“Some observers have recently questioned whether the Judicial Conference’s Code of Conduct for United States Judges should apply to the Supreme Court. I would like to use my annual report this year to address that issue, as well as some…
Posts Tagged ‘Ethics’
December Law Practice Today Issue Focuses on eLawyering
14
Dec
The latest edition of the ABA’s Law Practice Today webzine has good articles on elawyering and virtual practice and a really innovative piece by Marc Laurtisen titled, Dancing in the Cloud, and an introduction to the elawyering concept by Stephanie Kimbro — Getting Started With eLawyering).
I also wrote a short article on Document Assembly Over the Internet , which as readers of this Blog will know is an old theme for me.
For our latest analysis on what is working in the virtual law firm space, download our White Paper on Virtual Law Practice: Success Factors.
Legal Cloud Computing Association Publishes Responses to ABA, North Carolina State Bar
18
Jul
The Legal Cloud Computing Association (LCCA) has published responses to proposals issued by the ABA Commission on Ethics 20/20 and the North Carolina State Bar regarding the use of cloud computing within a law practice.
The Legal Cloud Computing Association ("LCCA"), formed in December 2010, is the collective voice of the leading cloud computing software providers for the legal profession, consisting of Clio (Themis Solutions, Inc.), DiaLawg, LLC, DirectLaw, Inc., NetDocuments, Nextpoint, Inc., RealPractice, Inc., Rocket Matter, LLC, and Total Attorneys, LLC.
Response to ABA Commission on Ethics 20/20
The LCCA’s letter to the ABA Commission on Ethics was issued in response to the Commission’s Initial Draft Proposals on "Technology and Confidentiality" published on May 2, 2011. The Proposals include certain modifications to the ABA Model Rules of Professional Conduct that are designed to facilitate the responsible adoption of technology that will increase the quality, and reduce the cost, of legal services. The Proposals were issued as part of a process initiated in early in 2010 where the Commission published an Issues Paper requesting comments and feedback from the legal community.
The LCCA fully supported the Commission’s Proposals, and concluded that the Commission ‘s recommendations provided a reasonable framework the would enable law firms to make infomed decisions about using cloud computing resources.
Response to North Carolina State Bar Proposed 2011FEO6
The LCCA’s letter to the North Carolina State Bar pertains to Proposed Formal Ethics Opinion 2011FEO6. The Proposed FEO attempts to address the ethical issues relating to the use of Software-as-a-Service or cloud computing within a law firm environment.
While the LCCA supported the NC State Bar’s efforts to provide clarity on the use of cloud computing, the Proposed FEO as written would negatively impact a broad scope of attorneys from those who do nothing more than use a web-based email client or conduct online legal research to those that do full scale online delivery of legal services.
The onerous requirements of the Proposed FEO, detailed in full in the LCCA’s response to the NC State Bar, would force many cloud computing providers to withdraw from the NC market entirely, thus negatively impacting the technological capabilities and competitiveness of NC-based law firms.
Unlike the recommendations of the ABA Ethics 20/20 Commission, the draft North Carolina bar opinion, as it stands, is likely to have a negative impact on the use of cloud computing resources and applications by law firms in North Carolina. One result is that North Carolina’s law firms, particularly solos and small law firms would be handicapped when competing with law firms from other states.
We are hopeful that the revised opinion will be more compatible with the recommendations of the ABA Ethics 20/20 Commission. Why is it necessary for each state bar to have their own set of guidelines in this area, when the companies that offer cloud computing services operate nationally?
NJ Attorney Advertising Committee Rules that a TotalAttorneys WebSite is Misleading
30
Jun
The Committee on Attorney Advertising of the New Jersey Court System issued an Advisory Opinion this week that stated that a Total Bankruptcy web site, published by TotalAttorneys®, a law firm marketing and services organization based in Chicago, is misleading and in violation of the Rule of Professional Conduct 7.1 (a) .Download Full Opinion .
The Committee also ruled that the web site was not an impermissible referral service and that Attorneys are not flatly prohibited from paying for advertising on a "pay-per-lead" or "pay per click" basis. That’s good news for TotalAttorneys and other performance-based marketing schemes on the Internet.
The Committee sets out clearly that "Attorney advertising cannot be misleading or omit operative facts." and found that the website did not provide sufficient information to the user and is misleading.
In this case, the user was directed to only one attorney based on the purchase of exclusive rights to a geographical area. To avoid misleading consumers, the Committee stated, the methodology for the selection of the attorney’s name must be made clear, including the fact that the website limited participation to one (paying) attorney per geographical area. Further, the Committee specified that all requirements to participate in the website must be clearly specified; a full list of participating attorneys must be readily accessible, and the website must inform the user that the attorneys have paid a fee to participate.
It is easy for attorneys to violate their professional obligations and expose themselves to bar sanctions, by ignoring the fine print in their agreements with Internet-based marketing websites.
For example, no less a credible organization as Lexis-Nexis®, recently launched a direct to consumer web site, called EZLAW.COM. The website purports to offer wills, powers of attorney and advance directives forms bundled with legal advice for a fixed and reasonable fee. A goal I would heartily endorse.
However, the site seems to suffer from the same issues as the TotalAttorney’s web site when viewed through the lense of the New Jersey Advisory Opinion.
At EZLAW, the site operator provides a mechanism for consumers to assemble legal documents on-line and then make available a network of attorneys to provide legal advice as part of the offered package. In describing its Attorney Network, EZLAW states that:
They are all prescreened by EZLaw to ensure that you get professional, experienced and confidential legal counsel. To be included in our network, attorneys must meet our rigorous 12-point checklist of criteria.
This suggests that EZLAW is vouching for the quality of the qualifications of the participating attorneys, not only whether an attorney has practiced a number of years or maintains a certain level of malpractice, and this could be construed as misleading.
Moreover, the NJ Opinion states clearly that as a form of attorney advertising, " a full list of participating attorneys must be readily accessible," but on the EZLAW web site no list of participating attorneys is to be found.
Moreover the limited representation agreement executed by the client with the law firm is provided by EZLAW on behalf of the law firm, so the client never knows the identity of the law firm prior to entering into an engagement with the attorney. Normally you would expect that the client would enter into a limited retainer agreement directly with the law firm. I never heard of a retainer agreement that wasn’t entered into directly between the client and the law firm. Not in this case.
Click here for a copy of the Representation Agreement between EZLAW and the client. You decide whether this agreement is ethically compliant? I am interested in hearing other opinions about this agreement. If you have one. please comment.
So what’s the bottom line? Lawyer’s need to read the fine print. Lawyers need to have a full understanding of how their ethical obligations apply to these new Internet-based marketing schemes lest they be caught in a web of disciplinary proceedings that wasn’t part of the bargain.
North Carolina Bar Regulates Legal Cloud Computing
02
Jun
A proposed Ethics Opinion of the North Carolina Bar that provides guidelines for attorneys using cloud computing services, commonly known as SaaS (Software as a Service), contains language that is troubling because of its potential impact on solos and small law firm practitioners who are creating virtual law practices. The Bar is soliciting comments prior to making the Opinion final. Here are some comments for consideration.
The Opinion states that to comply with the attorney’s duty to keep client data confidential there should be:
"a separate agreement that states that the employees at the vendor’s data center are agents of the law firm and have a fiduciary responsibility to protect confidential client information and client property."
DirectLaw is a SaaS vendor that hosts law firm data at a Tier IV Data Center that implements the security controls that a bank or major financial institution uses. The idea that our data center would enter into an agreement that would make its employees agents of a law firm is not realistic. There is not sufficient consideration to expose the Data Center to this kind of liability, and there is no way that they would modify their terms and conditions to meet the needs of a single SaaS vendor. I doubt that counsel for the Data Center would ever approve such language. The Data Center would just tell us to take our business elsewhere. Amending the contract terms just for SaaS vendors that service the legal industry is not likely to happen.
There are other approaches to providing assurance to law firms that client confidential data is secure and less burdensome.
I think a better guideline would be to suggest or require that SaaS vendors host their data at a data center that is a Tier IV Data Center. A Tier 4 Data Center is one which has the most stringent level requirements and one which is designed to host mission critical computer systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access controls methods. The Data Center should also be SAS 70 certified. The Data Center should also have PCI DSS certification if credit card data is stored within the Data Center. With these safeguards in place, a law firm should be considered to have undertaken reasonable due diligence to satisfy the obligation to insure that client data will remain confidential.
There are other problems with the North Carolina opinion. Another guideline:
"requires the attorney to undertake a financial investigation of the SaaS vendor: to determine its financial stability."
What does that mean? I am not about to divulge our private financial statements to just any lawyer who inquires. How is it relevant? If there are provisions for data capture and downloading data that is stored in the cloud, and the law firm has access to that data, what difference does it make if the SaaS actually goes out of business?
It would make more sense to simply require that a SaaS vendor carry Internet liability insurance for the benefit of its law firm clients. Law firms will have problems securing Internet Liability Insurance to cover data loss. Data loss as a result of a Data Center outage is not normally covered under a law firm’s malpractice policy. For solos and small law firm’s securing this kind of coverage would be a burden and cost prohibitive. It makes more sense to require the SaaS vendor to secure such coverage and make its law firm subscribers a beneficiary of the coverage.
Another guideline states that:
"The law firm, or a security professional, has reviewed copies of the SaaS vendor’s security audits and found them satisfactory."
How much does such an audit cost? Can solo practitioners afford such an audit? Who qualifies as a security professional? I think this requirement will act as deterrent to solos and small law firms who are seeking cloud-based solutions that they can use in their practice. I think that a less costly and more effective solution would be for an independent organization to issue a Certificate of Compliance to the SaaS vendor indicating that the SaaS vendors has satisfied or complied with well recognized standards. Like the Truste Certificate in the privacy area, this would give solos and small law firms this would provide stamp of approval that minimum standards have been satisfied. This would move the cost burden of undertaking due diligence to the SaaS vendor, rather than to the solo or small law firm practitioner.
Another guideline states:
"Clients with access to shared documents are aware of the confidentiality risks of showing the information to others. See 2008 FEO 5."
This guideline should be clarified because it is not clear what "shared documents" means. This kind of statement is likely to scare clients into thinking that a law firm that stores client data on the the Internet is putting the client’s data at more risk than storing the data in a file cabinet in the lawyer’s office.
As the American Bar American, through its Ethics 20/20 Commission, and state bar associations adapt ethical rules to deal with the delivery of legal services over the Internet, it is important to consider that the burden of compliance may have a different impact on solos and small law firms, than on large law firms. The rules should not act as a barrier to solos and small law firms exploring new ways of delivering legal services online which are cost effective for both the law firms and their clients.
For a similar point of view see Stephanie Kimbro’s blog post on the same topic.
Disclosure: DirectLaw is a SaaS vendor that provides a virtual law firm platform to solos and small law firms.
Should law firms be owned by non-lawyer investors?
19
May
There has been much discussion recently in various venues about whether 5.4 of the US Rules of Professional Responsibility should be amended or revised to permit investment in law firms by non-lawyer, or non-lawyer entities, or even ownership of US law firms by non-lawyer entities. The ABA’s Ethics 20/20 Commission is circulating a paper on the subject and is soliciting comments.
Known in the United Kingdom as Alternative Business Structures (ABS), this new form of law firm organization, authorized by the UK Legal Services Act of 2007, will be permitted after October 6, 2011. Alternative Business Structures are already permitted in Australia, where several law firms have already gone public.
Other than the State of North Carolina where there is bill pending to permit non-lawyer ownership of up to 40% of a law firm, there has been little movement in the US to make change Rule 5.4 Some hybrid models are beginning to emerge in the US, but they are a workaround the existing rules.
There is no clear path for non-lawyer ownership or investment in a law firm in the United States, and as a result it is arguable that the legal services delivery system lacks the capital necessary to innovate and create the efficient systems that are necessary to serve not only the "latent market for legal services", but existing legal markets more effectively. Resources from Labor Law Compliance Center offer mandatory federal & state labor law posters or combination labor law posters for government business compliance.
