The Model Rules of Professional Conduct permit virtual practice.

But the Rules also provide some minimum requirements and some of the Comments suggest best practices for working remotely, particularly in the areas of competence, confidentiality, and supervision.

Comment [8] to Rule 1.1 requires lawyers to, among other things, “keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.” Comment [1] to Rule 1.3 makes it clear that a lawyer must pursue the matter on the client’s behalf  despite “obstruction or personal inconvenience to the lawyer.”  And, under Rule 1.4, a lawyer, whether interacting face-to-face or through technology, must “reasonably consult with the client about the means by which the client’s objectives are to be accomplished” and “keep the client reasonably informed about the status of the matter,” including the prompt reply to any reasonable request for information.

The Opinion stresses the need to maintain client confidences and to supervise any and all lawyers or non-lawyers who are participating in the representation, while providing specific guidance relative to the following:

Hardware and Software Systems: Review Terms of Service for any provisions which would undermine the lawyers’ duty of confidentiality (e.g. data-soaking software systems that collect, track, and use information, purporting to own the information, reserve the right to sell or transfer the information to third parties, etc).  Install security-related updates. Use strong passwords, anti-virus software, and encryption. When connecting over Wi-Fi, ensure that the routers are secure consider using virtual private networks (VPNs).

Accessing Client Files and Data: Lawyers practicing virtually must have reliable access to client contact information and client records. Data should be regularly backed up and secure access to the backup data should be readily available in the event of a failure or loss. If storage and access is provided through the Cloud, the lawyer should (i) choose a reputable service provider, and (ii) take reasonable steps to ensure that the confidentiality of client information is protected.

Virtual Meeting Platforms and Videoconferencing: Lawyers should review the terms of service, limit access to strong passwords, and whether the platform offers higher tiers of security. If the platform will be recording conversations with the client, the lawyer should likely obtain permission from the client, and ensure that such recordings are secured. Client-related meetings should not be overheard or seen by others in the household, office, or other remote location.

Virtual Document and Data Exchange Platforms: Review terms of use. Make sure data is secure. “If the lawyer is transmitting information over email, the lawyer should consider whether the information is and needs to be encrypted (both in transit and in storage).”

Smart Speakers, Virtual Assistants, and Other Listening-Enabled Devices: Unless the lawyer is using the technology in connection with the representation, the lawyer should disable the listening capability of devices or services such as smart speakers, virtual assistants, and other listening-enabled devices while communicating about client matters.

“One particularly important subject to supervise is the firm’s bring-your-own-device (BYOD) policy. If lawyers or nonlawyer assistants will be using their own devices to access, transmit, or store client-related information, the policy must ensure that security is tight (e.g., strong passwords to the device and to any routers, access through VPN, updates installed, training on phishing attempts), that any lost or stolen device may be remotely wiped, that client-related information cannot be accessed by, for example, staff members’ family or others, and that client-related information will be adequately and safely archived and available for later retrieval.

“Similarly, all client-related information, such as files or documents, must not be visible to others by, for example, implementing a ‘clean desk’ (and ‘clean screen’) policy to secure documents and data when not in use. As noted above in the discussion of videoconferencing, client-related information also should not be visible or audible to others when the lawyer or nonlawyer is on a videoconference or call. In sum, all law firm employees and lawyers who have access to client information must receive appropriate oversight and training on the ethical obligations to maintain the confidentiality of such information, including when working virtually.”

With respect to outside vendors, lawyers should consider use of confidentiality agreements, and should otherwise take steps to ensure that the vendor will keep all client-related information secure, indexed, and readily retrievable.

While the Opinion confirms that the Model Rules permit the virtual practice of law, it does not specifically address Model Rule 5.5 (Unauthorized and/or Multijurisdictional Practice of Law), noting the guidance from Formal Opinion No. 495: “Lawyers may remotely practice the law of the jurisdictions in which they are licensed while physically present in a jurisdiction in which  they are not admitted if the local jurisdiction has not determined that the conduct is the unlicensed or unauthorized practice of law and if they do not hold themselves out as being  licensed to practice in the local jurisdiction, do not advertise or otherwise hold out as having an office in the local jurisdiction, and do not provide or offer to provide legal services in the local jurisdiction.”

Finally, the Opinion cautions that “lawyers practicing virtually must make sure that trust accounting rules, which vary significantly across states, are followed. The lawyer must still be  able, to the extent the circumstances require, to write and deposit checks, make electronic transfers, and maintain full trust-accounting records while practicing virtually. Likewise, even in otherwise virtual practices, lawyers still need to make and maintain a plan to process the paper mail, to docket correspondence and communications, and to direct or redirect clients, prospective clients, or other important individuals who might attempt to contact the lawyer at the lawyer’s current or previous brick-and-mortar office. If a lawyer will not be available at a physical office address, there should be signage (and/or online instructions) that the lawyer is available by appointment only and/or that the posted address is for mail deliveries only. Finally, although e-filing systems have lessened this concern, litigators must still be able to file and receive pleadings and other court documents.”

 

ABA Formal Opinion No. 498 (March 10, 2021).