Coach’s Corner: Technology, Competence and Risk in Data Security and Privacy

By Ed Poll, Esq.

A strong case can be made that the lawyer who does not take proper care of data security and confidentiality when using computer technology is committing malpractice. One of the Rules of Professional Conduct requires that a lawyer be competent to handle a given matter, measured as the standard of care in the local community. The majority of lawyers is at least aware of the standard of technology care, so that is the standard of care against which all lawyers are measured. Being actually or even being perceived as willfully less competent than your competitors in data privacy or security violates the standard of care, and is malpractice.

The American Bar Association’s House of Delegates made noteworthy 2012 changes in the Rules of Professional Conduct that reflect issues raised by new online and electronic technology. The Model Rules are of course advisory, and these changes do not alter the enforceable standard of conduct for lawyers unless and until they are adopted and incorporated into each state’s rules of professional conduct. Nevertheless, it is important to note that the House of Delegates added to Comment 8 on Rule 1.1 regarding Competency that “to maintain the requisite knowledge and skill” a lawyer “should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology …” Until now the Model Rules have not identified technology as a clear area of competence and risk. Lawyers with obsolete technology – or obsolete attitudes – should beware of the malpractice risk in the following critical areas.

Enterprise System Security