Now comes Jacoby & Meyers, a law firm that has pioneered in changing the way legal services are delivered, filing multiple law suits in the Federal District courts of New York, New Jersey, and Connecticut against the presiding state justices in those states responsible for implementing and enforcing Rule 5.4, requesting that the Rule by overturned. The Complaint makes clear that Jacoby & Meyers "seeks to free itself of the shackles that currently encumber its ability to raise outside financing and to ensure that American law firms are able to compete on the global stage"
Click here for a complete version of the Complaint.
Andrew Finkelstein, the Managing Partner of Jacoby & Meyers, and also the Managing Partner of Finkelstein & Partners, said that "No legitimate rationale exists to prevent non-lawyers from owning equity in a law firm. The time has come to permit non-lawyers to invest in law firms in the United States,"
Now the fun begins!
Disclosure: Finkelstein and Partners is a subscriber to our DirectLaw Virtual Law Firm Service.
How safe and secure is your law practice environment?
18
Apr
A new nonprofit organization has emerged to help lawyers assess the safety and security of their law practice environment. The organization is the International Legal Technology Standards Organization and it recently released a set of standards that law firms can used to evaluate:
- the law firm’s internal security standards; and
- help law firm’s make informed decisions about "cloud computing" vendors and other hosting arrangements where confidential data is stored outside of the physical office of the law firm
The Standards are much more detailed and comprehensive than the ABA/LPM’s eLawyering Task Force publication of Cloud Computing Guidelines for Law Firms.
Disclosure: I am on the Advisory Board of ILTSO and provided some guidance to the development of the standards.
The standards are being circulated for comment before final publication.
The standards offer a sensible definition of "reasonable under the circumstances" by recognizing that different types of law firms have different security needs, although all lawyers are bound to prevent the disclosure of client data. Law firms are categorized into three types of situations:
- "Bronze – this standard is appropriate in every law practice, including solo practices."
- "Silver – this standard is typically appropriate for firms of more than one attorney, or where circumstances or resources dictate."
- "Gold – this standard is typically appropriate for larger firms or those with additional IT resources, or where circumstances or resources dictate."
The idea of categorizing law practice environments into these three categories is a new idea, as some of the standards only apply to the Gold and Silver category. The intent is to recognize that law firms have different IT capabilities and the size of the law firm usually determines how the law firm will approach the problem of securing client and other firm data.
At this point of development, the law firm is responsible for undertaking their own self-assessment. Law firms can apply to the standards to their own law practice environment and if in compliance display the ILTSO seal.
At some point, I can see where ILTSO might undertake an independent assessment of a law firm’s security arrangements and if it compliance with the standards, award a certificate like the Truste certification which assesses an organization’s privacy policies. A small fee could be charged for this assessment and it would vary depending on whether the type of law firm practice environment is Bronze, Silver, or Gold. This would give assurance to clients that all reasonable efforts have been taken to secure the confidentiality of their data.
It will be interesting to see how the organized bar responds to these standards, as their are entities both at the state level, and the American Bar Association that are analyzing these same subjects.
The ABA Ethics 20/20 Commission, for example, has been holding hearings on cloud computing and security of data and has released a working paper on this subject.
Just last week, the Commission released its recommendations on outsourcing, which is a process that has an impact on the confidentiality of client data. The recommendations have not yet been posted on the Commission’s web site, but the ABA Journal reports that:
"The commission proposes revisions to the Model Rules recognizing that electronically stored information, including metadata, is material subject to confidentiality rules. It also proposed revisions directing lawyers to make reasonable efforts to prevent inadvertent disclosure of information relating to representation of a client."
ILTSO’s new standards would give concrete meaning to the definition of "reasonable efforts" and provide a detailed framework that could guide attorney assessment of particular outsourcing and cloud computing arrangements.
A positive impact of having this evaluation framework in place might be the accelerated adoption of technologies, such as cloud computing. Compliance with the guidelines would support a law firm’s assertion that the firm has taken all reasonable steps to secure client data to reduce its liability in case of a security breach over which the firm had no control.
An unanticipated consequence might be a slow down in adoption, as the lack of clarity in this area might give many lawyers a reason not to become "early adopters." Many lawyers might choose to wait until standards like ILTSO’s are accepted by a broad base of legal organizations and law firms.
