Pennsylvania Issues New Ethics Guidelines on Practicing Law Remotely

Like many lawyers, you’ve no doubt been working remotely for a month or more at this point. The shelter-in-place mandates across the country have forced law firms close their doors and shift to remote operations.

Cloud-based legal software makes remote work possible

This move was easier for some firms than for others, and in many cases the ease of transition was directly related to whether the firm was already using cloud-based tools, like law practice management software, as part of their firm’s day-to-day practice. For those firms that were already using cloud-based software, it was business as usual nearly right away. That wasn’t the case for firms not yet in the cloud, but fortunately these tools are typically easy-to-adopt and cost-effective.

One reason that it’s so easy to practice law virtually in 2020 is because legal cloud computing software has been around for more than a decade now. Many of the companies that provide cloud-based software for lawyers are well-established and well-funded. Also helpful is that the legal cloud-based tools have been built-out over the years to meet the very specific needs of lawyers, and as a result, provide user-friendly interfaces with robust feature-sets. And, most importantly, every ethics committee that has considered whether its ethical for lawyers to use cloud computing (more than 20 states and counting) has concluded that it permissible.

Secure communication while working remotely

The most recent to do so was the Pennsylvania Bar Association, which just 2 weeks ago issued an opinion addressing the ethics of practicing law virtually. In Formal Opinion 2020-300, the Pennsylvania Bar Association Committee on Legal Ethics and Professional Responsibility provided guidance on how lawyers and their staff can ethically provide legal services while working remotely. 

At the outset the Committee confirmed that it was ethical for lawyers to use cloud computing software in their practices as long as they exercised reasonable care to ensure that confidential data remains confidential. The Committee also provided an overview of the issues lawyers should consider when vetting a cloud computing provider.

Next, the Committee discussed the issue of secure communication, and adopted the analysis set forth in ABA Formal Opinion 477R, which I’ve written about on the MyCase blog many times in the past. The Committee determined that because of improved technology, unencrypted email is insufficient for particularly sensitive information. As a result, in 2020 lawyers must assess the sensitivity of confidential communications on a case-by-case basis and, for particularly sensitive matters, use encrypted communication methods, such as encrypted email or secure client portals:

(L)awyers must exercise reasonable efforts when using technology in communicating about client matters…(and use) a fact-specific approach to business security obligations that requires a ‘process’ to assess risks, identify and implement appropriate security measures responsive to those risks, verify that they are effectively implemented, and ensure that they are continually updated in response to new developments…A fact-based analysis means that particularly strong protective measures, like encryption, are warranted in some circumstances.

Hallelujah! Finally a state adopted the ABA’s rationale from Opinion 477. I’ve been waiting for a state to do this for years now, as I stated in this post in 2017:

(T)his is the first time an ethics committee has so clearly stated that changing times warrant a new standard regarding secure client communication. In due course, I expect that many other states will soon do the same.

That being said, I’m thrilled that it has finally happened and expect more states will follow suit – hopefully sooner rather than later.

Secure client portals solve the communication problem

For many lawyers, the idea of conducting a case-by-case analysis regarding the sensitivity of data and then choosing an appropriately secure communication method for each case may seem to be an  overly burdensome and time-consuming process. The good news is that there’s an easy way to avoid having to make an ad hoc determination regarding the type of law firm communication required for each case. Rather than using an array of communications methods in your firm that may vary from case to case, simply choose one form of encrypted communication for all matters and require that law firm employees use it routinely.

That’s where secure client portals come in. If your firm doesn’t already have a secure communication method set up, then secure client portals built into law practice management software are a great option to choose. For starters, they are easy to adopt. And the best part about client portals is that once you start using them for all law firm client communications, you’ll have effectively ensured that all communications are sufficiently protected.

Related: [Blog Post] Cybersecurity Tips for Lawyers Working Remotely

Even more remote work advice

In addition to discussing secure communication methods, the Committee also offered detailed ethical guidance on working remotely. One topic covered was the cybersecurity steps firms should take in order to protect firm data when employees work remotely. Another important issue covered was videoconferencing, and the Committee provided very helpful tips on how to securely use videoconferencing tools. So make sure to read the opinion in its entirety for lots of great remote working advice.

Finally, for even more remote working tips, check out the video recording of our recent webinar: How to Run Your Law Firm Remotely During COVID-19.