A Duty to Be Technologically Competent: Coming Soon to a Professional Code of Conduct Near You?
When I suggested ten years ago that email would become the principal means by which clients and lawyers would communicate, many people suggested I was dangerous, that I was possibly insane, that I should not be allowed to speak in public, and that I certainly did not understand anything about security or confidentiality but [email] technology and many other emerging technologies have now firmly taken hold.
So much has changed in a relatively short period of time when it comes to our use of technology in delivering legal services. As noted by Richard Susskind above, the use of email by lawyers, once seen as controversial, is now ubiquitous. The question is no longer whether we will use technology to serve clients but whether we will use it effectively. And, so far, we do not seem to be doing very well on this front.
Take, for example, a simple and widespread technology such as email. Canadian law societies and professional indemnity insurers now regularly take to the internet to warn lawyers about colleagues who have unsuspectingly clicked on a malicious email attachment or website link and have, consequently, had their files locked by ransomware with an accompanying demand for payment in order for the files to be released. Indeed, lawyers are such notorious targets (or, less charitably, dupes) for such schemes that ransomware got its very own plot line in TV lawyer drama The Good Wife.
In addition to such malicious risks, there are legitimate worries about negligent use of email by lawyers. How many lawyers, for example, guard client confidentiality by using proper encryption and protecting privileged metadata from disclosure? How many lawyers even know what “encryption” and “metadata” are? When appropriate safeguards are not in place, clients’ confidential data risks being inadvertently disclosed with potentially enormous consequences for them and for the reputation of the firm.
Many more examples could be given regarding poor use of technology by lawyers and the increased risks that this poses to clients. There is also a whole other set of questions about how emerging technological tools, like legal analytics, relate to lawyers’ ethical obligations to provide competent and efficient legal services. What tools must a lawyer avail himself or herself of in order to provide the appropriate quality of service at a fair and reasonable price?
If not using technologically effectively is a problem, what is the solution? As I and others have previously written on Slaw, a good first step would be for Canadian law societies to include an ethical duty to use technology competently in their professional codes of conduct. Such a duty now is recognized in 27 American states, following 2012 amendments to this effect in the American Bar Association’s Model Rules of Professional Conduct.
Here, the Federation of Law Societies of Canada is now consulting on a change to its Model Code which would see the commentary to the general rule on lawyer competence amended to add the following statement:
[5A] To maintain the required level of competence, a lawyer should develop and maintain a facility with technology relevant to the nature and area of the lawyer’s practice and responsibilities. A lawyer should understand the benefits and risks associated with relevant technology, recognizing the lawyer’s duty to protect confidential information set out in section 3.3.
The Federation should be commended for advancing this proposed rule change. Hopefully, those interested in the subject will take up the Federation’s call for feedback (deadline May 30, 2017).
To be sure, there are limits to what a rule change in this area can and should do. This isn’t an area, like communication or fees, which is likely to attract a large amount of client complaints and thus, significantly initiate the disciplinary arm of Canadian law societies. Nor would it be productive or popular for law societies to proactively embark on an aggressive campaign to discipline lawyers for poor technological practices, like, for example, using weak passwords.
The primary value in a rule change is not to generate more opportunities for discipline, but, rather, to signal the importance of this issue to the profession. In order to be maximally effective, this signal needs to be accompanied by increased resources and opportunities that would permit lawyers to gain the technological competence they need for their specific practices.
Some possible mechanisms for this could be developing more practice resources in this area (some good resources already exist but more would be better), mandating technology CPD hours or courses (similar to what was approved in Florida in 2016), expanding current law society mentorship and coaching programs to include targeted training and advice on technology use, and providing tools to lawyers that would allow them to self-assess their technological competence and point them towards potential best practices.
Hopefully, the Federation adopts amendments to specifically mention technological competence in its Model Code and law societies follow suit. But a rule change should be seen as just the beginning of a mandate for law societies to more robustly and proactively foster this skill among lawyers. It is one thing to tell lawyers what competence means but another to help them live up to the standard being set.
 Susskind R., “Legal informatics – a personal appraisal of context and progress”, in European Journal of Law and Technology, Vol. 1, Issue 1, 2010. In the interests of full disclosure, I should note that I was alerted to this quotation when reading a more recent blog by Casey Flaherty.
“When appropriate safeguards are not in place, clients’ confidential data risks being inadvertently disclosed with potentially enormous consequences for them and for the reputation of the firm.” This responsibility appears to be solely placed on the users of the technology. For instance, where the technology is created for use primarily in the legal market, is there any effort being made or should there be an effort on the part of the creators/providers of the technology to ensure that the service/technology/software they are providing to the legal profession does not have the potential to easily compromise confidential data? Given the nature of the industry to which such technology is being tailored, should the vendors not be held as responsible as the users?
A neat opinion. We might also give some concern to the risks of employing Skype in communications with Clients i.e. Sol/Client privilege. ev.
Very interesting — the issue of technical competency in an era of revolutionary change.
I’ve supported this type of definition for competence. Thank you for the heads up on the consultation.
“Technologically competent” also requires knowledge of the electronic technology that now produces most of the evidence, and very frequently used types of evidence; for example, these kinds of evidence: (1) records are now the most frequently used kind of evidence but most often come from very complex electronic records management systems; (2) mobile phone tracking evidence because we all carry mobile phones; (3) breathalyzer device readings because they are the basis of more than 95% of impaired driving cases; and, (4) expert opinion evidence that depends upon data produced by electronic systems and devices. But there are no cases that show that lawyers have sufficient technical knowledge to challenge the performance of such technology and the reliability of the evidence it produces in each particular case.
CPD/CLE programs and seminars are not enough. Needed are specialist legal research lawyers for each major area of law. Their specialty will require that they have the necessary knowledge to advise other lawyers how to conduct a competent cross-examination of those accountable for the performance of such systems and devices. But very few law offices could afford such lawyers. And so, they would have to be made available to all lawyers by way of a centralized support service that could provide a legal opinion, at cost, for each fact-pattern submitted to them.
Otherwise, we must continue with: (1) justice that is no better than, guilt and liability by electronic systems and devices–systems and devices that are maintained only to a commercial standard and not to a standard that guarantees “proof beyond a reasonable doubt”; and, (2) case law that fails to provide an adequate opportunity for “full answer and defence.”
See for example, (1) “Guilt by Mobile Phone Tracking Shouldn’t Make ‘Evidence to the Contrary’ Impossible,” at: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2846548 ;
(2) “Records Management Law – A Necessary Major Field of the Practice of Law,” at: