reveal. Recently, with the explosion of social networking and blogging, the limits set forth in Rule 1.6 have to be imported into the involving world of technology. Rule 1.6 has to apply to social networking and blogging so attorneys do not reveal their client’s information electronically unless it specifically comports with Rule 1.6.
A new section was added to Rule 1.6 to ensure that client confidentiality applied to various technologies. Rule 1.6(d) states that “a lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client.” PA. Rules of Prof’l Conduct R. 1.6(d).
Comment 25 of new Rule 1.6(d) elaborates on the protections lawyers must consider. Comment 25 specifically states that:
Paragraph (d) requires a lawyer to act competently to safeguard information relating to the representation of a client against unauthorized access by third parties and against inadvertent or unauthorized disclosure by the lawyer or other persons who are participating in the representation of the client or who are subject to the lawyer’s supervision. See Rules 1.1, 5.1 and 5.3. The unauthorized access to, or the inadvertent or unauthorized disclosure of, information relating to the representation of a client does not constitute a violation of paragraph (d) if the lawyer has made reasonable efforts to prevent the access or disclosure. Factors to be considered in determining the reasonableness of the lawyer’s efforts include, but are not limited to, the sensitivity of the information, the likelihood of disclosure if additional safeguards are not employed, the cost of employing additional safeguards, the difficulty of implementing the safeguards, and the extent to which the safeguards adversely affect the lawyer’s ability to represent clients (e.g., by making a device or important piece of software excessively difficult to use). A client may require the lawyer to implement special security measures not required by this Rule or may give informed consent to forgo security measures that would otherwise be required by this Rule. Whether a lawyer may be required to take additional steps to safeguard a client’s information in order to comply with other law, such as state and federal laws that govern data privacy or that impose notification requirements upon the loss of, or unauthorized access to, electronic information, is beyond the scope of these Rules. For a lawyer’s duties when sharing information with nonlawyers outside the lawyer’s own firm, see Rule 5.3, Comments (3)—(4).
PA. Rules of Prof’l Conduct R. 1.6, cmt. 25 (new matter emphasized). The new amendments do not specify what types of technology are covered simply because technology is constantly evolving. However, the main purpose of these new amendments is to further safeguard client information. Attorneys can no longer claim technology ignorance when safeguarding client information. The new amendments specifically spell out an attorney’s duties when it comes to technology and client information.