Of course, by then, the "real" early adopters will have acquired a first mover advantage over law firms that are still thinking about the subject, to the those firms competitive disadvantage.
Will LegalZoom Become the Largest Law Firm in the US?
05
Jan
LegalZoom has been beta testing a concept which links its marketing capabilities to a network of law firms that offer legal services under the LegalZoom brand. With some state bar associations accusing LegalZoom of the unauthorized practice of law, it might makes sense for the company to seek deeper alliances with networks of attorneys who are able to offer a full and ethically compliant legal service. Solos and small law firms, leveraging off the visibility and prominence of the LegalZoom brand, could reduce their marketing costs and enable these firms to better capture consumers who are part of the “latent legal market” on the Internet. It could be a win/win for both parties.
Unfortunately, linking the capital and management resources of profit-making organization with private law firms is almost impossible in the United States, given the regulatory framework that governs law practice. Unlike, the United Kingdom, which is in the process of deregulating the legal profession, enabling profit-making companies, from banks and insurance companies to retail chains like Tesco, to actually own a law firm, and/or split legal fees with a non-law firm, these practices in the US are strictly taboo.
In the US, law directories can charge a flat marketing fee for a listing, but sharing legal fees with a marketing organization can get you disbarred.
During the dot-com boom around 1999-2000, a company emerged by the name of AmeriCounsel that tried to create a hybrid organizational structure similar to the LegalZoom experiment. The company sought to enable a network of attorneys to offer legal services at a fixed and reasonable price and to mediate between the consumer and the law firm in terms of guaranteeing the quality of the legal services offered. The company failed during the dot-com bust for various reasons, including lack of financing, but on the way to failure, secured some opinions from state bar associations that blessed their model and provides a blue print for hybrid delivery systems which combine the expertise of a law firm with the marketing, management, and technological resources of a non-law firm.
One such opinion was issued by the Nassau County Bar Association New York State.
The Bar Association reasoned that the AmeriCounsel scheme was permissible because:
[S]ince AmeriCounsel does not charge attorneys any fee and since AmeriCounsel does not “recommend” or “promote” the use of any particular lawyer ’s services, it does not fall within the purview of DR 2-103(B) or (D). Rather, AmeriCounsel is a form of group advertising permitted by the Code of Professional Responsibility and by ethics opinions interpreting the Code.
In this model, AmeriCounsel provided technology and administrative services to link the client with the lawyer, but the law firm made no payment to AmeriCounsel. Instead, a separate administrative/technology fee was paid by the consumer to AmericCounsel for using the web site and gaining access to the lawyer. (This is not a practical scheme in today’s web environment, in my opinion), Moreover, AmeriCounsel did not choose the lawyer. The client was able to compare the credentials of different attorneys and choose their own lawyer. Thus no legal referral was involved, which would not be permitted in New York, as only an approved non-profit organization can make legal referrals.
In my opinion, this model, forced on AmeriCounsel, by the Rules of Professional Responsibility, is cumbersome, hard to implement, and was not economically viable for AmeriCounsel. Perhaps this was one of the causes of its failure.
Almost a decade later, companies that want to enter into this kind of hybrid relationship with lawyers, have to follow the same rule structure, as the ABA Model Rules of Professional Responsibility as the rules have not changed in any significant way. changed. It will be interesting to see whether the ABA Ethics 20/20 Commission, which was set up just last year, will address these issues at all.
Perhaps there should be a “safe harbor” that enables organization’s like LegalZoom to experiment with new patterns of legal service delivery that could operate for a limited period of time in a specific state, like California, The experience would be evaluated carefully as a basis for rule and policy change. The evaluation would be aimed to see if client’s interests are compromised in any way, and whether the delivered legal service is less expensive, without compromising the quality of legal service.
Instead of creating legal profession regulatory policies that are based on the legal profession’s idea about what is good for the consumer, policy could be based on real experience and facts. Experimentation is good. It leads to change, and in other industries improvement of methods and approaches over a period of time.
Of course, I don’t believe that this will ever happen in the US, at least not in my professional lifetime.
