A Look at ABA Ethics Opinion 498 and What it Means for Your Firm

Since the COVID-19 pandemic began approximately a year ago, millions of lawyers across the United States very quickly went from working in an office to working elsewhere. Home, a home office, a spare bedroom, their dining room table – most people were pressed to continue “business as usual” without the convenience of a dedicated office.

Missing from the dedicated office was also the security that comes with it, an issue addressed on March 10, 2021 with the release of the ABA’s Formal Opinion 498, entitled Virtual Practice. As the name implies, in the opinion, the ABA clarifies how an attorney’s ethical obligations are affected by working remotely. The short answer is, “Not much, with a few exceptions.”

As the Opinion sets out, a lawyer’s basic ethical requirements are fundamentally unchanged by the change in physical location. The ABA specifically focused on the ongoing duty of an attorney with respect to competence, diligence, communication, confidentiality and supervision, as specified in Model Rules 1.1 and 1.3.

With respect to competence, lawyers are expected to stay abreast of the risks and benefits of relevant technology, including the topics of confidentiality of client information. Although it didn’t specifically prescribe it, the opinion did urge lawyers to consider steps such as installing security-related updates, using complex passwords, antivirus software and encryption, as well as virtual private networks to transmit data and secure virtual teleconferencing technology.

Similarly, the Opinion also recommended that attorneys working at home disable technologies like Siri and Alexa to avoid inadvertent electronic eavesdropping. Cloud platforms for handling documents should be secure and data should be regularly backed up. Confidentiality, and agreements to enforce it, are also important aspects to consider when working with any third-party service providers.

When evaluating potential service providers, whether remote or onsite at a physical office, there are important considerations to ensure they have robust plans in place to prevent breaches, respond to threats that arise and help ensure you maintain your ethical responsibilities. For instance, beyond HIPAA compliance, it’s important to ensure a provider is SOC 2 Type II certified, meaning they have attestation from a reputable independent auditor who has verified their systems, policies and controls. Other considerations include frequent backups and replication to multiple geographically dispersed data centers, intrusion and penetration prevention systems, disaster recovery plans, third-party penetration testing and 24/7 Network and Security Operations Centers.

The Opinion also underscores the unchanging nature of much of the lawyer’s practice-related obligations, including administrative issues like the ability to write and deposit checks, handle postal mail, make electronic transfers and maintain full trust-accounting records. In addition, despite operating virtually, an attorney is still required to maintain contact with clients and keep them informed of the status of their case, as well as continuing to manage junior lawyers and support staff in a way that ensures compliance with ethics rules as well.

To learn more about how U.S. Legal Support keeps your confidential case and client data safe, download a copy of our cybersecurity checklist here.