Advances in technology and the COVID-19 pandemic have ushered in a new era in which remote work has been normalized. Although many attorneys have returned to in-person offices, significant numbers continue to work remotely either part-time or full-time. Remote appearances in courts, administrative agencies, and alternative dispute resolution sessions continue to be available and utilized on a regular basis. And video conferences for meetings with clients have become an accepted, and sometimes preferred, option.
Given this “new normal” regarding remote work it is incumbent to understand the applicable ethical obligations. Earlier this year, the State Bar of California Standing Committee on Professional Responsibility and Conduct issued its Formal Opinion Interim No. 2023-208 to address the issue of “[w]hat are a California lawyer’s ethical duties when working remotely?” The opinion is a helpful overview of a range of considerations and provides extensive citing to prior opinions by the Committee and other ethics authorities.
One consideration is the duty of confidentiality arising from Rule of Professional Conduct 1.6 and Business and Professions Code section 6068(e). Remote practice requires the use of technology to store information and for various forms of communication. Lawyers must take reasonable measures when using technology to store and transmit confidential client information. For example, lawyers must take reasonable measures to investigate a cloud storage vendor to evaluate its security. Lawyers may conduct the investigation or consult with someone if they do not possess the requisite knowledge to ensure compliance with the duties of competence and confidentiality. As a second example, when working from home or in a public space, lawyers must implement reasonable measures to safeguard confidential client information, especially if others have access to the computer, laptop, or printer used by the lawyer. Secure internet connections and the disabling of smart speakers in the home, except when used to provide legal services, are two such advisable measures. The opinion indicates that there are no specific, mandatory measures; rather the obligation is based on a standard of reasonableness and will continually evolve based on client instructions or needs, sensitivity of the information, the remote working environment, and presence of third parties.
A second consideration is the duty of competence, specifically with respect to technology. This is reflected in the recently amended Rule of Professional Conduct 1.1. This duty applies to electronic discovery, social media, law practice management, virtual law offices, and remote practice. Again, the standard is one of reasonable efforts based on a fact-specific approach. For example, lawyers must ensure that their technology solutions permit reasonable access to client files while working remotely, such as a secure case management system. Also, files must be regularly backed up to ensure reasonable access in the event of data loss.
A third consideration is the duty of communication arising from Rule of Professional Conduct 1.4. When communicating with prospective clients, lawyers should take reasonable steps to avoid forming unintended attorney-client relationships, such as using disclaimers on the firm website and in email signatures. Also, lawyers should obtain sufficient information from the client to screen for conflicts of interest and ensure that the person they are communicating with is the actual client or someone with authority to act on the client’s behalf. Although not specifically addressed in the opinion, communications by remote means can be targets for scammers. Lawyers should take reasonable steps to ensure that the potential client is bona-fide, such as careful review of the email address and statements made by the individual that may indicate a scam. As for clients, when using electronic forms of communication lawyers must ensure the client is receiving and understanding the information exchanged. Teleconferences or videoconferences may be needed in certain circumstances.
A fourth consideration is the duty of supervision found in Rules of Professional Conduct 5.1 through 5.3. As applied to remote work, lawyers with managerial authority must ensure the provision of appropriate tools and equipment, technology support, training, and monitoring to lawyers and staff. Managerial lawyers must also implement reasonable remote policies and practices, such as those related to confidentiality and cybersecurity. If lawyers and staff are permitted to use their own devices while working remotely, managerial lawyers should implement policies to require that firm and client data is maintained in a confidential manner. Another obligation of managerial lawyers is to maintain regular communications to oversee the work of lawyers and staff. This can be accomplished with a hybrid work model including in-person meetings or the use of videoconferencing for virtual offices.
A fifth, and final, consideration, is ensuring that unauthorized practice of law does not occur. This can arise when a lawyer works remotely outside the state of California. The opinion does not address this consideration substantively. Instead, it directs lawyers to consult the unauthorized practice of law rules and authorities of the state where they are physically present.
The opinion concludes with the statement that lawyers may ethically practice remotely under the Rules of Professional Conduct and the State Bar Act, as long as they comply with the duties of confidentiality, competence, communication, and supervision.
